Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

48
65
Medium Cost
Skobyn icon
Sec8

A Model Context Protocol (MCP) server that enables LLMs to interact with DataForSEO and Local Falcon SEO APIs for tasks like keyword research, backlink analysis, and SERP data retrieval.

Setup Requirements

  • ⚠️Requires DataForSEO API credentials (DATAFORSEO_LOGIN, DATAFORSEO_PASSWORD) as environment variables. LOCALFALCON_API_KEY is needed for optional Local Falcon tools.
  • ⚠️Requires Node.js and npm for installation (`npm install`) and building (`npm run build`).
  • ⚠️The HTTP server endpoint, when deployed (e.g., to Cloud Run), is publicly accessible by default. Production usage requires configuring authentication (e.g., API keys, IAM) as recommended in the provided documentation.
Verified SafeView Analysis
The code leverages Zod for robust input validation on tool parameters and relies on environment variables for API credentials, which are good practices. However, the HTTP server defaults to broad CORS (`Access-Control-Allow-Origin: *`), making it widely accessible. The `INTEGRATION_GUIDE.md` explicitly states it's 'currently unauthenticated (public access)' and recommends adding authentication (API Key or IAM) for production deployments. No 'eval' or direct command injection vectors are apparent within the server's core logic.
Updated: 2025-12-09GitHub
48
21
Low Cost
PatrickSys icon
Sec9

Provides AI coding agents with real-time, context-aware insights into a codebase's patterns, libraries, architecture, and conventions to improve code generation and review.

Setup Requirements

  • ⚠️Requires OpenAI API Key if 'openai' embedding provider is chosen (transformers is default, local).
  • ⚠️Requires 'git' to be installed for pattern momentum analysis (gracefully skipped if not available/git repo).
  • ⚠️Initial indexing can take several minutes for large codebases (e.g., 2-5 mins for 30k files).
Verified SafeView Analysis
The server performs `git log` commands, which, while using a hardcoded command, could pose a risk if `rootPath` is untrusted. OpenAI API key (if used) is handled via environment variable. Dependencies are actively maintained with recent security fixes (e.g., hono update). Local-first execution for embeddings and storage reduces external network attack surface. Overall, it follows good security practices for a local developer tool.
Updated: 2026-01-18GitHub
48
9
High Cost
zzgael icon

pedigree-mcp

by zzgael

Sec8

Generates family pedigree tree diagrams as PNG or SVG images, compliant with Bennett 2008/2022 NSGC standardized genetic notation, for use with Model Context Protocol (MCP) clients.

Setup Requirements

  • ⚠️Requires Node.js version 18 or higher as specified in `package.json`.
  • ⚠️The 'sharp' dependency, essential for PNG generation, is a native module that might require specific build tools (e.g., `libvips`) on the host system, although pre-compiled binaries often simplify installation.
  • ⚠️Generating complex pedigree diagrams (especially large SVG or high-resolution PNGs) can produce very large output strings (hundreds of KB to megabytes), resulting in high token usage if transmitted to an LLM context.
Verified SafeView Analysis
The server communicates over standard I/O (stdio), significantly limiting direct network exposure. Input validation for tool arguments is performed robustly using Zod. While the `Individual` schema uses `passthrough()` allowing arbitrary extra fields, these are not directly utilized in a way that could lead to code injection. The primary security considerations involve potential vulnerabilities in underlying native image processing (`sharp`) or SVG rendering (`jsdom`, `d3`) libraries. These are widely used and generally well-maintained projects. No hardcoded secrets or direct `eval` calls were found in the provided source code.
Updated: 2025-12-08GitHub
48
3
High Cost
mattzcarey icon

txt2mcp

by mattzcarey

Sec6

Converts text files or remote URLs into Model Context Protocol (MCP) servers, providing a searchable interface for AI agents.

Setup Requirements

  • ⚠️Requires a Cloudflare account with Workers, R2 Bucket, and Durable Objects configured (not a standalone server).
  • ⚠️The search index (`Orama`) is rebuilt on every search query, leading to high CPU and memory usage, especially for large documents, which can significantly increase operational costs and latency. The index should be persisted after creation/update.
  • ⚠️The use of `fetch(url)` for user-provided URLs in remote content ingestion can lead to SSRF vulnerabilities without robust URL validation.
Review RequiredView Analysis
The server fetches content from user-provided URLs in `/api/remote` and the `MCPServer.alarm` function. This presents a Server-Side Request Forgery (SSRF) vulnerability, as an attacker could potentially direct the server to make requests to internal network resources or sensitive Cloudflare metadata endpoints if the Worker runtime's network isolation is not sufficiently restrictive or if the URLs are not validated against private IP ranges/internal domains. While Cloudflare Workers offer some sandboxing, the code itself does not implement explicit URL validation to prevent this type of exploit.
Updated: 2025-11-25GitHub
48
3
Medium Cost
DeepakJangra239 icon

kgraph

by DeepakJangra239

Sec9

Indexes codebases into a knowledge graph to enable semantic search, precise code navigation, and impact analysis for LLM agents.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️An initial `reindex_codebase(root_path="...")` call is mandatory after setup for the server to function, as it builds the knowledge graph.
  • ⚠️Performance for vector embeddings may vary significantly; it utilizes `mlx_embeddings` for Apple Silicon for speed, falling back to `sentence-transformers` on other platforms.
Verified SafeView Analysis
The project uses `sqlite3` with parameterized queries, and `yaml.safe_load` for parsing configuration, which are good practices. File system operations are scoped to a user-provided root path. Dynamic module loading for Tree-sitter parsers (`importlib.import_module`) is based on internal, trusted YAML configuration files, mitigating risk. There are no obvious `eval()` calls or direct `subprocess` invocations with unsanitized user input. The primary security consideration would be if an attacker could somehow inject malicious content into the `root_path` or internal configuration files, which is outside the immediate scope of the server's code handling.
Updated: 2025-12-03GitHub
48
62
High Cost
GroundNG icon

VibeShift

by GroundNG

Sec8

VibeShift is an intelligent security agent that integrates with AI coding assistants to analyze AI-generated code for vulnerabilities, suggest remediations, and facilitate web test recording, crawling, and execution.

Setup Requirements

  • ⚠️Requires LLM API Key, Base URL, Version, and Model (e.g., OpenAI, Azure OpenAI, Google Gemini) configured in a .env file (paid service).
  • ⚠️Requires Playwright browser binaries to be installed (e.g., 'playwright install --with-deps').
  • ⚠️Requires external security tools (Semgrep, Nuclei) to be installed and in system PATH, or Docker for OWASP ZAP.
  • ⚠️The 'record_selectors_and_save_auth_state' feature will prompt for and save actual user credentials to disk (auth_state.json), posing a local security risk if compromised.
Verified SafeView Analysis
The system utilizes subprocess.run to execute external security tools (Semgrep, Nuclei, ZAP), which is a controlled but inherent risk. Input validation and command quoting (shlex.quote) are used to mitigate injection risks. Playwright's page.evaluate is used to inject JavaScript for DOM manipulation and event listening (e.g., click overrides, UI panel), which is standard practice for browser automation but means injected JS code runs in the browser context. LLM API keys are loaded via environment variables, not hardcoded, which is good practice. The auth_state.json feature saves user credentials to disk, which is a potential local information disclosure risk if the file is not adequately secured, though user-initiated.
Updated: 2025-11-29GitHub
48
42
Medium Cost
winyunq icon
Sec7

Provides an AI-assisted, version-controlled workflow for designing, modifying, and animating Unreal Engine 5 UMG UI assets programmatically, treating JSON as the source of truth.

Setup Requirements

  • ⚠️Requires Unreal Engine 5.6 or newer.
  • ⚠️Requires Python 3.10+ and 'uv' for dependency management.
  • ⚠️Critical startup order: Launch Unreal Engine 5 project FIRST, then launch the Gemini CLI.
  • ⚠️The 'mcpServers' configuration in `settings.json` requires an absolute path to the `Resources/Python` folder on your machine.
Verified SafeView Analysis
The server design relies on a trusted local execution environment, typically on a developer's machine, communicating with a local Unreal Engine instance. The system allows AI to create, modify, and delete UMG assets and Blueprint logic, which are powerful operations but are confined within the Unreal Engine context. Dynamic loading of tools and prompts from `prompts.json` could be a risk if the file is untrusted, allowing malicious tool descriptions or enabling risky tools. XML parsing in `UMGHTMLParser.py` uses `ElementTree`, which is generally safe against common XXE attacks by default. `subprocess.Popen` is used in wrapper scripts for server management, which is controlled. No hardcoded secrets were found. The primary security consideration is to only run this in a controlled development environment with trusted `prompts.json` configurations.
Updated: 2026-01-19GitHub
48
44
Medium Cost
PSU3D0 icon
Sec7

Analyze and edit spreadsheet files programmatically, designed for token-efficient interaction by LLM agents, focusing on structured data access, modification, formula analysis, and optional VBA inspection.

Setup Requirements

  • ⚠️Full write/recalculation features (e.g., `recalculate`, `screenshot_sheet`) require LibreOffice to be installed and properly configured (specifically, the `soffice` executable) and for the correct LibreOffice macros to be present. The `:full` Docker image is recommended for this.
  • ⚠️A `workspace_root` directory must be configured and accessible, and it should contain the spreadsheet files to be analyzed. This directory is where the server will operate, including creating temporary fork files, checkpoints, and screenshots.
  • ⚠️The `save_fork` tool can overwrite the original workbook file only if the `--allow-overwrite` server flag or `SPREADSHEET_MCP_ALLOW_OVERWRITE` environment variable is explicitly set. This powerful feature requires careful usage.
Verified SafeView Analysis
The server performs extensive file system operations (reading/writing/creating temporary files) and executes external binaries (LibreOffice, pdftoppm) for core functionality (recalculation, screenshots). While the provided source code shows effort in sanitizing paths and arguments to external commands, the inherent nature of these operations means that a misconfigured `workspace_root` (allowing untrusted code execution or file writes to sensitive directories) or a vulnerability in LibreOffice/pdftoppm could pose a risk. The `save_fork` tool, if `--allow-overwrite` is enabled, can modify original source files, which requires careful consideration. VBA code is only read, not executed, which is a good security practice.
Updated: 2026-01-08GitHub
48
46
Medium Cost
proofgeist icon
Sec9

Provides an interface for AI agents (like Claude Desktop) to query and analyze local Granola.ai meeting data.

Setup Requirements

  • ⚠️Requires Python 3.12+.
  • ⚠️Requires 'uv' package manager (or manual pip/venv setup).
  • ⚠️Exclusively runs on macOS with Granola.ai installed and its local cache file present.
  • ⚠️Installation directory should be your home directory (~/) to avoid macOS permission issues with Claude Desktop.
Verified SafeView Analysis
The server explicitly states it performs '100% Local Processing' and 'No External API Calls', which is a strong security posture. It reads from a local Granola cache file (`cache-v3.json`). The primary security risk would be if the Granola cache file itself could be maliciously tampered with by another process on the user's system, which is a system-level security concern rather than a flaw in this server's code. No usage of `eval` or other direct code execution from external input was found.
Updated: 2026-01-16GitHub
48
5
High Cost
takereshui icon
Sec4

The server extracts text from various video and audio sources using multiple Automatic Speech Recognition (ASR) providers, including local Whisper and online services from JianYing (CapCut) and Bilibili.

Setup Requirements

  • ⚠️Requires FFmpeg to be installed on the system for audio extraction and processing.
  • ⚠️Whisper ASR provider (default) requires a one-time download of a ~1GB model on first use, which can take 10+ minutes and consumes significant disk space.
  • ⚠️Online ASR services (JianYing/Bcut) depend on the stability and availability of external, potentially reverse-engineered APIs, which may break without warning. The JianYing provider relies on an unverified third-party service for API signing.
Review RequiredView Analysis
The server disables SSL certificate verification for yt-dlp downloads (`nocheckcertificate: True`), which poses a significant Man-in-the-Middle (MiTM) risk. The JianYing ASR implementation relies on an external, unofficial third-party endpoint (`https://asrtools-update.bkfeng.top/sign`) for API signing, introducing a potential supply chain vulnerability. Using online ASR services inherently involves uploading audio data to third-party servers (ByteDance, Bilibili), which has privacy implications. No clear malicious patterns or hardcoded sensitive credentials were found, but the reliance on unverified external services and disabled SSL are critical concerns.
Updated: 2025-11-22GitHub
48
44
Medium Cost
PSU3D0 icon
Sec8

An LLM-friendly API server for analyzing and editing spreadsheet files, enabling 'discover → profile → extract' workflows, 'what-if' scenarios, and VBA inspection without dumping entire files into LLM context.

Setup Requirements

  • ⚠️LibreOffice (soffice) is a required external dependency for write, recalculation, and screenshot tools, and its setup is complex outside of Docker.
  • ⚠️A Docker environment is strongly recommended for write/recalc tools due to complex LibreOffice setup and security isolation.
  • ⚠️The server strictly operates within a configured `workspace_root`; all workbook paths must be located within this directory.
Review RequiredView Analysis
External execution of LibreOffice (`soffice`) for recalculation and screenshots introduces a significant attack surface. While the server implements strong path validation (`workspace_root`) to prevent path traversal and resource limits (file size, cache, concurrent processes, response size) to mitigate DoS, the security of LibreOffice's macro execution environment and the specific custom macros (source not provided) are critical points of trust. The project strongly recommends running write/recalc features within a Docker container for isolation. Parsing complex Excel files via `umya_spreadsheet` also presents potential vulnerabilities. The server allows explicit control over overwriting original files via the `--allow-overwrite` flag.
Updated: 2026-01-08GitHub
48
62
Medium Cost
modelcontextprotocol icon

example-remote-server

by modelcontextprotocol

Sec9

A reference server demonstrating all Model Context Protocol (MCP) features and OAuth 2.0 authentication patterns.

Setup Requirements

  • ⚠️Requires Node.js >= 16.
  • ⚠️Docker is required for Redis-backed (persistent and multi-instance) session storage; otherwise, sessions are in-memory and non-persistent.
  • ⚠️The AUTH_SERVER_URL environment variable is required if AUTH_MODE is set to 'external'.
Verified SafeView Analysis
The server implements OAuth 2.0 with PKCE, robust token validation via introspection, and secure session management with user isolation. It utilizes environment variables for sensitive configuration and includes rate limiting for authentication and static assets. Permissive CORS is intentionally enabled for a public reference server to facilitate testing, but should be tightened for production deployments. No hardcoded secrets, obfuscation, or explicit malicious patterns were identified. Duplicate authorization code usage is detected and leads to token revocation, preventing replay attacks.
Updated: 2026-01-16GitHub
PreviousPage 58 of 713Next