Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

51
103
Medium Cost
chrisdoc icon

hevy-mcp

by chrisdoc

Sec8

This server acts as a Model Context Protocol (MCP) interface, enabling AI assistants to interact with the Hevy fitness tracking app's API to manage workout data, routines, exercise templates, folders, and webhook subscriptions.

Setup Requirements

  • ⚠️Requires Node.js v20 or higher.
  • ⚠️Requires a Hevy API key (PRO subscription required for Hevy API access).
  • ⚠️HTTP/SSE transport is deprecated and no longer supported; only stdio transport is available.
Verified SafeView Analysis
The server securely handles the Hevy API key via environment variables or CLI arguments. Webhook URL validation is implemented to prevent common SSRF vulnerabilities (e.g., disallowing localhost/loopback addresses). A Sentry DSN is hardcoded for observability of the tool itself, but PII collection is explicitly disabled, mitigating direct user data exposure risks. Users who wish to fully disable telemetry would need to fork the repository.
Updated: 2026-01-19GitHub
51
43
Medium Cost
sjkim1127 icon

Reversecore_MCP

by sjkim1127

Sec9

Provides a Micro-Agent Control Protocol (MCP) server that wraps various reverse engineering CLI tools and libraries, enabling AI agents to perform binary analysis, malware analysis, and vulnerability research through natural language commands.

Setup Requirements

  • ⚠️Requires Docker for easy setup across architectures.
  • ⚠️Requires several external native tools to be installed within the Docker environment (Ghidra, Radare2, Capa, Binwalk, DIE, Yara, Graphviz), which can be complex.
  • ⚠️Initial Ghidra project loading can be slow and memory-intensive for large binaries.
Verified SafeView Analysis
The project demonstrates a strong focus on security. It uses robust path validation (`validate_file_path`) to prevent path traversal, strictly filters/blocks dangerous Radare2 commands (`_BLOCKED_R2_COMMANDS`, `_validate_r2_command`), and sanitizes user input for commands and YARA rules. External tool execution is wrapped in `execute_subprocess_async` with timeouts and output limits. Binary patching (`_create_binary_patch`) includes backup creation and audit logging. Ghidra operations are isolated via `asyncio.to_thread`. The system runs within Docker for containment. Potential risks remain from the inherent complexity of integrating numerous external, often powerful, native tools (e.g., Ghidra, Radare2, Capa, Binwalk, DIE), which could have undiscovered vulnerabilities or bypasses if their outputs are malformed or exploited.
Updated: 2026-01-05GitHub
51
64
High Cost
manykarim icon

rf-mcp

by manykarim

Sec8

Facilitates AI agents to perform end-to-end test automation using Robot Framework, supporting tool discovery, step-by-step execution, and test suite generation through a natural language interface.

Setup Requirements

  • ⚠️Requires OpenAI API Key (OPENAI_API_KEY) for full AI agent functionality (paid service).
  • ⚠️Requires 'uvicorn' and 'django' for the optional frontend (install with `pip install rf-mcp[frontend]`).
  • ⚠️Web automation with Browser Library or SeleniumLibrary requires installation of respective Python packages (`robotframework-browser` / `robotframework-seleniumlibrary`) and their underlying browser drivers/Node.js dependencies (`rfbrowser init` for Browser Library).
Verified SafeView Analysis
The 'attach' mode HTTP server uses a default token ('change-me') which is a critical security risk if not changed and the server is exposed. The frontend development server (Django) uses ALLOWED_HOSTS=['*'] in debug mode, which is insecure for production. While internal variable evaluation is carefully implemented to avoid direct 'eval()' of user input, the ability to execute arbitrary Robot Framework keywords via the attach bridge (if compromised) is powerful.
Updated: 2026-01-12GitHub
51
61
Low Cost
wasmcp icon

wasmcp

by wasmcp

Sec7

Build and run composable Model Context Protocol (MCP) servers using WebAssembly components for AI-assisted development.

Setup Requirements

  • ⚠️Requires a WebAssembly runtime like Wasmtime or Spin to execute composed servers.
  • ⚠️Building Rust components requires adding the `wasm32-wasip2` target to Rustup (`rustup target add wasm32-wasip2`).
  • ⚠️Enabling OAuth authentication requires proper JWT configuration via environment variables (e.g., `JWT_PUBLIC_KEY` or `JWT_JWKS_URI`, `JWT_ISSUER`).
  • ⚠️Utilizing the Rego policy engine via the `POLICY` environment variable demands extreme caution, as untrusted policy code could lead to security vulnerabilities.
Verified SafeView Analysis
The server leverages WebAssembly sandboxing and includes robust JWT validation (issuer, audience, scopes, public key/JWKS). It supports flexible authorization via an embedded Rego policy engine; however, if the `POLICY` or `POLICY_DATA` environment variables can be controlled by untrusted sources, it introduces a significant risk of arbitrary policy execution within the component's sandbox. Outbound HTTP requests (e.g., to JWKS URIs or external APIs like Open-Meteo) are made using WASI `outgoing-handler`, which requires explicit host permissions from the runtime, but untrusted configuration could still lead to SSRF if the runtime is configured permissively. Session management includes validation for session IDs and user-defined keys. The `install.sh` script downloads binaries from GitHub, relying on GitHub's integrity. Overall, the system has strong security features but demands trusted configuration inputs, especially concerning Rego policies and network destinations.
Updated: 2025-12-11GitHub
51
52
High Cost
JeremyVyska icon
Sec7

Provides Business Central development knowledge and tooling, including specialist AI personas, code analysis, and structured workflows, to AI agents.

Setup Requirements

  • ⚠️Requires Git client installed on the system for Git-based knowledge layers.
  • ⚠️Requires proper configuration of knowledge layers (embedded, local, Git) via config files or the `set_workspace_info` tool.
  • ⚠️Git-based layers require authentication credentials (e.g., Personal Access Tokens, SSH keys) which need to be configured securely, often via environment variables.
Verified SafeView Analysis
The server interacts with local filesystems, external Git repositories (GitKnowledgeLayer), and extracts ZIP archives (SnapshotService) to temporary directories. This inherently carries risks from untrusted content. Configuration validation (`config-validator.ts`) explicitly warns about hardcoded tokens/passwords and encourages environment variables. Temp files created by `SnapshotService` have cleanup handlers registered. Default settings for `SecuritySettings` like `validate_sources: true` mitigate some risks, but `allow_local_paths: true` is enabled, requiring careful management of input paths. Future HTTP and NPM layer types will introduce more attack surface.
Updated: 2026-01-15GitHub
51
63
Low Cost
shinzo-labs icon

shinzo-ts

by shinzo-labs

Sec9

Provides OpenTelemetry-compatible instrumentation for TypeScript MCP servers to gain insight into agent usage patterns, contextualize tool calls, and analyze server performance.

Setup Requirements

  • ⚠️Requires Node.js 22.16+
  • ⚠️Requires pnpm 10.2.1+
  • ⚠️Requires an OpenTelemetry collector for full telemetry observability (e.g., Jaeger, Prometheus, Console)
Verified SafeView Analysis
The codebase demonstrates good security practices by incorporating PII sanitization by default and handling sensitive authentication credentials (bearer tokens, API keys, basic auth) through configuration, ideally sourced from environment variables. No 'eval', obfuscation, or hardcoded secrets were found. Network communication for telemetry export uses OTLP-HTTP, a standard protocol. The PII sanitization regex patterns are a strong feature. The overall design prioritizes secure data handling.
Updated: 2025-12-08GitHub
51
89
Medium Cost
always-further icon

AgentUp

by always-further

Sec8

A developer-first framework for building, deploying, and managing AI agents, bringing Docker-like consistency and operational ease to AI agent development.

Setup Requirements

  • ⚠️Requires an LLM provider (e.g., OpenAI, Anthropic) or a local Ollama instance. Cloud-based LLMs incur costs.
  • ⚠️If using `valkey` for caching, state management, or push notifications, a Redis/Valkey instance must be available.
  • ⚠️Python 3.9+ is required.
Verified SafeView Analysis
The project demonstrates a strong focus on security, implementing comprehensive authentication (API Key, JWT, OAuth2) and scope-based authorization (`@protected` decorator). It includes audit logging for security events and robust URL validation to prevent SSRF in push notifications. The plugin system offers `allowlist`, `configured`, and `permissive` security modes, crucial for managing the inherent risk of loading arbitrary code. However, loading untrusted plugins, especially via filesystem in development mode, can introduce arbitrary code execution risks. While the system provides controls, developers must exercise caution with plugin sources. No hardcoded secrets were identified; secrets are handled via environment variables and secure generation functions.
Updated: 2026-01-07GitHub
51
529
Medium Cost
irockel icon

tda

by irockel

Sec3

Headless analysis of Java thread dumps for diagnosing performance issues, deadlocks, and virtual thread problems, primarily for integration with AI agents or automated pipelines.

Setup Requirements

  • ⚠️Requires Java 11 or higher to run.
  • ⚠️Requires `-Djava.awt.headless=true` JVM argument for headless mode.
  • ⚠️May require increasing JVM memory allocation (`-Xmx`) for large log files.
Review RequiredView Analysis
The `parse_log` tool accepts an arbitrary file path, which could lead to unauthorized local file reading if the input is not strictly validated (e.g., preventing directory traversal). The `Browser.open` utility, used for opening external links (e.g., from welcome page or help dialogs), uses `Runtime.getRuntime().exec` to launch an external browser, which introduces a command injection risk if the URL argument can be manipulated to execute arbitrary commands, especially if the `BROWSER` environment variable is hijacked or misconfigured. This server is intended for local process communication, but the lack of input sanitization for file paths and external command execution makes it vulnerable if the AI agent is compromised or given malicious instructions.
Updated: 2026-01-19GitHub
51
92
Medium Cost
zwldarren icon

akshare-one-mcp

by zwldarren

Sec8

Provides comprehensive data interfaces for the China stock market, including historical data, real-time quotes, news, and financial statements, with support for technical indicators.

Setup Requirements

  • ⚠️Requires Python 3.12 or newer.
  • ⚠️The 'uv' package manager is recommended/required for installation and running.
  • ⚠️Relies on external data sources (e.g., Eastmoney, Sina, Xueqiu) for financial data, which may have rate limits or availability issues.
Verified SafeView Analysis
The server uses standard Python libraries and the FastMCP framework. No explicit 'eval', hardcoded secrets, or malicious patterns were found in the provided source code. The HTTP mode (if enabled) configures CORS to allow all origins ('*'), which is generally not recommended for production deployments but common for local development or private tools. This is a configuration choice rather than a code vulnerability.
Updated: 2026-01-19GitHub
51
92
High Cost
aliyun icon
Sec3

Enables AI assistants to manage Alibaba Cloud resources (ECS, RDS, OSS, VPC, Cloud Monitor) and automate application deployment to ECS instances.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Requires `uv` package manager for installation and execution.
  • ⚠️Requires Alibaba Cloud Access Key ID and Access Key Secret to be set as environment variables (ALIBABA_CLOUD_ACCESS_KEY_ID, ALIBABA_CLOUD_ACCESS_KEY_SECRET) or passed via request headers.
Verified SafeView Analysis
The server provides a `LOCAL_RunShellScript` tool which, by default, executes arbitrary shell commands using `subprocess.run(shell=True)`. This is a critical security risk as it allows for command injection and arbitrary code execution on the host machine running the MCP server if the AI agent's inputs are not meticulously sanitized or if the agent itself is compromised. Furthermore, it operates with highly sensitive Alibaba Cloud Access Key credentials, which, if exposed or misused through the AI, can lead to unauthorized access and control over cloud resources.
Updated: 2026-01-15GitHub
51
26
Medium Cost
datagouv icon

datagouv-mcp

by datagouv

Sec6

An MCP server enabling AI chatbots to search, explore, and analyze datasets from data.gouv.fr, the French national Open Data platform.

Setup Requirements

  • ⚠️Requires Docker for the recommended setup.
  • ⚠️Requires Python 3.13 (specifically `>=3.13,<3.15`) for manual installation.
  • ⚠️The `uv` package manager is required for manual installation.
Verified SafeView Analysis
The `download_and_parse_resource` tool allows downloading files from an arbitrary URL derived from a `resource_id`. While intended for legitimate open data, in an LLM context, it introduces a potential risk of an LLM being prompted to fetch data from malicious or controlled external sources. This could be leveraged for reconnaissance or to consume network/storage resources, despite the `max_size_mb` and `max_rows` limits. The server itself implements good transport security features like DNS rebinding protection and allowed origins.
Updated: 2026-01-16GitHub
51
141
Low Cost
weibaohui icon

kom

by weibaohui

Sec4

Manages Kubernetes clusters and resources through an SDK-level wrapper and an MCP (Multi-Cluster Platform) server, offering features like CRUD, file operations, log fetching, and SQL-like querying.

Setup Requirements

  • ⚠️Requires a Kubernetes cluster for operation (either in-cluster or via kubeconfig).
  • ⚠️Requires `aws cli` installed and configured on the host machine for managing AWS EKS clusters.
  • ⚠️Requires secure management of Kubernetes and AWS credentials (e.g., environment variables, secret management systems), as examples show direct string assignment which is insecure for production.
  • ⚠️Authentication and authorization logic for the MCP server must be implemented externally or via provided hooks, as the default `authKey` mechanism is basic and not a complete security solution.
Review RequiredView Analysis
The project allows powerful Kubernetes operations, including creating privileged pods (`CreateNodeShell`, `CreateKubectlShell` functions in `kom/ctl_node.go`) with `privileged: true`, `hostNetwork: true`, `hostPID: true`, and broad tolerations. This constitutes a significant privilege escalation vector if access to the MCP server is not rigorously controlled. The basic HTTP header-based `authKey` mechanism in `main.go` is illustrative and implies that robust external authentication and authorization are required, but not built-in. Kubeconfig handling (loading from paths, strings, or generated from AWS credentials) is a critical component that can be exploited if sources are untrusted. AWS credentials, if hardcoded in examples and used verbatim by users, pose a severe risk. File operations within pods and SQL-like querying of Kubernetes resources introduce additional attack surfaces that need careful validation and authorization checks to prevent unintended data exposure or manipulation.
Updated: 2026-01-18GitHub
PreviousPage 51 of 713Next