Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
Maxymize icon
Sec8

Transforms traditional MCP (Model Context Protocol) servers into efficient Code Execution skills to significantly reduce token consumption for AI agents.

Setup Requirements

  • ⚠️Requires Claude Code CLI
  • ⚠️Requires Node.js 18+
  • ⚠️Requires TypeScript
  • ⚠️OpenAI API Key (Paid) needed for AI-powered/Hybrid skills (e.g., Sentry's AI search, shadcn-vue's requirement analysis)
Verified SafeView Analysis
The system utilizes `child_process.spawn` to launch other MCP servers, which could be a risk if arbitrary commands were injectable; however, the `MCP_SERVERS` configuration in `client.ts` hardcodes known server commands, limiting direct injection. The project's documentation (`CLAUDE.md`) explicitly outlines robust security measures for the code execution environment (e.g., sandbox limits, PII tokenization, restricted filesystem access, network whitelisting, secure environment variables), mitigating risks associated with generated agent code and local execution. Proper management of environment variables is critical.
Updated: 2026-01-08GitHub
0
0
Low Cost
BapanBigData icon
Sec9

This server provides a set of callable tools, specifically an addition function and a real-time weather retriever, to be consumed by an MCP agent or other clients.

Setup Requirements

  • ⚠️Requires Python 3.12 or higher.
  • ⚠️Requires an OpenWeatherMap API key (OPENWEATHER_API_KEY) to be set as an environment variable for the weather tool to function.
  • ⚠️The server itself expects an '--api-key' argument for its own operation, likely for client authentication.
Verified SafeView Analysis
The server correctly loads API keys from environment variables, avoiding hardcoded secrets. It performs external network requests to OpenWeatherMap, which is standard for fetching external data. No 'eval' or other dynamic code execution patterns were found, enhancing safety. One point deduction for external API dependency.
Updated: 2025-12-06GitHub
0
0
Low Cost
edwardedmonds icon

sift-releases

by edwardedmonds

Sec6

Provides persistent memory, fast search, and intelligent file editing for Claude Code sessions, enhancing AI developer workflows.

Setup Requirements

  • ⚠️Core 'sift' binary is proprietary and closed-source.
  • ⚠️Requires 'claude' CLI to be installed and configured for MCP server registration and interaction.
  • ⚠️Web crawling (`sift_web_crawl`) requires `libcurl` to be installed (e.g., `libcurl4-openssl-dev` on Debian/Ubuntu, `curl` on macOS).
Verified SafeView Analysis
The core 'sift' binary, which functions as the MCP server, is proprietary and distributed as a binary only. This prevents a full security audit of its C source code. While the Python installer scripts (sift-setup.py, sift-uninstall.py) perform standard privileged operations (file system modifications, subprocess execution) typical for such installations, the inherent trust placed in the closed-source binary is significant. Tools like `sift_sql` or `sift_edit` (with its patch mode) could pose security risks (e.g., SQL injection, arbitrary file manipulation) if inputs from the interacting LLM are not meticulously sanitized and validated within the C implementation. The system design implicitly relies on robust internal handling and careful constraint of the LLM's capabilities to prevent abuse.
Updated: 2026-01-18GitHub
0
0
Medium Cost
echo-smith664 icon

compound-mcp-server

by echo-smith664

Sec9

Provides a Model Context Protocol (MCP) server that enables AI clients (like Claude Desktop) to interact with Groq's compound/meta models, offering tools for real-time information retrieval and simulated code execution.

Setup Requirements

  • ⚠️Requires a Groq API key (GROQ_API_KEY) for basic functionality.
  • ⚠️Node.js >= 18.0.0 is required.
  • ⚠️For Vercel deployments, a Redis instance (REDIS_URL) is recommended for SSE transport.
Verified SafeView Analysis
The server's core functionality involves proxying user questions to the Groq API. It correctly uses environment variables for sensitive API keys (GROQ_API_KEY) and Redis connection strings (REDIS_URL), preventing hardcoding of secrets. There is no direct `eval` or arbitrary code execution by the server based on user input. The 'code execution' tool name refers to the *model's* capability, not the server's. The use of standard, well-maintained SDKs (`@modelcontextprotocol/sdk`, `groq-sdk`, `@vercel/mcp-adapter`) suggests good security practices in dependencies.
Updated: 2025-11-20GitHub
0
0
Low Cost
carlosduplar icon

multi-agent-mcp

by carlosduplar

Sec8

Intelligent routing and guidance layer for AI coding agents, enabling seamless delegation of specialized tasks to various tools while maintaining context and privacy.

Setup Requirements

  • ⚠️Requires Python 3.10+
  • ⚠️Requires at least one external AI agent CLI installed (e.g., Gemini CLI via npm, Aider via pip, Claude Code via npm)
  • ⚠️Installer automatically configures Claude Code, which might require specific Claude CLI versions or local setup.
Verified SafeView Analysis
The core `DelegationMCPServer` (when run as `delegation-mcp`) is designed as a routing guidance layer and explicitly states 'No Code Execution' for user tasks. It only suggests commands to the client. It uses `subprocess` for agent discovery (`which`, `--version` checks), which is low-risk. The `OrchestratorRegistry.execute` method, used by other components like `DelegationEngine` and `WorkflowEngine` (e.g., via `delegation-workflow` CLI), *does* execute external commands. This method constructs `subprocess.create_subprocess_exec` commands using a list of arguments, which is generally safer against shell injection than a single string. It also sanitizes the environment passed to subprocesses using an allowlist approach. The `WorkflowContext.interpolate` method includes a warning about handling escaping for interpolated strings passed to shell commands, indicating a potential point of concern if the external CLIs themselves have argument parsing vulnerabilities or if workflow inputs are untrusted. No direct shell injection vulnerabilities were found within the project's subprocess calls, but reliance on external CLIs means their security model is inherited.
Updated: 2025-11-28GitHub
0
0
Low Cost
michaelpetrik icon

mcp-setter

by michaelpetrik

Sec8

Installing and managing Model Context Protocol (MCP) servers across different AI services and operating systems.

Setup Requirements

  • ⚠️Requires Node.js 18+ LTS and npm 9+ or pnpm.
  • ⚠️Requires a `.env` file (based on `.env.example`) to be configured with API keys for specific MCP servers (e.g., CONTEXT7_API_KEY, GITHUB_MCP_PAT, N8N_API_KEY, N8N_API_URL) for full functionality of the MCP servers it manages, though the tool itself can run without them.
  • ⚠️The `requestElevation()` permissions function is a placeholder and does not implement actual OS-specific privilege elevation, requiring manual elevation for operations that need it.
Verified SafeView Analysis
The codebase demonstrates strong security practices including explicit handling of sensitive environment variables, runtime validation, and scrubbing of sensitive data (API keys, file paths) from telemetry payloads. It also includes business rule validation to prevent potentially dangerous system commands from being executed. However, its core functionality involves installing and executing code from an external MCP registry, which inherently carries a supply chain risk dependent on the trustworthiness of the registry's content. No 'eval' or malicious obfuscation patterns were found.
Updated: 2025-11-19GitHub
0
0
Medium Cost
Bin4yi icon
Sec8

An AI-powered pet care chatbot system integrating a secured MCP server with an intelligent LangGraph agent, using Asgardeo for authentication and OpenAI for AI capabilities.

Setup Requirements

  • ⚠️Requires Python 3.12 or higher.
  • ⚠️Requires an Asgardeo account and manual application setup (Client ID, Tenant Name, JWKS URL).
  • ⚠️Requires an OpenAI API key (paid service) for AI-powered features.
Verified SafeView Analysis
The project uses robust OAuth2/OIDC authentication with Asgardeo and JWT token validation via JWKS, which are good security practices. Environment variables are correctly used for credentials, with warnings against committing them. However, the default CORS policy (`allow_credentials=True, expose_headers='*', allow_headers='*', allow_methods='*'`) is very permissive and should be restricted to specific origins for a production deployment. The `ssl_verify=False` option for development is mentioned in comments, which, while not active by default, points to a potential development pattern that should be avoided in production.
Updated: 2025-12-02GitHub
0
0
Low Cost
eladjak icon
Sec8

A central registry for discovering, listing, and recommending AI development skills based on their local markdown files.

Setup Requirements

  • ⚠️Requires `npm install` and `npm run build` within its directory before execution.
Verified SafeView Analysis
The server operates locally on skill markdown files (`SKILL.md`) found in `~/.claude/skills/` and `.claude/skills/`. It uses `YAML.parse` to extract metadata from frontmatter. While `YAML.parse` can pose risks with untrusted input, the server is designed to process local, presumably trusted skill definitions. No direct network risks or hardcoded secrets were identified within the server's own logic. The primary security concern would be if malicious `SKILL.md` files could be injected into these paths, potentially leading to local privilege escalation or unexpected behavior if the YAML parsing or subsequent markdown rendering (by the consuming AI/tool) is vulnerable. However, the server itself does not expose external network interfaces and focuses on local file processing.
Updated: 2026-01-18GitHub
0
0
Medium Cost
JanGoebel icon

labview_assistant

by JanGoebel

Sec4

Enables LLMs to programmatically control and generate LabVIEW code through an MCP server.

Setup Requirements

  • ⚠️Requires a LabVIEW development environment or runtime to execute `main.vi`.
  • ⚠️Requires an MCP client application (e.g., Claude Desktop) to connect and utilize the server.
Review RequiredView Analysis
The provided source code is severely truncated, consisting only of `config.json` and `readme.md`. The actual server logic, likely implemented in LabVIEW VIs and potentially a `mcp-remote` wrapper, is not available for review. Therefore, a comprehensive security audit for vulnerabilities such as command injection, `eval` usage, or hardcoded secrets within the core server implementation is impossible. The `config.json` does include an 'Allowed Paths' whitelist (`C:\Temp\`), which is a positive security measure for restricting file system interactions, but its effectiveness depends entirely on the server's internal logic that consumes this configuration. Safety cannot be guaranteed without full code visibility.
Updated: 2025-12-18GitHub
0
0
Medium Cost
luiscarone icon
Sec9

Provides comprehensive access to Autodesk Fusion 360 Python API documentation, code generation, and API querying with an auto-updating index for AI-assisted development.

Setup Requirements

  • ⚠️Requires Python 3.10+ and specific dependencies from requirements.txt.
  • ⚠️Requires an MCP-compatible client (e.g., Claude Desktop, Cline) and specific JSON configuration for the client.
  • ⚠️Windows users must use WSL with specific bash commands for optimal setup.
  • ⚠️Initial API index update requires internet access and can take 10-30 minutes for a full scrape.
Verified SafeView Analysis
The server implements URL filtering to restrict web scraping to 'help.autodesk.com', includes input validation for all tools, and uses request timeouts. Code generation uses predefined templates, preventing arbitrary code execution. The primary risk is with manual API index building which may require local file path configurations, but the recommended auto-update method mitigates this. No hardcoded sensitive information was found.
Updated: 2025-11-19GitHub
0
0
Medium Cost
enarha icon
Sec9

Provides a Model Context Protocol (MCP) server for accessing historical Tekton PipelineRun and TaskRun data stored in Tekton Results.

Setup Requirements

  • ⚠️Requires Go 1.24.3 or later for building the server.
  • ⚠️Requires access to a Kubernetes cluster with Tekton Pipelines and Tekton Results installed.
  • ⚠️When running outside a cluster and the Tekton Results aggregated API is not exposed, manual configuration via environment variables (e.g., TEKTON_RESULTS_BASE_URL) is required.
Verified SafeView Analysis
The server uses standard Kubernetes client libraries for authentication and API interaction, which is a secure approach. Input parameters for tools are validated and sanitized (e.g., `labelSelector`, CEL string escaping), reducing injection risks. Sensitive information like bearer tokens is sourced from environment variables or kubeconfig, avoiding hardcoding. The `TEKTON_RESULTS_INSECURE_SKIP_VERIFY` option, while a security risk if misused in production, is explicitly opt-in for development/testing scenarios and properly documented.
Updated: 2026-01-14GitHub
0
0
Medium Cost
JarrodAI icon
Sec9

This server integrates Microsoft's Pylance and Pyright to provide advanced Python code intelligence (type checking, refactoring, code navigation, completions) to AI coding assistants via the MCP protocol.

Setup Requirements

  • ⚠️Requires Python 3.11+
  • ⚠️Requires Node.js 18+
Verified SafeView Analysis
The server explicitly states strong security measures including path validation, subprocess sandboxing, read-only default operations, and input validation on all endpoints. It leverages well-established and hardened tools like Pylance and Pyright. No 'eval' or malicious patterns are evident in the provided source code.
Updated: 2026-01-12GitHub
PreviousPage 530 of 713Next