Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
ramadhyay icon

mcp-server

by ramadhyay

Sec10

This server provides a simple mathematical 'add' tool via the Multi-tool Coordination Protocol (MCP) framework, designed for integration into a larger MCP ecosystem.

Setup Requirements

  • ⚠️Requires the 'mcp' framework (specifically 'mcp[cli]') to be installed or accessible.
  • ⚠️Utilizes 'uvx' for direct execution from a git repository, requiring 'uv' to be installed.
  • ⚠️This is a server for a 'tool' within the MCP ecosystem, not a standalone web application.
Verified SafeView Analysis
The provided source code is simple and does not contain any obvious security vulnerabilities like 'eval', hardcoded secrets, or malicious patterns. The 'add' function performs a basic arithmetic operation without external dependencies or risky inputs.
Updated: 2025-12-03GitHub
0
0
Medium Cost
seanshin0214 icon

gpt-quantmaster-mcp

by seanshin0214

Sec8

An AI-powered assistant for quantitative research and applied statistics, providing specialized tools, knowledge, and code generation for ChatGPT Desktop.

Setup Requirements

  • ⚠️Requires `ngrok` for public access, which is necessary for integration with ChatGPT Desktop (if not using a gateway).
  • ⚠️The vector database for RAG functionality *must* be initialized by running `python init_vectordb.py` before starting the server. This crucial step is noted in internal comments and changelog but not prominently in the main installation instructions.
  • ⚠️The `sentence_transformers` library will download an embedding model (`all-MiniLM-L6-v2`) on its first use, which may cause an initial delay and requires an internet connection.
Verified SafeView Analysis
The server uses FastAPI with open CORS headers (`allow_origins=["*"]`), which is common for local development but makes it broadly accessible when exposed via `ngrok`. However, tool handlers validate input types, and there's no direct execution of arbitrary user-provided code or shell commands. ChromaDB is used in a persistent local mode, and no external API keys or sensitive credentials are hardcoded or loaded from environment variables for the server's core functionality.
Updated: 2025-12-07GitHub
0
0
Low Cost
Dhana009 icon

anki-mcp-claude

by Dhana009

Sec6

This server provides a Model Context Protocol (MCP) interface for AI assistants to programmatically manage Anki flashcards and decks via AnkiConnect.

Setup Requirements

  • ⚠️Requires Anki Desktop application to be installed and running.
  • ⚠️Requires the AnkiConnect addon to be installed in Anki.
  • ⚠️Requires Go 1.21+ for building from source.
Review RequiredView Analysis
The server's `create_card` tool allows arbitrary local file paths (e.g., `image_path`, `front_audio_path`) to be passed as arguments. This means an AI assistant (or an attacker controlling the AI's prompts) could instruct the server to read and process any file on the local filesystem where the server is running. This constitutes a Local File Inclusion (LFI) vulnerability, potentially leading to unauthorized disclosure of sensitive information. The code does not sanitize these file paths before reading them with `os.ReadFile`.
Updated: 2025-11-19GitHub
0
0
Low Cost
tzDel icon
Sec8

IntelliJ IDEA plugin for orchestrating AI coding agents via an MCP server, managing sessions, diffs, and merges.

Setup Requirements

  • ⚠️Requires the 'orchestragent' MCP Server binary to be installed and available in the system's PATH, or a specific path configured.
  • ⚠️Requires an existing Git repository to function, as it uses the project's base path for repository operations.
  • ⚠️Requires IntelliJ IDEA IDE (version 2024.3 or newer) as it is an IDE plugin.
Verified SafeView Analysis
The plugin's code does not contain obvious malicious patterns, 'eval' usage, or hardcoded secrets. It communicates with an external 'orchestragent' binary via standard I/O pipes. The overall security relies heavily on the integrity and security of this external 'orchestragent' binary, which is not provided in this source code analysis. The plugin handles process startup and connection errors gracefully.
Updated: 2025-12-19GitHub
0
0
Low Cost
BootcampToProd icon

embabel-mcp-file-server

by BootcampToProd

Sec8

Demonstrates how to build a Model Context Protocol (MCP) Server using Embabel and Spring Boot to expose local file system CRUD operations as tools for external AI agents.

Setup Requirements

  • ⚠️Requires Java 21 or higher
  • ⚠️Requires an OpenRouter API Key (free tier available) for the connected AI agent to function and for the server's model configuration.
Verified SafeView Analysis
The server's file operations are restricted to the application's current working directory (BASE_DIR). It explicitly sanitizes filenames to prevent directory traversal attacks by stripping path components. The main security consideration is ensuring the application is run in a non-sensitive directory and with appropriate OS-level permissions.
Updated: 2025-12-08GitHub
0
0
Low Cost
r1chard-lyu icon

systracesuite

by r1chard-lyu

Sec3

Systracesuite is an MCP server designed to expose Linux tracing and debugging capabilities (e.g., eBPF, bpftrace, perf, ftrace, syscall tracing) to LLMs and autonomous agents for system inspection, profiling, and debugging.

Setup Requirements

  • ⚠️Requires passwordless sudo for bpftrace (configured via setup.sh), posing a significant security risk if not in an isolated development environment.
  • ⚠️Linux-only: Relies on Linux-specific tracing tools (eBPF, bpftrace, perf, strace, ftrace/trace-cmd).
  • ⚠️Requires manual installation of system-level tracing tools (bpftrace, perf, strace, trace-cmd) not covered by Python package management.
Review RequiredView Analysis
The server's core functionality relies on granting passwordless sudo privileges to the `bpftrace` command via a `setup.sh` script, which modifies `/etc/sudoers.d`. This is a critical security risk if enabled in production environments or on shared systems, as `bpftrace` can interact deeply with the kernel and potentially expose or exploit system vulnerabilities if misused. While the `exec_bpftrace_tool` function attempts to prevent path traversal for script execution, the underlying power granted to `bpftrace` remains a significant concern. The README explicitly warns against enabling this in production.
Updated: 2025-12-04GitHub
0
0
Medium Cost
domdomegg icon
Sec9

The server enables AI systems to interact with Google Contacts for listing, searching, creating, updating, and deleting contact information.

Setup Requirements

  • ⚠️Requires manual setup of Google OAuth credentials (Client ID, Client Secret) in Google Cloud Console, including enabling the People API and configuring an OAuth consent screen and Authorized redirect URIs.
  • ⚠️Requires specific environment variables (`GOOGLE_CLIENT_ID`, `GOOGLE_CLIENT_SECRET`) to be set for the recommended HTTP transport, or `GOOGLE_ACCESS_TOKEN` for the simpler stdio transport.
  • ⚠️The HTTP transport requires `http://localhost:3000/callback` (or a custom `MCP_BASE_URL/callback`) to be registered as an Authorized redirect URI in Google Cloud Console for the OAuth flow to function correctly.
Verified SafeView Analysis
The code implements a robust OAuth proxy to Google, handling token validation and avoiding persistent storage of sensitive user tokens. Credentials (Client ID, Client Secret, Access Token) are correctly read from environment variables, preventing hardcoding. The `token-cache` mechanism mitigates repeated calls to Google's `tokeninfo` endpoint for validity checks, enhancing efficiency and preventing unnecessary network traffic for already known invalid tokens. The use of Zod for schema validation adds a layer of input sanitization and type safety for tool inputs and outputs.
Updated: 2026-01-07GitHub
0
0
Medium Cost
saurabhudeshi icon

RAID_MCP_SERVER

by saurabhudeshi

Sec9

A comprehensive Model Context Protocol (MCP) server for enterprise project management, specifically designed for tracking Risks, Actions, Issues, and Decisions (RAID) with secure, role-based access.

Setup Requirements

  • ⚠️Requires a Supabase account setup, including manual execution of a provided SQL script to create necessary database tables.
  • ⚠️Critical environment variables (Supabase URL/Key, JWT Secret Key) must be configured in a `.env` file, with the JWT Secret needing to be separately generated.
  • ⚠️Integrating with MCP clients like Claude Desktop or GitHub Copilot Chat requires manual editing of a client-specific configuration file with absolute paths to the Python interpreter and `main.py` script, which can be platform-dependent and prone to errors.
Verified SafeView Analysis
The server implements strong security practices including bcrypt for password hashing with unique salts, JWT for token-based authentication with a configurable secret key and expiration, and Pydantic for input validation. Role-based access control (Admin/User) and project-level access checks are integrated into the service layer. Environment variables are used for sensitive credentials, preventing hardcoding. No `eval` or other dangerous dynamic code execution patterns were found. Comprehensive error handling and logging are in place, contributing to a robust security posture.
Updated: 2025-11-24GitHub
0
0
Medium Cost
Cookee24 icon

GithubFetcher

by Cookee24

Sec9

Provides a focused MCP interface for large models to fetch code and metadata from GitHub repositories.

Setup Requirements

  • ⚠️Requires Rust (edition 2024) and Cargo to be installed.
  • ⚠️A GitHub Personal Access Token is highly recommended (via `GITHUB_AUTH_TOKEN` environment variable or `--token` flag) to avoid API rate limits.
  • ⚠️Requires an MCP client to interact with the server over stdio, as no HTTP server is exposed.
Verified SafeView Analysis
The project is written in Rust, which offers strong memory safety. Input parameters are deserialized using `serde` and `schemars`, helping to prevent malformed input from causing issues. GitHub API calls are made via `reqwest`, and file content decoding uses `base64`, both standard and generally safe libraries. Secrets (GitHub token) are handled via environment variables or CLI arguments, not hardcoded. The `--api-base` flag allows overriding the GitHub API endpoint, which could be a risk if pointed to a malicious server, but this is a configuration choice for enterprise or testing purposes, not a vulnerability in the default setup. No 'eval' or similar dangerous dynamic code execution patterns were found.
Updated: 2025-12-08GitHub
0
0
High Cost
anaseqal icon

codemode

by anaseqal

Sec2

Enables LLM agents to execute arbitrary Python code for a wide range of tasks, acting as a universal coding agent.

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️Requires Docker for sandbox mode (though its network isolation is compromised by `--network=host`).
  • ⚠️Requires `uv` or `pip` for setup and dependency management.
Review RequiredView Analysis
CRITICAL RISK: This server executes arbitrary Python code provided by an LLM, which can be jailbroken. In 'direct' execution mode (default), code runs with the user's full permissions, allowing complete filesystem and network access. While 'docker' mode is offered for sandboxing, its implementation uses `--network=host`, which negates network isolation by giving the container full access to the host's network stack. This is a significant security flaw for a sandbox and allows executed code to interact with the host network. Additionally, `auto_install` can lead to untrusted package installation, and `detect_and_encode_files` could exfiltrate sensitive local files if the LLM is prompted to output their paths. It is fundamentally unsafe to run with untrusted input.
Updated: 2025-11-27GitHub
0
0
High Cost
ahrav icon

dev-toolbox

by ahrav

Sec9

A comprehensive development toolbox for AI/LLM development, including resources for building and managing MCP (Model Context Protocol) servers and an extensive collection of specialized coding agents.

Setup Requirements

  • ⚠️Requires a Claude Code environment (claude.ai/code)
  • ⚠️Requires access to Claude models (Sonnet, Opus, etc.)
Verified SafeView Analysis
The provided source code primarily consists of agent definitions and workflow documentation. These documents extensively detail robust security practices for agent design, code review, API security, and MCP server implementation, covering OWASP Top 10, input validation, authentication, cryptography, and memory safety. No direct executable code of an MCP server is provided within the truncated source, so actual runtime security cannot be audited. However, the comprehensive nature of the security-focused agents (e.g., `rust-security-auditor`, `security-auditor`, `api-security-audit`) and development workflows indicates a very strong commitment to secure development principles.
Updated: 2025-12-04GitHub
0
0
Low Cost
WENZHELIN icon

BlenderGNMCP

by WENZHELIN

Sec3

Provides a server to facilitate interaction and control of Blender's geometry nodes, potentially through a command protocol.

Setup Requirements

  • ⚠️Requires Blender installation.
  • ⚠️Potential dependency on a Minecraft server (speculative, based on 'MCP server' interpretation).
Review RequiredView Analysis
A thorough security audit is impossible as the provided 'SOURCE CODE' only contains the project's README.md. Without access to the actual code, it's impossible to check for `eval`, hardcoded secrets, network vulnerabilities, or malicious patterns. The score reflects the inability to perform the requested analysis due to lack of visibility into the code.
Updated: 2025-12-03GitHub
PreviousPage 537 of 713Next