Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

49
77
Medium Cost
vantage-sh icon

vantage-mcp-server

by vantage-sh

Sec9

Enable natural language exploration of cloud costs via Model Context Protocol (MCP) clients.

Setup Requirements

  • ⚠️Requires a Vantage API Token with access to at least one connected cloud provider (AWS, Azure, Google Cloud, etc.).
  • ⚠️Deployment in remote (HTTP) mode as a Cloudflare Worker requires a Cloudflare account and the Wrangler CLI.
  • ⚠️OAuth authentication in remote mode requires extensive Auth0 configuration (Client ID, Secret, Domain, Scopes, Audience, Callback URL).
Verified SafeView Analysis
The server utilizes Zod for robust input validation on all tool arguments, significantly reducing injection vulnerabilities. Secrets are managed via environment variables (e.g., VANTAGE_TOKEN, AUTH0_CLIENT_ID) rather than being hardcoded. The OAuth flow implements CSRF protection and PKCE. API calls are directed to a configurable VANTAGE_API_HOST and include User-Agent headers for traceability. Error handling distinguishes between internal errors and user-facing MCPUserError messages.
Updated: 2026-01-14GitHub
49
44
High Cost
esaio icon
Sec9

Integrate AI assistants with esa.io for comprehensive document management, enabling programmatic reading, creation, updating, and organization of posts, comments, and team information.

Setup Requirements

  • ⚠️Requires `ESA_ACCESS_TOKEN` environment variable with specific API scopes (`read write` or granular permissions like `admin:comment read:post`) for esa.io API authentication. PAT v2 is recommended.
  • ⚠️Requires Node.js runtime version `>=20.19.4` as specified in the `package.json` engines field.
  • ⚠️If not using Docker, ensure `npx` (and a compatible Node.js installation) is correctly set up and accessible in your system's PATH, as indicated in the README's npx example.
Verified SafeView Analysis
The server securely handles credentials by requiring the `ESA_ACCESS_TOKEN` via environment variables. Input validation is robustly implemented using Zod schemas for all tool parameters, significantly reducing common injection vulnerabilities. Attachment handling (`esa_get_attachment`) is implemented with security in mind, offering base64 encoding only for small, supported image types and returning signed URLs for other files or larger images, thus avoiding direct file serving risks. No usage of `eval`, code obfuscation, or other direct malicious patterns were detected. Minor logging is done via `console.error`, which is acceptable but could be replaced with a more structured logging solution for high-volume production environments.
Updated: 2026-01-16GitHub
49
71
Medium Cost
ztxtxwd icon
Sec8

Remote Model Context Protocol (MCP) server for integrating AI clients with Feishu functionalities, leveraging Feishu OAuth for secure user authentication and Cloudflare Workers for global distribution.

Setup Requirements

  • ⚠️Requires a Cloudflare account for deployment.
  • ⚠️Requires a Feishu Open Platform account to create an application and configure OAuth.
  • ⚠️Requires the `wrangler` CLI for deployment and managing secrets/KV namespaces.
  • ⚠️Requires Node.js 18+ and npm for local development.
Verified SafeView Analysis
The server uses standard OAuth 2.1 practices with Feishu, securely handles client secrets via environment variables, and encrypts/signs cookies using a provided encryption key. Secrets are loaded from the Cloudflare Workers `env` object. Custom handlers utilize `userAccessToken` for making API calls on behalf of the user, which is expected. A third-party service `https://svg-to-png.tapeless.eu.org` is used for SVG conversion, which introduces an external dependency for certain media handling functionalities. Manual rate limiting is implemented for some document patch operations.
Updated: 2026-01-15GitHub
49
79
Low Cost
cswkim icon
Sec9

MCP Server for the Discogs API, enabling music catalog operations, search functionality, and more.

Setup Requirements

  • ⚠️Requires a Discogs Personal Access Token (DISCOGS_PERSONAL_ACCESS_TOKEN) for API access, which must be set in an environment variable.
  • ⚠️Requires Node.js (v20.x.x recommended, v18.x.x compatible) to run locally.
  • ⚠️The default `per_page` for API responses is set to 5 to accommodate clients with limited context windows, potentially requiring explicit overrides for more data.
Verified SafeView Analysis
The server demonstrates strong security practices including extensive input validation using Zod schemas for all tool parameters, which mitigates common injection vulnerabilities. Custom error handling prevents excessive information disclosure. The `DISCOGS_PERSONAL_ACCESS_TOKEN` is mandated via environment variables and users are explicitly warned against sharing it. Network host binding is configurable, allowing restriction to localhost. The project actively manages dependencies, as evidenced by explicit `pnpm` overrides for known vulnerabilities in `glob`, `hono`, `js-yaml`, and `qs`. The use of a forked `dotenv` is noted to prevent stdout logging conflicts, indicating a functional, non-malicious purpose. While an older `node-fetch` version is present in dependencies, the server's core `DiscogsService` leverages the native `fetch` API in Node.js (which uses `undici` in Node.js 18+), reducing reliance on the potentially vulnerable `node-fetch` package.
Updated: 2026-01-17GitHub
49
76
Medium Cost
grafana icon

loki-mcp

by grafana

Sec8

A Go-based server that implements the Model Context Protocol (MCP) to integrate Grafana Loki log querying capabilities with AI agents like Claude Desktop or n8n.

Setup Requirements

  • ⚠️Requires Go 1.16+ to build and run from source.
  • ⚠️Requires an accessible Grafana Loki instance (e.g., via Docker Compose) to query log data.
  • ⚠️Requires an MCP-compatible client (e.g., Claude Desktop, n8n, or the provided `loki-mcp-client`) to interact with the server.
Verified SafeView Analysis
The server uses standard Go libraries for HTTP requests and URL parsing, which correctly handles parameter escaping and mitigates common injection vulnerabilities. It retrieves sensitive credentials (Loki URL, authentication details, organization ID) from environment variables or request parameters, adhering to best practices for secret management. The README explicitly warns users about securing these credentials. No 'eval' or other dangerous dynamic code execution patterns were found. The primary security consideration for users is the safe handling of their `LOKI_USERNAME`, `LOKI_PASSWORD`, or `LOKI_TOKEN` environment variables outside of the application.
Updated: 2026-01-19GitHub
49
18
High Cost
possible055 icon

relace-mcp

by possible055

Sec9

Provides AI-powered code editing and intelligent codebase exploration using a Language Server Protocol (LSP) interface.

Setup Requirements

  • ⚠️Requires a Relace API Key (paid service) if using Relace as a provider or enabling cloud tools (`RELACE_CLOUD_TOOLS=1`).
  • ⚠️Relies on external system tools like `uv` (for dependency management/execution), `git`, and `ripgrep` (for efficient search). The `bash` tool is only available on Unix/macOS.
  • ⚠️Python 3.11+ is required for execution.
Verified SafeView Analysis
The server implements robust security measures, particularly for its 'bash' tool, which uses extensive blacklisting (e.g., `rm`, `sudo`, `curl`, `eval`, `exec`, pipes, redirects) and whitelisting for safe commands (e.g., `ls`, `cat`, `grep`, read-only `git` subcommands). Path validation prevents traversal attacks and access outside the designated base directory. Symlink following is blocked for dangerous commands. Network access is restricted to configured LLM/Relace API endpoints. File operations are generally confined and validated. While the 'bash' tool inherently introduces more risk, the implementation makes a strong effort to mitigate it, earning a high score.
Updated: 2026-01-19GitHub
49
71
High Cost
hridaya423 icon

conductor-tasks

by hridaya423

Sec7

Conductor Tasks acts as an intelligent AI-powered assistant for developers, streamlining the entire development lifecycle from task generation and planning (parsing PRDs, expanding tasks, generating implementation steps) to execution and code modification (generating diffs). It provides visual task management, integrates with various IDEs, and leverages multiple LLM providers for optimal results and cost efficiency.

Setup Requirements

  • ⚠️Requires Node.js >=18.0.0.
  • ⚠️Requires at least one LLM API key (e.g., OPENAI_API_KEY, ANTHROPIC_API_KEY) for AI features, which typically incur costs.
  • ⚠️For Ollama support, a local Ollama server must be running.
  • ⚠️For full IDE integration, an editor supporting Model Control Protocol (MCP) like Cursor is required.
Verified SafeView Analysis
The server uses environment variables for all API keys, avoiding hardcoded secrets. It performs extensive file system operations for task management, project analysis, and IDE configuration, which are handled with logging and error checking. The 'propose-diff' command can directly modify local files based on LLM-generated diffs; while this is a core function of an AI coding agent, it poses an inherent risk if the LLM generates malicious or unintended code changes. The 'originalHash' parameter for 'propose-diff' is a good mitigation against applying diffs to modified files, but it's optional and doesn't protect against malicious LLM output itself. No 'eval()' or obvious obfuscation was found in the provided code. Network calls are primarily secure HTTPS connections to LLM providers.
Updated: 2026-01-13GitHub
49
60
Medium Cost
docdyhr icon

mcp-wordpress

by docdyhr

Sec9

AI-driven SEO optimization and comprehensive management for WordPress sites via a Model Context Protocol (MCP) server.

Setup Requirements

  • ⚠️Requires an active WordPress instance accessible via REST API.
  • ⚠️Authentication (App Passwords, JWT, Basic, API Key) requires prior setup and configuration within WordPress.
  • ⚠️AI-driven SEO features (e.g., `seo.generate_meta`, content analysis) will incur costs from external Large Language Model (LLM) providers and require additional API keys/endpoints.
  • ⚠️Advanced features like multi-level caching (Redis) and background job processing (Action Scheduler) may require additional infrastructure or a companion WordPress plugin.
Verified SafeView Analysis
The server demonstrates a strong focus on security. It uses environment variables for sensitive data (e.g., WordPress credentials, JWT secrets) and includes explicit redaction for logs. Input validation is performed using Zod schemas and custom validators (`ParameterValidatorImpl`, `InputValidator`). It has a dedicated `src/security` directory with modules for AI-driven vulnerability scanning, automated remediation, code review, and security monitoring, indicating a proactive approach. Network-related code (`WordPressClient`, `ComposedRequestManager`) handles timeouts, retries, and rate limiting. The `validateAndSanitizeUrl` function prevents common URL-based attacks and private IP/localhost access in production. Potential risks are primarily tied to WordPress itself (plugin vulnerabilities) or misconfiguration, rather than inherent flaws in the server's code, but this is mitigated by robust configuration validation and security features.
Updated: 2026-01-16GitHub
49
55
Medium Cost
apache icon

echarts-mcp

by apache

Sec8

Generates Apache ECharts visualizations based on LLM-provided parameters and uploads them to a cloud storage service, returning the image URL.

Setup Requirements

  • ⚠️Requires a Baidu BCE (BOS) account and configuration for cloud image storage.
  • ⚠️Requires Node.js v18.12.0+ or >=v20.9.0 due to the 'canvas' dependency's engine requirements.
Verified SafeView Analysis
Input chart data undergoes basic structural validation (e.g., array checks). Cloud storage credentials (Baidu BOS) are correctly sourced from environment variables, which is good practice for secrets management. Image generation and temporary file handling for upload appear standard. No 'eval' or direct arbitrary command execution from user input was identified within the provided source code. A potential attack surface could exist if highly malicious ECharts 'data' could exploit the 'canvas' rendering engine, but this is a general library risk rather than a specific vulnerability in the server's input handling.
Updated: 2026-01-18GitHub
49
80
Medium Cost
spences10 icon

mcp-n8n-builder

by spences10

Sec9

Programmatic creation and management of n8n workflows by AI assistants via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires a running n8n instance accessible via its REST API.
  • ⚠️Requires an n8n API key for authentication.
  • ⚠️Careful configuration of `N8N_HOST` is needed; setting it to 'http://localhost:5678' (without '/api/v1') is likely the correct approach to avoid double '/api/v1' in the URL, despite README examples.
Verified SafeView Analysis
The source code does not contain 'eval' or obvious obfuscation. Secrets (N8N_API_KEY) are correctly handled via environment variables. Network requests are made to a configurable n8n host. A critical functional note: The N8N_HOST environment variable configuration examples in the README are contradictory to the code's API client implementation. If N8N_HOST is set to include '/api/v1' (e.g., 'http://localhost:5678/api/v1') as per README examples, the client will incorrectly construct URLs as 'http://localhost:5678/api/v1/api/v1/...' causing API calls to fail. N8N_HOST should ideally be set without '/api/v1' (e.g., 'http://localhost:5678') as the client appends it.
Updated: 2026-01-15GitHub
49
282
Medium Cost
minthcm icon

minthcm

by minthcm

Sec2

Human Capital Management (HCM) system with employee management, appraisals, and task management functionalities, leveraging a CRM-based backend.

Setup Requirements

  • ⚠️Requires PHP version 8.0.0 to 8.2.99. Other versions are not supported.
  • ⚠️Requires Node.js and npm for building the Vue.js frontend application.
  • ⚠️Requires specific file system permissions for the `legacy` directory and `.htaccess` file to allow read/write access.
  • ⚠️Requires a running Elasticsearch instance with connectivity details (host, port, credentials).
Review RequiredView Analysis
The server's source code contains multiple instances of `eval()` calls within core functionalities like KReports (`legacy/modules/KReports/KReport.php`, `legacy/modules/AOR_Reports/AOR_Report.php`) and AOW_WorkFlow (`legacy/modules/AOW_WorkFlow/AOW_WorkFlow.php`). If user input can influence the `$formula` variable or other dynamically evaluated strings, these can lead to severe Remote Code Execution (RCE) vulnerabilities. While some SQL queries appear to use parameterized statements (`$db->quoted()`, `$db->implodeQuoted()`), the presence of `eval()` makes the system highly susceptible to attacks. The installer (`install/Installer.php`, `legacy/install/install_utils.php`) uses `exec()` and `chmod()` for file system operations, which, while standard for installation, could be risky if not executed in a controlled environment. The `api/lib/Search/ElasticSearch/Operators/QueryString.php` uses a wildcard search which might be prone to injection if input is not fully sanitized for Elasticsearch. Overall, the direct use of `eval()` presents a critical security flaw.
Updated: 2026-01-19GitHub
49
45
High Cost
w31r4 icon

codex-mcp-go

by w31r4

Sec9

Wraps the OpenAI Codex CLI as an MCP tool, enabling AI clients like KiloCode, Roo Code, and Claude Code to utilize Codex for high-precision coding tasks, debugging, and code reviews within an agentic workflow.

Setup Requirements

  • ⚠️Requires OpenAI's 'codex' CLI installed and configured globally (e.g., via npm).
  • ⚠️Requires an OpenAI API Key configured for the underlying 'codex' CLI.
  • ⚠️Building from source requires Go 1.24+.
Verified SafeView Analysis
The server executes the external 'codex' CLI command with strict input validation for parameters like 'cd' (working directory) and 'sandbox'. The 'sandbox' parameter is explicitly validated against a whitelist of safe modes (read-only, workspace-write, danger-full-access), defaulting to 'read-only'. Critically, 'model' and 'profile' parameters are explicitly rejected by the wrapper unless an allowlist is enabled (which is not present in the provided code), preventing potential misuse of alternative configurations for the underlying 'codex' CLI. Prompts for Windows are escaped to prevent shell injection. The primary security consideration remains the trusted integrity of the underlying 'codex' CLI itself and the cautious use of 'danger-full-access' by the controlling AI, which the project's recommended prompts strongly discourage.
Updated: 2025-12-27GitHub
PreviousPage 55 of 713Next