Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
High Cost
NeverGET icon
Sec8

Delegates token-heavy development operations from Claude Code to Gemini CLI, enabling scalable AI-powered development workflows without exceeding Claude's context window.

Setup Requirements

  • ⚠️Requires Node.js 18+ to run the wrapper.
  • ⚠️Requires Gemini CLI to be installed and authenticated on the system where this wrapper runs (`npm install -g @google/gemini-cli && gemini auth`).
  • ⚠️Optional: Redis server required if `REDIS_URL` environment variable is set for session persistence.
  • ⚠️Requires the SuperClaude Spec Workflow framework root to be discoverable or set via `SCW_FRAMEWORK_PATH` for local development setup.
Verified SafeView Analysis
The Gemini MCP Wrapper primarily acts as a secure proxy, executing the `gemini` CLI with prompts and file paths derived from incoming MCP requests. It does not introduce new direct execution capabilities like `eval` or obfuscation. The main security considerations are inherited from the `gemini` CLI itself (e.g., its tool access, sandboxing configuration) and the broader SuperClaude Spec Workflow's validation process, where Claude is explicitly mandated to validate ALL Gemini outputs *after* execution. Session data is stored locally in `.claude/sessions` or optionally in Redis; this is generally safe within a controlled project environment. No hardcoded secrets are present; environment variables are used for configuration.
Updated: 2025-11-29GitHub
0
0
Low Cost
BeCrafter icon

mcp-router

by BeCrafter

Sec3

A powerful Model Context Protocol (MCP) routing and management tool that supports aggregating multiple MCP servers, providing a unified management interface and API.

Setup Requirements

  • ⚠️Requires Node.js >= 20.0.0
  • ⚠️Uses pnpm as package manager
  • ⚠️Electron desktop application requires a desktop environment
  • ⚠️Native module `better-sqlite3` requires `electron-rebuild` (handled by postinstall script)
Review RequiredView Analysis
The application explicitly uses Node.js `vm` module's `runInContext` for executing user-defined Hook code, which is noted in the source as 'lower security' and suggests upgrading to `vm2` or `isolated-vm`. Token validation for the HTTP API is marked as 'TODO' in `MCPHttpServer`, indicating an incomplete authentication mechanism. The `StdioClientTransport` executes arbitrary commands based on server configuration, posing a risk if input to these configurations is not properly sanitized or controlled.
Updated: 2025-11-27GitHub
0
0
Low Cost
aduboseh icon

iter

by aduboseh

Sec9

Iter is a governed Model Context Protocol (MCP) server that provides deterministic, auditable decisions, enforces policy and economic constraints, and emits replay-sufficient DecisionPackets for AI systems.

Setup Requirements

  • ⚠️The default build (`public_stub`) provides a deterministic stub implementation for protocol validation but does not include the full proprietary execution substrate. Expecting full functionality with the public repo will lead to disappointment.
  • ⚠️The server primarily communicates via standard input/output (STDIO) in its current public form, not over HTTP/HTTPS. It is designed to be run as a child process and interacted with programmatically, e.g., via the provided Rust/TypeScript SDKs.
  • ⚠️When run as a child process (e.g., by the SDKs or examples), the server binary (`iter-server`) is expected to be discoverable in the system's PATH, or its path explicitly provided by the client application.
Verified SafeView Analysis
The codebase demonstrates a strong focus on security, particularly around strict input validation (e.g., NaN/Infinity, bounds for floats, hash formats), a fail-closed design for invalid inputs (e.g., unknown enum values), and explicit information redaction in outputs to prevent leakage of internal state. The primary communication mechanism for the public stub is STDIO, which inherently limits direct network attack surface. There are no obvious hardcoded secrets or malicious patterns in the provided public source code. The `caller_context` module is a placeholder, deferring authentication/authorization implementation to future phases, meaning this specific component isn't yet secured.
Updated: 2026-01-14GitHub
0
0
Medium Cost
kittu532518 icon

stock_techfun_analyst

by kittu532518

Sec3

Aggregates analysis from multiple MCP servers to provide comprehensive stock insights.

Review RequiredView Analysis
The provided source code is limited to only the README.md file. Without the actual server logic or other code files, a comprehensive security audit is impossible. The score reflects the inability to verify safety due to lack of code, rather than identified vulnerabilities.
Updated: 2025-11-25GitHub
0
0
Low Cost
mosteligible icon

mcp-starter

by mosteligible

Sec2

A starter template for building Model Context Protocol (MCP) servers with FastMCP and FastAPI, providing configurable tools and resources.

Setup Requirements

  • ⚠️Requires Python >= 3.10
  • ⚠️Authentication is not enabled by default and requires custom implementation in AuthMiddleware for secure deployment.
Verified SafeView Analysis
The default AuthMiddleware is a pass-through implementation with a 'TODO' for adding actual authentication logic. While an AUTH_TOKEN environment variable exists, it is not utilized in the provided default middleware. This means that, by default, the server does NOT enforce authentication, making it critically insecure for any sensitive use case without custom implementation of the AuthMiddleware.
Updated: 2025-12-21GitHub
0
0
Medium Cost
AuraFriday icon

local_mcp

by AuraFriday

Sec4

Bridges STDIO-based Model Context Protocol (MCP) tools to an SSE server with progressive discovery, enabling AI to access a vast toolbox without context explosion.

Setup Requirements

  • ⚠️Requires manual configuration of external MCP server commands and arguments in `settings[0].local_mcpServers` within `nativemessaging.json`.
  • ⚠️External MCP servers are not included; users must find and install them (e.g., via npm) and ensure they are compatible with the MCP protocol.
  • ⚠️External MCP servers run with the user's local permissions, necessitating strict trust in any configured server to prevent system compromise.
  • ⚠️Requires Python 3.8+.
Verified SafeView Analysis
The server's core function is to execute arbitrary external commands (MCP servers) configured by the user via `command` and `args` in `nativemessaging.json`. This means a malicious external server, if configured, could run arbitrary code with the user's permissions, including accessing local files or making network requests. While the code itself does not contain 'eval' or direct malicious patterns, it acts as an execution environment for user-defined binaries/scripts without sandboxing. The README explicitly warns about this risk, stating 'Does not provide sandboxing: External servers run with your user's permissions. Malicious servers could access your files. Only enable trusted servers.' The use of an HMAC-based `tool_unlock_token` helps ensure the AI has read documentation before executing, but doesn't prevent malicious server behavior itself. The `env` field for subprocesses is used to pass sensitive information like API keys, which is a standard practice but relies on the security of the configuration file and the external server itself.
Updated: 2025-12-02GitHub
0
0
Medium Cost
chrisguillory icon

granola-mcp

by chrisguillory

Sec7

Provides programmatic access to Granola meeting notes, transcripts, and metadata for AI assistants and automation.

Setup Requirements

  • ⚠️Requires Granola desktop application installed and authenticated on the same machine.
  • ⚠️Requires `uv` Python package manager to be installed for execution.
  • ⚠️Requires Python 3.11 or higher.
  • ⚠️Authentication file location (`~/Library/Application Support/Granola/supabase.json`) is specific to macOS, limiting cross-platform compatibility without modification.
Verified SafeView Analysis
The server accesses a WorkOS OAuth token from a local Granola app support file (~/Library/Application Support/Granola/supabase.json). This design, while intended for a local MCP, means the server requires local access to sensitive credentials. If the local machine or the MCP server itself is compromised, the Granola account linked to the token could be at risk. The server uses Pydantic for strict API response validation, `httpx` with timeouts, and temporary directories for downloads, which are good practices. There's a minor theoretical risk of path traversal if a crafted 'filename' parameter in download tools isn't fully sanitized by `pathlib.Path`, but this is less severe for a locally run MCP.
Updated: 2026-01-08GitHub
0
0
Medium Cost
hnizdiljan icon

Cookidoo-MCP-Server

by hnizdiljan

Sec2

Provides a RESTful API server to manage custom recipes and collections on the Cookidoo platform for Thermomix devices, allowing control via AI assistants like Claude in Cursor.

Setup Requirements

  • ⚠️Requires .NET 8 SDK to run the backend server.
  • ⚠️Requires Node.js 18+ for the MCP client.
  • ⚠️Requires a valid Cookidoo account (with subscription recommended for full features).
  • ⚠️Requires a Cursor editor for AI assistant integration.
Review RequiredView Analysis
CRITICAL: The `test-real-cookidoo.js` file contains hardcoded real user credentials (email and password) which are exposed in the source code. Additionally, the OAuth2 client ID and secret for Cookidoo (`kupferwerk-client-nwot` and `Ls50ON1woySqs1dCdJge`) are hardcoded in the `OAUTH2_IMPLEMENTATION.md` and used by the .NET backend, which is a significant vulnerability. A development JWT secret key is also hardcoded. While the server aims not to store user credentials permanently, these hardcoded values represent severe security flaws.
Updated: 2025-11-22GitHub
0
0
Medium Cost
imjac0b icon
Sec9

Provides AI assistants with programmatic access to Iconify's vast collection of vector icons for various frameworks and design tools.

Setup Requirements

  • ⚠️Requires Bun runtime for local development and build processes.
  • ⚠️Requires Node.js >= 18.0.0.
Verified SafeView Analysis
The server primarily acts as a proxy to the official Iconify API. It does not perform any dynamic code execution (e.g., eval), nor does it store or handle sensitive user data. All data returned is a direct stringification of the Iconify API response. The main security considerations would be the reliability and security of the upstream Iconify API itself, but the server implementation introduces no apparent direct vulnerabilities.
Updated: 2025-11-22GitHub
0
0
Medium Cost
kalleeh icon
Sec9

Generate and edit images using Amazon Bedrock models like Nova Canvas, Stable Diffusion 3.5 Large, and various Stability AI services through a Model Context Protocol (MCP) server.

Setup Requirements

  • ⚠️Requires `uv` package manager for Python environment setup and installation, not standard `pip`.
  • ⚠️Requires an AWS account with Amazon Bedrock enabled and access specifically requested for the Nova Canvas, Stable Diffusion 3.5 Large, and various Stability AI models in the target AWS Region.
  • ⚠️Requires AWS IAM permissions (`bedrock:InvokeModel`) for all specific image generation models you intend to use.
  • ⚠️Model availability varies by AWS Region; users must select a region where their desired models are supported.
Verified SafeView Analysis
The server uses `boto3` for AWS API interactions, which handles authentication securely via AWS profiles or environment variables. Image processing and mask creation are done using the `Pillow` library, and base64 encoding/decoding is standard. File system operations for saving/reading images (e.g., `os.makedirs`, `os.path.exists`) are constrained within a `workspace_dir` provided by the MCP client, mitigating broad file system risks. No direct `eval` or other highly dangerous patterns were observed. The primary security consideration relies on the trustworthiness of the MCP client to provide safe `workspace_dir` and input file paths.
Updated: 2025-12-11GitHub
0
0
Medium Cost
HDieter6789 icon
Sec3

Provides a Micro-Context Protocol (MCP) server and HTTP API for automating Power BI operations, including REST API interactions and local PBIX/PBIT file transformations.

Setup Requirements

  • ⚠️Requires Azure AD application registration and Service Principal setup with appropriate Power BI permissions (for 'sp' authentication mode).
  • ⚠️Requires the 'pbi-tools' command-line utility to be installed and accessible on the server's PATH or specified via PBI_TOOLS_PATH.
  • ⚠️Requires a secret API_KEY environment variable for authenticating API requests.
Review RequiredView Analysis
CRITICAL: The server uses 'child_process.spawn' with 'shell: true' to execute 'pbi-tools'. User-controlled inputs for file paths (e.g., 'filePath', 'outDir', 'projectDir', 'outPath') are passed directly to these commands. This creates a severe command injection vulnerability if a malicious path containing shell commands is provided, potentially allowing arbitrary code execution on the host system. Additionally, the default CORS_ORIGINS is '*' which is risky for public deployments, and API key authentication uses a single shared key, which requires careful management.
Updated: 2025-12-11GitHub
0
0
High Cost
tinatuazon icon
Sec9

Provides AI-powered query capabilities for a professional digital twin profile via the Model Context Protocol (MCP) for integration with AI tools like GitHub Copilot, allowing interactive access to background, skills, and career goals.

Setup Requirements

  • ⚠️Requires Groq API Key (Paid service, though often has a free trial)
  • ⚠️Requires Upstash Vector Database (Paid service, offers a free tier)
  • ⚠️Requires Node.js runtime environment (version >=18 for mcp-server, >=20 for Next.js app)
  • ⚠️Depends on 'data/digitaltwin.json' for profile content; full functionality relies on this file being present and correctly structured.
Verified SafeView Analysis
The server explicitly relies on environment variables for API keys (Groq, Upstash), preventing hardcoding of secrets. Input validation and truncation are implemented before feeding user queries to the LLM. LLM system prompts include strict instructions to limit responses to provided context, mitigating prompt injection risks. The `profile-loader.ts` reads from a local JSON, which is safe as it's not user-controlled. No `eval` or direct dynamic code execution is apparent. Network requests to external AI/vector services include timeouts and retries, enhancing stability. Overall, good security practices are in place for this type of application.
Updated: 2025-12-11GitHub
PreviousPage 464 of 713Next