Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

50
54
High Cost
mkellerman icon

bmad-mcp-server

by mkellerman

Sec3

Provides AI assistants with access to specialized agents and automated workflows from the BMAD (Business Methodology Automation and Delivery) methodology.

Setup Requirements

  • ⚠️Node.js 18 or later is required.
  • ⚠️An MCP-compatible client (e.g., Claude Desktop, VS Code with Copilot, Cline) is needed to interact with the server.
  • ⚠️E2E tests require a LiteLLM proxy running (typically via Docker), which uses real LLM APIs and incurs costs. API keys for your chosen LLM provider (e.g., OpenAI, Anthropic) are necessary, often configured via a mounted `~/.config/litellm` directory.
Review RequiredView Analysis
A critical path traversal vulnerability exists in the `ReadResourceRequestSchema` handler and `ResourceLoaderGit.loadFile` function. If a malicious actor can control the `uri` parameter (e.g., `bmad:///etc/passwd` or `bmad://../../../../etc/passwd`), they can read arbitrary files on the system that the Node.js process has access to. The `path.join` function, when given an absolute path segment (like `/etc/passwd`) or enough `../` segments, can escape the intended `bmadRoot` directory. This allows unauthorized access to sensitive data. Additionally, while Git cloning to `~/.bmad/cache/git` limits impact, it still involves executing external `git` commands with URLs that could potentially be malicious, though `--depth 1` helps mitigate some deep repository risks.
Updated: 2026-01-05GitHub
50
87
Medium Cost
stape-io icon
Sec9

This server acts as a middleware to connect MCP (Model Context Protocol) clients with the Google Tag Manager API, enabling programmatic management of GTM accounts, containers, and resources.

Setup Requirements

  • ⚠️Requires a compatible MCP client (e.g., Claude Desktop, Cursor AI) and specific client-side configuration to connect.
  • ⚠️Requires Google OAuth authentication to access Google Tag Manager API, necessitating user consent and proper Google API project setup.
  • ⚠️Designed for deployment on Cloudflare Workers, requiring a Cloudflare account and configuration of several environment variables.
Verified SafeView Analysis
The server uses a robust OAuth provider (`@cloudflare/workers-oauth-provider`) for Google authentication, ensuring secure handling of credentials via environment variables. It explicitly states that it acts as a pass-through proxy, not storing or processing user data or Tag Manager content. HTML sanitization (`sanitizeHtml`) is applied to client information in the approval dialog to prevent XSS. The `/remove` endpoint allows users to revoke access and clear session data, enhancing privacy and security.
Updated: 2026-01-13GitHub
50
78
Low Cost
lirantal icon

ls-mcp

by lirantal

Sec8

Command-line tool for discovering, analyzing, and reporting on Model Context Protocol (MCP) server configurations in a local development environment.

Setup Requirements

  • ⚠️Requires Node.js runtime (>=20.13.0)
Verified SafeView Analysis
The tool uses `child_process.execSync` to list running processes, but the commands executed (`ps` or `powershell`) are fixed and for system introspection, not for executing arbitrary user-provided input. File system operations are primarily for reading configuration files. The `CredentialDetectionService` enhances security awareness by identifying potential credential exposure within detected MCP server configurations, rather than introducing vulnerabilities itself. Overall, risks are low for an introspection CLI tool.
Updated: 2026-01-19GitHub
50
80
High Cost
stacklok icon

toolhive-studio

by stacklok

Sec5

ToolHive is a desktop application (Electron UI) for discovering, deploying, and managing Model Context Protocol (MCP) servers in isolated containers, and connecting them to AI agents and clients.

Setup Requirements

  • ⚠️Requires Docker daemon to be running locally.
  • ⚠️Requires Node.js version 22.0.0 (specified in `package.json` and README).
  • ⚠️Uses `pnpm` as the package manager for development.
Verified SafeView Analysis
The application uses hardcoded encryption keys ('toolhive-threads-encryption-key', 'toolhive-chat-encryption-key') for Electron Store, including for API keys and chat history. While this provides basic obfuscation, it offers no real security against a determined attacker who can access the application's code. Sensitive data stored with these keys should not be considered truly secure. The application properly uses `contextBridge` for secure IPC and implements a strong Content Security Policy (CSP). Executing external binaries (`thv`, `docker`, `podman`) is inherent to its functionality and appears controlled, but is always a potential attack surface if user input is not rigorously sanitized.
Updated: 2026-01-19GitHub
50
25
Medium Cost
sagemcp icon

sagemcp

by sagemcp

Sec8

A scalable platform for hosting Multi-tenant Model Context Protocol (MCP) servers with multi-tenant support, OAuth integration, and connector plugins for various services.

Setup Requirements

  • ⚠️Requires Kubernetes 1.21+ and Helm 3.8+ for production deployment.
  • ⚠️PostgreSQL and Redis are essential for database persistence and caching functionality.
  • ⚠️External OAuth provider (e.g., GitHub) client ID and secret are required to enable respective connectors.
  • ⚠️A strong `SECRET_KEY` environment variable must be generated and set for production environments.
Verified SafeView Analysis
The application uses environment variables for sensitive data like OAuth client IDs/secrets and database credentials. It includes a mechanism to generate a `SECRET_KEY` for development if not provided, which is convenient but requires attention in production. CORS `allow_origins=["*"]` is set by default, explicitly noted in the code as needing configuration for production. Default 'changeme' passwords in the Helm chart are highlighted as needing change for production. OAuth redirect URIs for CLI flows are correctly validated for localhost, and for web flows, `PUBLIC_URL` or forwarded headers are used, which is standard practice. HTTP client uses SSL verification and connection pooling for performance and security.
Updated: 2025-12-01GitHub
50
44
Low Cost
heroui-inc icon

heroui-mcp

by heroui-inc

Sec8

Provides HeroUI design system component documentation and theme data to AI assistants/coding agents.

Setup Requirements

  • ⚠️Requires Node.js v22+ and pnpm package manager.
  • ⚠️Requires Cloudflare R2 credentials (ACCOUNT_ID, ACCESS_KEY_ID, SECRET_ACCESS_KEY, BUCKET_NAME) for data storage and extraction.
  • ⚠️For the local testing harness (Mastra playground), one of the following API keys is required: ANTHROPIC_API_KEY, OPENAI_API_KEY, or AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY/AWS_REGION for Bedrock.
  • ⚠️A SERVICE_AUTH_TOKEN is required for the authentication middleware if enabled.
Verified SafeView Analysis
The project uses Cloudflare Workers, which limits direct file system access. Environment variables are used for sensitive credentials (R2, API keys, service auth tokens), which is a good practice. CORS is set to '*' for API endpoints, which is typical for public APIs but assumes all sensitive actions are adequately protected by the `authMiddleware`. No obvious 'eval' or direct injection vulnerabilities were found in the provided core API logic.
Updated: 2026-01-19GitHub
50
51
Medium Cost
zhongweili icon
Sec9

Provides AI-powered image generation and editing capabilities through Google's Gemini models with intelligent model selection.

Setup Requirements

  • ⚠️Requires a Google Gemini API Key (can be free tier, but usage may incur costs).
  • ⚠️Requires Python 3.11+.
  • ⚠️For Google Cloud deployments, Vertex AI Application Default Credentials (ADC) with the `roles/aiplatform.user` IAM role are needed if not using an API key.
  • ⚠️Recommends `uv` for easy installation and management, which needs to be installed separately.
Verified SafeView Analysis
API keys are loaded from environment variables (GEMINI_API_KEY or GOOGLE_API_KEY), not hardcoded. Input validation is present for prompts and file paths, including basic path traversal protection. Error details can be masked in production. Logging of sensitive data is sanitized. Build scripts use `subprocess` for `uv` and `twine` commands, which is standard for packaging but should be run in a trusted environment. No obvious 'eval' or other highly dangerous patterns were found in the core server logic.
Updated: 2026-01-17GitHub
50
143
Low Cost
pi22by7 icon

In-Memoria

by pi22by7

Sec9

Provides persistent intelligence infrastructure for AI agents, enabling them to understand codebases, detect patterns, predict coding approaches, and generate context-aware insights.

Setup Requirements

  • ⚠️Requires Node.js version 18 or higher.
  • ⚠️Relies on platform-specific Rust native bindings; unsupported platforms or build issues may result in degraded (TypeScript-based) analysis or failure.
  • ⚠️The 'SURREAL_SYNC_DATA' environment variable is recommended to be explicitly set to 'true' for crash safety.
Verified SafeView Analysis
The server operates primarily over standard I/O (stdio), limiting direct network attack surface. It relies on native Rust binaries for core analysis, which could be a risk if the binaries are compromised, but this is mitigated by open-source development. No explicit 'eval' usage or hardcoded critical secrets were found. 'JSON.parse' is used but inputs are validated by Zod schemas, reducing common injection risks.
Updated: 2025-12-23GitHub
50
120
Medium Cost
winor30 icon
Sec9

Enables programmatic interaction with various Datadog services, providing tools for incident management, monitoring, logging, metrics querying, APM trace analysis, RUM event processing, and host/downtime administration.

Setup Requirements

  • ⚠️Requires Datadog API Key (DATADOG_API_KEY) and Application Key (DATADOG_APP_KEY) which may be associated with a paid Datadog account.
  • ⚠️This is a community-maintained project and is not officially affiliated with, endorsed by, or supported by Datadog, Inc.
  • ⚠️The volume of data returned by tools like `get_logs`, `list_traces`, or RUM event queries can be substantial, potentially leading to high token costs for large data retrievals.
Verified SafeView Analysis
The server is designed to use environment variables (DATADOG_API_KEY, DATADOG_APP_KEY) for sensitive credentials, preventing hardcoded secrets. It employs Zod for robust input validation, mitigating injection risks. All external communication is with the Datadog API, which is expected functionality. Error handling for API responses (e.g., 4xx, 5xx statuses) is implemented, contributing to overall stability and security.
Updated: 2026-01-07GitHub
50
62
Low Cost
alphavantage icon

alpha_vantage_mcp

by alphavantage

Sec6

Enables LLMs and agentic workflows to seamlessly interact with real-time and historical stock market data through the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires an Alpha Vantage API Key.
  • ⚠️Requires Python 3.13+ for the server component.
  • ⚠️The `uv` package manager is a hard dependency for building and running the server.
  • ⚠️Cloud deployment on AWS is complex, requiring manual setup of IAM roles, S3 buckets, CloudFront distributions, and an ACM certificate in `us-east-1`.
Verified SafeView Analysis
The OAuth 2.1 implementation in `server/src/oauth.py` is simplified for statelessness. It embeds the user's Alpha Vantage API key directly within base64-encoded authorization codes and uses the API key itself as the client secret for the client_credentials grant. This approach is not a robust OAuth implementation and could expose the Alpha Vantage API key if authorization codes are intercepted or if the client secret is compromised. While `base64` is not encryption, it is used for short-lived codes. Additionally, API keys can be passed via query parameters, increasing the risk of exposure in server logs. The core server application in the `server/` directory does not contain obvious malicious patterns like `eval` or command injection, and uses standard, well-maintained libraries. However, it's important to note that the companion web UI component (`web/components/Markdown.tsx`) present in the same repository utilizes `eval(onClick)` which represents a severe Cross-Site Scripting (XSS) vulnerability if user-supplied content is rendered via this component. This vulnerability is not within the server's core functionality but exists in a part of the repository.
Updated: 2026-01-19GitHub
50
84
High Cost
box-community icon

mcp-server-box

by box-community

Sec2

The Box MCP Server provides a Microservice Context Protocol (MCP) interface to interact with the Box API, enabling AI agents and other clients to perform various file, folder, collaboration, metadata, and AI-powered operations on Box content.

Setup Requirements

  • ⚠️Requires extensive Box Custom App configuration (OAuth, CCG, or JWT) via the Box Developer Console, including pre-registering all callback URLs for OAuth flows.
  • ⚠️Heavily relies on environment variables (often from a .env file) for all Box API and MCP server authentication credentials; misconfiguration will lead to startup or runtime errors.
  • ⚠️The `uv` tool is recommended for Python dependency management and execution, which might require an additional setup step for some users.
Review RequiredView Analysis
CRITICAL: The server's `/oauth/register` endpoint, when running with `--transport=http` or `--transport=sse`, directly exposes the configured `BOX_CLIENT_ID` and `BOX_CLIENT_SECRET` in its response. This is a severe hardcoded secret exposure, as these credentials should remain confidential. Anyone accessing this public endpoint can retrieve the client ID and client secret, which could then be used for unauthorized access to the Box API or to impersonate the application.
Updated: 2025-12-02GitHub
50
83
High Cost
algolia icon

mcp-node

by algolia

Sec9

Enables natural language interaction with Algolia data through Claude Desktop by exposing Algolia APIs via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Node.js >= 22.0.0.
  • ⚠️macOS users must manually remove the quarantine flag from the executable to run it (`xattr -r -d com.apple.quarantine <path_to_executable>`). Windows and Linux support is indicated as 'coming soon'.
  • ⚠️Requires an Algolia account and initial authentication via a browser, which is handled locally by the server.
  • ⚠️Requires specific JSON configuration to be added to Claude Desktop settings, followed by a restart of Claude Desktop.
Verified SafeView Analysis
The server primarily acts as an API proxy for Algolia services. Authentication is handled via a standard OAuth PKCE flow, with access tokens and refresh tokens stored locally in `~/.algolia-mcp/state.json`. API keys generated by the server for Algolia applications are also stored locally. There are no detected uses of `eval` or similar dangerous functions. All network requests are made to legitimate Algolia domains. The reliance on local storage for sensitive credentials implies that the security of the host system is paramount; a compromised local machine could expose these credentials.
Updated: 2026-01-13GitHub
PreviousPage 53 of 713Next