Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

48
3
High Cost
Abhi-vish icon

code-buddy

by Abhi-vish

Sec3

Provides an AI-powered coding companion with comprehensive file system and development tools, integrating with MCP-compatible clients like Claude Desktop.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid)
  • ⚠️Requires Python 3.13 or higher
  • ⚠️Requires uv package manager for dependency management
Review RequiredView Analysis
The server includes tools that allow arbitrary command execution (`run_command`, `run_python`, `git`, `docker_tool`), HTTP requests (`http_request_tool`, `curl_tool`), and file system modifications outside the project root if `ALLOW_EXTERNAL_PATHS` is set to `true` (which is its default configuration in the provided example). While `PathValidator` attempts to block access to sensitive files, these tools offer broad system and network access. If the LLM's actions are unconstrained or if a vulnerability allows for command injection, this could lead to arbitrary code execution, data exfiltration, or other severe compromises. Running this server in a tightly controlled and isolated environment is highly recommended.
Updated: 2025-12-08GitHub
48
63
Medium Cost
cap-js icon

mcp-server

by cap-js

Sec7

A Model Context Protocol (MCP) server designed to assist AI models in the development of SAP Cloud Application Programming Model (CAP) applications by providing tools for model analysis and documentation search.

Setup Requirements

  • ⚠️Requires Node.js version 20 or higher.
  • ⚠️Initial Model Download: On first use of embedding-related features (e.g., `search_docs`), the server downloads a multi-megabyte ONNX model and tokenizer files from huggingface.co, requiring an active internet connection and local storage.
  • ⚠️Requires an MCP client (e.g., VS Code extension like Cline, opencode, GitHub Copilot agent mode) to interact with the server.
Verified SafeView Analysis
Potential Path Traversal Vulnerability: The `search_model` tool takes a `projectPath` argument, which is then passed to `cds.resolve` and `findCdsFiles`. The current code does not explicitly sanitize `projectPath` against path traversal attempts, meaning a malicious input could potentially lead to arbitrary file system access if `cds.resolve` or underlying Node.js `fs` operations do not sufficiently mitigate this. The `createEmbeddings` function also performs file I/O using an `id` parameter, which could be a path traversal vector if this function were exposed to untrusted input (currently it's internal to `searchMarkdownDocs` which uses a hardcoded ID, and commented as 'not for production'). No obvious hardcoded secrets or 'eval' usage found. External models are downloaded from trusted sources (HuggingFace, cap.cloud.sap).
Updated: 2025-12-09GitHub
48
34
Medium Cost
rocklambros icon

nist-csf-2-mcp-server

by rocklambros

Sec4

A professional cybersecurity assessment backend API for NIST CSF 2.0, providing real-time dashboards and executive reporting capabilities.

Setup Requirements

  • ⚠️Requires Node.js environment (supports ES Modules).
  • ⚠️Uses a local SQLite database for persistence, requiring careful management for production deployments.
  • ⚠️This repository contains only the backend API; a separate frontend project is needed for a full GUI.
Review RequiredView Analysis
The server demonstrates strong input validation using Zod schemas for most parameters, and includes robust security logging and monitoring features. Authentication mechanisms (JWT, API Key) are implemented but disabled by default in development. However, a critical vulnerability exists: the `generate_report` tool allows a user to specify `output_path` without sufficient path traversal validation. This could enable an attacker to write arbitrary files to sensitive locations on the server (e.g., `/etc/passwd`), potentially leading to remote code execution. This makes the application unsafe to run as-is without remediation.
Updated: 2025-12-06GitHub
48
58
High Cost
mrsimpson icon
Sec7

Manages conversation state and guides LLM coding agents through structured software development workflows with long-term project memory and multi-agent collaboration.

Setup Requirements

  • ⚠️Requires Node.js >=18.0.0
  • ⚠️Requires pnpm >=9.0.0 (specifically pnpm@9.14.2 is noted in lockfile)
  • ⚠️Requires 'Beads' CLI tool (`bd`) for task tracking functionality.
  • ⚠️Requires Git repository initialized for full functionality related to branch management and commit behavior.
Verified SafeView Analysis
The system extensively uses `child_process.execSync` to interact with Git and an external 'Beads' CLI tool. While arguments for these commands appear to be largely internally generated or derived from structured configuration (e.g., workflow names, task IDs), any direct or indirect injection of unsanitized user/LLM input into these commands could pose a security risk. The Express server is used with CORS, indicating network interaction, but no obvious hardcoded secrets or 'eval' usage were found. Proper input validation is critical given the LLM-driven nature.
Updated: 2026-01-19GitHub
48
2
Medium Cost
nirholas icon
Sec8

Extracts, parses, and organizes documentation from websites (llms.txt, install.md) for AI agents, LLMs, and automation workflows, offering structured, agent-ready formats and generation tools.

Setup Requirements

  • ⚠️Anthropic API Key (ANTHROPIC_API_KEY) is required for AI-powered `install.md` generation (paid service).
  • ⚠️Outbound internet access is required for the server to fetch documentation URLs and interact with external APIs (e.g., GitHub, Anthropic).
  • ⚠️GitHub Token is recommended for `install.md` generation from private GitHub repositories or to avoid GitHub API rate limits.
Verified SafeView Analysis
The application inherently performs network requests to arbitrary, user-provided URLs for web scraping and API interactions (e.g., GitHub, sitemaps, llms.txt files). While a `fetchWithTimeout` function is implemented to prevent hanging requests and `User-Agent` headers are set for identification, this type of functionality always carries an inherent risk of Server-Side Request Forgery (SSRF) if not meticulously controlled, though no obvious direct vulnerabilities were identified in the provided snippets. Rate limiting is robustly implemented via a sliding window algorithm and applied across critical API endpoints, which is a strong positive for preventing abuse. Environment variables (`ANTHROPIC_API_KEY`, `ADMIN_KEY`) are correctly used for sensitive information instead of hardcoding. No direct `eval` or other highly dangerous code patterns were found.
Updated: 2026-01-18GitHub
48
21
Medium Cost
PatrickSys icon

codebase-context

by PatrickSys

Sec9

Provides AI coding agents with real-time, context-rich insights into a codebase's patterns, libraries, architecture, and conventions to improve code generation quality and alignment with team standards.

Setup Requirements

  • ⚠️Initial indexing can take several minutes for large codebases (~2-5 mins for 30k files) and requires downloading a ~130MB model for local embedding.
  • ⚠️Requires `OPENAI_API_KEY` if `EMBEDDING_PROVIDER` is set to 'openai' (a paid service).
  • ⚠️Full pattern momentum analysis (rising/declining patterns) depends on the project being a Git repository.
Verified SafeView Analysis
The server primarily operates locally, processing files within the specified project root. External network calls are limited to OpenAI (if configured and `OPENAI_API_KEY` is provided) for embeddings. Local `git log` commands are executed via `child_process.exec`, but arguments are fixed and not user-controlled, mitigating injection risks. No `eval` or obvious obfuscation is present. Overall, risks are well-managed for an on-device code analysis tool.
Updated: 2026-01-18GitHub
48
134
Medium Cost
deepset-ai icon

hayhooks

by deepset-ai

Sec6

Deploy and serve Haystack Pipelines and Agents as REST APIs or MCP Tools, with OpenAI compatibility and Open WebUI integration, including support for RAG systems with file uploads and streaming.

Setup Requirements

  • ⚠️Requires Docker for running Elasticsearch (in RAG example) or for containerized Hayhooks deployment.
  • ⚠️Requires OpenAI API Key (paid service) for many LLM components used in examples and quick start guides.
  • ⚠️Requires Python 3.10+.
Review RequiredView Analysis
The default CORS settings (`HAYHOOKS_CORS_ALLOW_ORIGINS=["*"]`) allow all origins, which is a significant security risk if the server is exposed publicly without tighter controls. The RAG example's `docker-compose.yml` configures Elasticsearch with `xpack.security.enabled=false`, which is suitable only for local development and highly insecure for production environments. Sensitive API keys (e.g., OPENAI_API_KEY) are loaded from environment variables, which is a good practice, but careful management is required.
Updated: 2026-01-15GitHub
48
62
Medium Cost
yywz1999 icon

gdb-mcp-server

by yywz1999

Sec2

Provides an AI-assisted debugging server for GDB using the Model Context Protocol, enabling AI agents to interact with and control GDB sessions.

Setup Requirements

  • ⚠️Requires Python 3.7+ (tested with 3.11).
  • ⚠️Requires platform-specific dependencies like `pexpect` (Linux/macOS), `xdotool` (Linux for keyboard fallback), and `pyautogui` (Windows for keyboard fallback).
  • ⚠️Optimal terminal experience requires iTerm2 on macOS and tmux on Linux.
  • ⚠️A GDB process must be running and accessible in a specific terminal setup for the server to attach and interact reliably.
Review RequiredView Analysis
The server directly injects user-provided commands into underlying system utilities (AppleScript, tmux, pexpect, xdotool, pyautogui) without strong sanitization. This creates significant command injection vulnerabilities. A malicious AI agent or user controlling the `command` parameter could execute arbitrary shell commands or send arbitrary keystrokes to the host system, potentially impacting any active window. The server's reliance on 'send-keys' or 'write text' via terminal automation tools is inherently risky as it can simulate user input to any active application.
Updated: 2025-11-27GitHub
48
32
Low Cost
Kastalien-Research icon

thoughtbox

by Kastalien-Research

Sec9

Provides a durable, local-first reasoning ledger and structured cognitive tools for AI agents, enabling step-by-step thinking, branching, revisions, and autonomous critique, with progressive tool disclosure and client compatibility adaptations.

Setup Requirements

  • ⚠️Requires Node.js 22+ to be installed on the system.
  • ⚠️Requires specific JSON configuration to integrate with supported MCP clients (e.g., Claude Code, GitHub Copilot).
  • ⚠️The 'thoughtbox_gateway' tool is frequently needed for clients that don't refresh tool lists mid-turn (e.g., streaming HTTP clients).
Verified SafeView Analysis
The server is designed for local-first use and incorporates robust input validation (`sanitizePath`, `validateFilename`) in the notebook component to mitigate path traversal and similar file-system based vulnerabilities when executing user-defined code. External process execution (`spawn` for Node.js, npm, tsx) is performed with explicit commands and arguments, reducing the risk of shell injection. There are no overt hardcoded secrets. While the Observatory component allows for flexible CORS configuration (including `*`), this is an opt-in setting in an optional, typically local, monitoring tool. Overall, the source code indicates a conscious effort towards security for its intended use case.
Updated: 2026-01-19GitHub
48
70
Medium Cost
huimeicloud icon

hm_editor

by huimeicloud

Sec3

This MCP server integrates an advanced medical record editor with AI capabilities, enabling structured document content management, data element manipulation, revision tracking, watermarking, and dynamic generation of charts and tabular data. It also provides search functionalities for medical staff, ICD codes, and geographical data, and supports PDF generation.

Setup Requirements

  • ⚠️Requires `DEEPSEEK_API_KEY` environment variable for AI model integration.
  • ⚠️Requires `canvas`, `echarts`, `wkhtmltopdf`, and `puppeteer` to be installed on the server machine. `wkhtmltopdf` and `puppeteer` are external binaries which can be complex to install and require Chromium (~200MB) for `puppeteer`.
  • ⚠️Assumes the local server is running on `http://127.0.0.1:7070` for internal MCP communication, as configured in `mcp-config.json`.
Review RequiredView Analysis
1. **Critical: Remote Code Execution (RCE) / Cross-Client Command Injection via MCP WebSocket**: The `mcp-server.js` `tools/call` endpoint allows an authenticated user to specify a `sessionId` in the arguments, which is then used to send arbitrary tool calls (method and arguments) to *any* connected WebSocket client associated with that `sessionId`. There is no validation to ensure the provided `sessionId` belongs to the calling client, posing a severe risk of remote arbitrary code execution on other users' active editor instances. For example, `insertDataAtCursor` or `setDocContent` could be exploited to inject malicious HTML/JavaScript. 2. **Potential RCE via PDF Generation**: The `/getPdfPath` endpoint in `src/print.js` takes `req.body.html` directly as input for `wkhtmltopdf`. If the HTML content is untrusted and contains known vulnerabilities for web rendering engines, this could lead to Remote Code Execution on the server where `wkhtmltopdf` is executed. 3. **Hardcoded Credentials**: `DEEPSEEK_API_KEY` is expected as an environment variable, but its management outside of `.env` files (e.g., if committed to a repository) could expose sensitive credentials. 4. **File System Operations**: Direct file system operations (read/write/delete) are performed for mock data and PDF generation. While `path.join` is used to mitigate some directory traversal risks, the overall attack surface through these operations requires careful input sanitization to prevent unintended file manipulation.
Updated: 2026-01-09GitHub
48
115
High Cost
domdomegg icon

computer-use-mcp

by domdomegg

Sec7

This server allows an AI model, such as Claude, to control a user's computer by interacting with the desktop GUI through mouse, keyboard, and screen capture actions.

Setup Requirements

  • ⚠️Requires Node.js to be installed on the host machine.
  • ⚠️Requires granting significant operating system-level permissions (e.g., Accessibility, Screen Recording on macOS) to the application or terminal running the server for desktop interaction.
  • ⚠️Optimal performance for AI models may require specific display resolutions (e.g., 720p) and installation of browser extensions like Rango for improved keyboard navigation, though these are not strictly mandatory for server function.
Verified SafeView Analysis
The server's core functionality grants complete control over the user's computer via desktop automation (mouse, keyboard, screen capture) using 'nut.js'. This is an inherent high-risk capability. The README explicitly warns users to treat it like 'giving a hyperactive toddler access to your computer' and suggests sandboxing. The HTTP transport option also lacks authentication and is explicitly warned against for use without a secure reverse proxy. No 'eval' or obvious obfuscation/malicious patterns were found in the provided source code. The risks are transparently communicated, allowing users to make informed decisions about mitigating risk through supervision or sandboxing.
Updated: 2026-01-07GitHub
48
95
Medium Cost
ccbikai icon

github-stars

by ccbikai

Sec7

This MCP Server allows users to semantically search and query their GitHub starred repositories using natural language, leveraging Cloudflare's AutoRAG for efficient AI-powered search over repository READMEs and metadata.

Setup Requirements

  • ⚠️Requires GitHub Personal Access Token with `repo` scope (highly privileged).
  • ⚠️Requires a Cloudflare account for R2 storage and AutoRAG instance.
  • ⚠️Requires `MCP_API_KEY` to be generated and configured for server access.
Verified SafeView Analysis
The MCP server implements API key authentication via `MCP_API_KEY`, which is good for access control. The `scripts/index.js` fetches GitHub data using `GH_TOKEN` with `repo` scope, a highly privileged token requiring careful management as a GitHub Secret. The system relies on external Cloudflare AutoRAG for search, meaning query processing is offloaded to a third-party AI service. No direct `eval` or obvious code injection vulnerabilities are present in the provided server code.
Updated: 2026-01-17GitHub
PreviousPage 57 of 713Next