Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
caitlyn-ai icon

caitlyn-openapi-mcp

by caitlyn-ai

Sec8

Provides a server that exposes OpenAPI specifications as queryable documentation resources and tools for LLMs, including semantic search and Scalar deep links.

Setup Requirements

  • ⚠️Requires `OPENAPI_SPEC_URL` environment variable to be set (a URL to an OpenAPI JSON/YAML spec).
  • ⚠️Downloads a ~80MB `sentence-transformers` model on first run or during installation for semantic search.
  • ⚠️Python 3.11 or higher is required.
  • ⚠️For the recommended development workflow, Node.js (for `npx`) and Docker (for OTEL Collector/Jaeger) are helpful.
Verified SafeView Analysis
The project demonstrates strong security practices including clear documentation on responsible disclosure, use of environment variables for configuration, and avoidance of `eval`/`exec` patterns. It uses `pickle.load` for caching embeddings and resolved OpenAPI specs; this introduces a deserialization vulnerability if an attacker can write malicious files to the cache directory, though this risk is generally low for typical deployments. A critical user responsibility is to ensure the `OPENAPI_SPEC_URL` points to a trusted and secure source, as external references are resolved.
Updated: 2025-11-27GitHub
0
0
Medium Cost
alexandremahdhaoui icon

forge

by alexandremahdhaoui

Sec7

Forge is a modern, declarative, AI-native build orchestrator that streamlines Go project development by managing builds, tests, and integration environments using the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Go 1.24.1+ for development and building.
  • ⚠️Requires Docker or Podman for container builds and Kind cluster management.
  • ⚠️Requires Kind, kubectl, and Helm (3.8+ for OCI support) for Kubernetes-related test environments.
Verified SafeView Analysis
The system design inherently relies on executing external commands (e.g., `go build`, `docker build`, `kind`, `kubectl`, arbitrary commands via `generic-builder` and `generic-test-runner`). While these operations are fundamental to its purpose as a build and testing tool, executing untrusted `forge.yaml` configurations or external MCP inputs could lead to arbitrary command execution. Environment configuration in `testenv-lcr` includes TLS and authentication for local registries. `SKIP_CLEANUP` can leave resources for debugging. Overall, the tool itself is not malicious but its power requires trusted inputs.
Updated: 2025-12-26GitHub
0
0
Low Cost
ringotypowriter icon

mcp-server-toodo

by ringotypowriter

Sec8

Manages personal to-do lists with file-based storage, agent-tooling via MCP, and system tray integration for quick access on macOS.

Setup Requirements

  • ⚠️Requires macOS for system tray functionality (traykit-bindings and SF Symbols)
  • ⚠️Requires Bun runtime (bun v1.2.23+)
  • ⚠️Stores todo data locally in `~/.config/todos/`
Verified SafeView Analysis
The server primarily operates on local files within `~/.config/todos/` and utilizes a native system tray binding (`traykit-bindings`). The todo names are sanitized to prevent path traversal issues (e.g., `../`). No explicit 'eval' or direct network exposure beyond stdio for the MCP protocol is evident. Native bindings can inherently carry risks if the underlying library has vulnerabilities, but the usage appears standard. File system operations are confined to a user-specific configuration directory.
Updated: 2026-01-15GitHub
0
0
Medium Cost
Atelier-Tech-001 icon

mcp-server-atellier-tech

by Atelier-Tech-001

Sec6

This project implements a custom Minecraft Protocol (MCP) server, allowing players to connect and interact within a simulated game world.

Setup Requirements

  • ⚠️Requires Node.js to be installed.
  • ⚠️Requires running 'npm install' to download dependencies.
Review RequiredView Analysis
The server processes untrusted network input (Minecraft packets), which is a common attack surface for DoS or remote code execution vulnerabilities if packet parsing and handling are not rigorously validated. No explicit 'eval', obfuscation, or hardcoded secrets were found. However, building a secure custom network protocol is complex and requires extensive validation beyond what's visible in the truncated source code.
Updated: 2026-01-19GitHub
0
0
Medium Cost
harche icon

ProDisco

by harche

Sec6

This server acts as a Model-Context-Protocol (MCP) endpoint, enabling AI agents to discover, analyze, and execute TypeScript code against Kubernetes, Prometheus, and Loki APIs within a sandboxed environment.

Setup Requirements

  • ⚠️Requires Node.js (tested with Node 16+).
  • ⚠️Full functionality (Kubernetes, Prometheus, Loki) requires access to respective running services and properly configured credentials (e.g., KUBECONFIG, PROMETHEUS_URL, LOKI_URL environment variables).
  • ⚠️Exposes all process environment variables to sandboxed code, necessitating strict control over the MCP server's runtime environment to prevent credential leakage.
Review RequiredView Analysis
The sandbox utilizes Node.js `vm.createContext` for code execution, which provides process-level isolation but is not a robust security boundary against advanced VM escape techniques. A critical risk is the exposure of `process.env` to sandboxed code; any environment variables present in the MCP server's process (including sensitive API keys like `KUBECONFIG`, `ANTHROPIC_API_KEY`, `PROMETHEUS_URL`, `LOKI_URL`) are directly accessible to executed scripts. Access to external modules is restricted by an allowlist, mitigating arbitrary `require()` calls, but relies heavily on the security of allowlisted packages. The system supports secure transport (TLS/mTLS) for network-based sandbox connections, which is a positive for deployment.
Updated: 2026-01-13GitHub
0
0
Low Cost
burnashe icon

Terragrunt

by burnashe

Sec2

A Chrome extension that prevents merging 'Work In Progress' (WIP) pull requests on GitHub by disabling the merge button based on the pull request title, assigned tags, incomplete tasks, or specific commit message prefixes.

Setup Requirements

  • ⚠️Requires a Chromium-based browser (e.g., Google Chrome) to install and run as an extension.
  • ⚠️Building from source requires Node.js (>=0.8.0) and Grunt.
  • ⚠️This is a client-side browser extension, not a server application.
Review RequiredView Analysis
The extension contains a Cross-Site Scripting (XSS) vulnerability. User-defined custom messages for the disabled merge button, stored in `localStorage.buttonMessage`, are directly injected into the `innerHTML` of the merge button element in `contentscript.js`. This allows for arbitrary JavaScript code execution on GitHub pages if a malicious or careless user provides a script as their custom button message.
Updated: 2025-12-15GitHub
0
0
Low Cost
AthenZ icon
Sec3

MCP Oauth Proxy acts as a proxy authorization server to enable enterprise managed authorization for MCP and A2A use cases.

Setup Requirements

  • ⚠️Requires configuration for an enterprise identity provider (IdP).
  • ⚠️Requires OAuth client credentials (client ID, client secret) to be securely provided.
Review RequiredView Analysis
Source code provided is limited to the README.md file only. A comprehensive security audit cannot be performed as no functional code (e.g., JavaScript, Python, Go files) was provided to analyze for vulnerabilities like 'eval' usage, obfuscation, network risks, hardcoded secrets, or malicious patterns. Given its role as an OAuth proxy, its internal security mechanisms are critical but remain unverified, posing a significant risk due to the lack of auditable code.
Updated: 2026-01-18GitHub
0
0
Low Cost
icy-r icon

jira-mcp

by icy-r

Sec9

Enables AI assistants to manage Jira Cloud issues, sprints, projects, and other entities via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires a Jira Cloud instance with a valid Atlassian API Token (not password).
  • ⚠️Requires Node.js 20.0.0 or higher to run the server.
  • ⚠️Requires an MCP-compatible AI client (e.g., Claude Desktop, Cursor) to interact with the server.
Verified SafeView Analysis
Credentials (JIRA_API_TOKEN, JIRA_EMAIL) are exclusively loaded from environment variables, preventing hardcoding. Input validation for tool parameters is rigorously performed using Zod schemas. The Jira client implements rate limiting and robust error handling for external API interactions. An audit log tracks all destructive actions (create, update, delete, transition, assign, link, move), and a 'dryRun' mode is available to preview changes without execution. Project access can be optionally restricted via a configurable `JIRA_PROJECTS_FILTER`.
Updated: 2025-12-17GitHub
0
0
Low Cost
cafaray icon
Sec9

A Go-based client serving as an MCP server or HTTP API for a Historical Places service, integrating multiple data sources and optimized for AI model interaction and cloud deployment.

Setup Requirements

  • ⚠️Requires Go 1.22+ to build and run locally.
  • ⚠️Requires Docker for containerized deployment (local or cloud).
  • ⚠️An external 'Historical Places service' must be running and accessible at the configured `HISTORICAL_PLACES_BASE_URL` as this client is a proxy/client for it.
Verified SafeView Analysis
The source code demonstrates good security practices: no 'eval' or dynamic code execution, no hardcoded secrets (environment variables are used for sensitive configuration like `HISTORICAL_PLACES_BASE_URL`), and input validation is present for API parameters. Error handling and logging are robust. The deployment scripts correctly use environment variables and robust shell scripting. The Cloud Run deployment option explicitly allows unauthenticated access, which is a design choice making the HTTP API public, not a vulnerability in the code itself, but a consideration for deployment context. The MCP mode uses stdin/stdout for communication, implying the interacting AI model/process is trusted.
Updated: 2025-11-21GitHub
0
0
Low Cost
Steverino17 icon

elitemindset-mcp

by Steverino17

Sec8

The server provides a single Model Context Protocol (MCP) tool to help users overcome overwhelm and identify a time-boxed next action, intended for use by an AI agent.

Setup Requirements

  • ⚠️Requires the @modelcontextprotocol/sdk for interaction and development.
  • ⚠️The 'railway-server.js' variant requires specific image files (e.g., .png) in an 'images' directory relative to the server for resource handling.
  • ⚠️Primarily designed as a backend tool for an AI agent (e.g., ChatGPT app), not a standalone user-facing application.
Verified SafeView Analysis
The server handles user input by trimming and type conversion (string, number). The `api/mcp.js` and `server.js` endpoints directly interpolate user-provided `goal` and `blocker` into the action string. While the `railway-server.js` variant outputs a JSON stringified object, consuming clients should still sanitize outputs if they are rendered directly to a user interface to prevent potential cross-site scripting (XSS), though this is less critical for consumption by an LLM agent. No hardcoded secrets or malicious patterns (e.g., 'eval') were detected in the provided code.
Updated: 2026-01-19GitHub
0
0
High Cost
pxl-research icon

tai-mcp-memory

by pxl-research

Sec8

The MCP Memory Server provides persistent, semantic memory for LLM agents, combining structured storage (SQLite) and vector-based semantic search (ChromaDB) with automatic LLM-based summarization for efficient retrieval.

Setup Requirements

  • ⚠️Requires a valid OpenRouter API Key for summarization, which is a paid service; summarization functionality will not work without it.
  • ⚠️The 'openai' library, a core dependency for LLM interaction, is used in the code but is noted as missing from 'requirements.txt' and will require manual installation.
  • ⚠️Dual writes to SQLite and ChromaDB are not atomic, meaning partial failures can lead to data inconsistency between the two storage layers.
Verified SafeView Analysis
The server correctly uses environment variables for API keys and database paths, avoiding hardcoded secrets. SQLite foreign key constraints are explicitly enabled, improving data integrity. While direct `traceback.print_exc()` is used in some exception handlers (less ideal than structured logging for preventing accidental sensitive data exposure), the overall approach to security is reasonable for an internal tool. The primary non-security risks are data consistency issues due to non-atomic dual writes across SQLite and ChromaDB and potential high LLM token usage.
Updated: 2025-12-11GitHub
0
0
Low Cost
ferazzeid icon

mcp-server

by ferazzeid

Sec8

Provides a Model Context Protocol (MCP) server for ChatGPT apps, enabling voice-controlled interaction with FastNow, a health and fitness application for tracking fasting, nutrition, and weight.

Setup Requirements

  • ⚠️Requires a Supabase project with specific database tables for OAuth (clients, authorization codes, apps) and FastNow data (e.g., fasting_sessions, food_entries, profiles).
  • ⚠️Requires deploying and managing 10+ Supabase Edge Functions for all 108 tool implementations, which encapsulate the core business logic.
  • ⚠️Requires publicly accessible domains (e.g., mcp.fastnow.app for the MCP server, go.fastnow.app for the OAuth authorization server) with proper DNS and SSL configuration (e.g., via Coolify/Traefik).
  • ⚠️Custom MCP connectors currently require 'Developer Mode' enabled in ChatGPT, limiting broader user access.
Verified SafeView Analysis
The server demonstrates good security practices by implementing OAuth 2.0 with PKCE, validating user tokens against a Supabase `oauth_apps` table using a service role key, and enforcing user data isolation via `user_id` in database queries. It also properly handles authentication errors with `WWW-Authenticate` headers. A noteworthy workaround is employed using an `X-OAuth-Token` custom header when proxying to Supabase Edge Functions to bypass Supabase's platform-level JWT validation, which is a known issue for non-JWT OAuth tokens. While CORS `origin: '*'` is used, which is acceptable for platform integrations, a tighter restriction could be considered for a strictly defined production environment. No hardcoded sensitive API keys or dangerous functions like `eval` were found.
Updated: 2025-11-30GitHub
PreviousPage 504 of 713Next