Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
High Cost
clduab11 icon

tabnab

by clduab11

Sec9

Provides AI agents with authenticated access to a real Chrome browser session for web navigation, content extraction, and automation without sharing passwords.

Setup Requirements

  • ⚠️Requires Node.js 22+ and pnpm installed globally.
  • ⚠️Requires Chrome/Chromium to be running with remote debugging enabled on port 9222 (e.g., using `--remote-debugging-port=9222`).
  • ⚠️Requires an MCP-compatible AI agent client (e.g., Claude Desktop, Cursor) for interaction.
Verified SafeView Analysis
The project demonstrates strong security awareness. It operates locally, connects only to `localhost` Chrome via CDP, and implements robust policy enforcement including a domain allowlist, confirmation prompts for sensitive actions, and prompt injection detection. Audit logging with sensitive data redaction is also in place. No 'eval' or obvious malicious patterns were found. Requires user to trust the AI agent and follow best practices outlined in `SECURITY.md`.
Updated: 2026-01-17GitHub
0
0
Medium Cost
ogbm77 icon
Sec9

Provides a Model Context Protocol (MCP) server interface for natural language access to Cisco CX Cloud APIs, enabling conversational queries for inventory, contracts, and product alerts through compatible clients like Claude.

Setup Requirements

  • ⚠️Requires a Cisco.com account with CX Cloud access and an assigned role in at least one CX Cloud account.
  • ⚠️Requires manual registration of an application on the Cisco API Console to obtain OAuth Client ID and Client Secret, followed by associating the Client ID within the CX Cloud portal (this setup may incur a delay of up to 10 minutes).
  • ⚠️Integration with Claude Desktop (or other MCP-compatible clients) requires manual editing of a client-specific JSON configuration file, including providing absolute paths to the server's executable and defining environment variables directly within the client's configuration.
Verified SafeView Analysis
The server securely retrieves API credentials from environment variables (`CISCO_CLIENT_ID`, `CISCO_CLIENT_SECRET`) rather than hardcoding them. OAuth tokens are cached and automatically refreshed, and sensitive authorization headers are sanitized in logs. Hardcoded Cisco API and OAuth endpoints prevent arbitrary network requests to external domains. There are no immediate signs of 'eval' or other malicious dynamic code execution patterns. Input validation for 'customerId' is present for tools requiring it, and dependencies appear to be standard and well-maintained. The primary security considerations involve proper management of the environment variables on the host system and the security of the underlying Cisco APIs.
Updated: 2026-01-05GitHub
0
0
Medium Cost
Nicolas-Gong icon

mysql-crud-mcp-server

by Nicolas-Gong

Sec9

Provides a Model Context Protocol (MCP) server plugin for performing standard CRUD (Create, Read, Update, Delete) operations on a MySQL database.

Setup Requirements

  • ⚠️Requires a running MySQL database instance accessible from the server's host.
  • ⚠️Requires specific environment variables (MYSQL_HOST, MYSQL_PORT, MYSQL_USER, MYSQL_PASSWORD, MYSQL_DATABASE) to be configured for database connection.
  • ⚠️Designed to be integrated with a host application that supports the Model Context Protocol (e.g., Visual Studio Code with a specific extension like 'cline-dev').
Verified SafeView Analysis
The server correctly utilizes parameterized queries with 'mysql2/promise' to prevent SQL injection. Database credentials are loaded from environment variables, avoiding hardcoding. As an MCP server running locally and communicating via stdio, its direct network attack surface is minimal, limited to the MySQL connection itself. The primary security consideration falls on the generated SQL queries and parameters from the caller (e.g., LLM agent) to ensure they are always parameterized.
Updated: 2025-12-02GitHub
0
0
Low Cost
rolroralra icon

hello-mcp-server

by rolroralra

Sec9

Provides real-time weather alerts and forecasts using the National Weather Service API.

Setup Requirements

  • ⚠️Requires Python 3.13 or newer
Verified SafeView Analysis
The server primarily makes requests to the public NWS API. Input parameters (state, latitude, longitude) are used directly in URLs, but for simple types like two-letter state codes and floats, this poses a minimal risk. No 'eval' or other dynamic code execution found. No hardcoded secrets. The use of 'httpx' for network requests is standard and includes basic error handling.
Updated: 2025-12-10GitHub
0
0
Low Cost
BlockRunAI icon

awesome-ai-mcp

by BlockRunAI

Sec10

Providing a curated list of Model Context Protocol (MCP) servers and tools for AI, machine learning, and LLM development.

Verified SafeView Analysis
The provided source code for 'awesome-ai-mcp' consists solely of markdown documentation (README.md, CONTRIBUTING.md). It does not contain executable code, therefore direct code-based security risks like 'eval', obfuscation, network vulnerabilities, or hardcoded secrets are not present within this repository itself. The security of the *listed* MCP servers is independent and would require individual analysis.
Updated: 2026-01-18GitHub
0
0
Low Cost
akumar0205 icon

mcp_server_redteam

by akumar0205

Sec8

A Python-based red teaming scanner designed to detect common security vulnerabilities in MCP (Model Context Protocol) servers through deterministic vulnerability probes and full transcript capture.

Setup Requirements

  • ⚠️Requires `uv` for dependency management, which may not be standard for all Python users.
  • ⚠️Real 'Run Mode' requires a configured target MCP server and tool servers, specified via JSON files (e.g., `configs/target_http.json`, `configs/mcp_endpoints.json`).
  • ⚠️Certain endpoints in `mcp_endpoints.json` require the `MCP_INTERNAL_TOKEN` environment variable to be set for authentication.
Verified SafeView Analysis
The scanner is designed for 'Authorized Security Testing Only' and explicitly includes a 'vulnerable local lab'. It uses `subprocess.Popen(cmd, shell=True)` within `StdioTransport` to interact with target servers, which is a necessary function for a scanner to test command injection or similar vulnerabilities, but implies the CLI argument `--cmd` is provided by a trusted operator. The included demo and vulnerable servers are clearly marked and designed for controlled testing environments. There is no obfuscation or hardcoded sensitive production secrets, only test-specific canary values.
Updated: 2026-01-18GitHub
0
0
Medium Cost
SamMorrowDrums icon

mcp-php-starter

by SamMorrowDrums

Sec8

Provides a feature-complete starter template for building Model Context Protocol (MCP) servers in PHP, demonstrating various capabilities like tools, resources, and prompts for AI integration.

Setup Requirements

  • ⚠️Requires PHP 8.2+
  • ⚠️Requires Composer
  • ⚠️HTTP transport for production deployment requires a dedicated web server (e.g., Nginx/Apache with PHP-FPM) for stability and performance; PHP's built-in server is for development only.
Verified SafeView Analysis
The server demonstrates a solid structure for MCP implementation in PHP. No direct 'eval' calls or obvious malicious patterns were found. The use of `escapeshellarg` for file paths in the `passthru` command for starting the PHP built-in server (`server-http.php`) is good. However, the `PORT` environment variable used in this `passthru` command is not shell-escaped, which could pose a minor risk if the environment variable were maliciously crafted, though `getenv` values are typically considered trusted system configuration. No hardcoded secrets were identified. Error handling is present for HTTP requests.
Updated: 2026-01-19GitHub
0
0
High Cost
bgconley icon

wekadocs-matrix

by bgconley

Sec8

A GraphRAG (Retrieval Augmented Generation) server that integrates documentation with a knowledge graph (Neo4j) and vector database (Qdrant) to provide structured, context-rich retrieval for AI agents via the Model Context Protocol (MCP). It handles document ingestion, semantic enrichment, hybrid search, and multi-turn conversation tracking.

Setup Requirements

  • ⚠️Requires Neo4j, Qdrant, and Redis databases to be running and accessible.
  • ⚠️Requires an external embedding service (e.g., Jina, BGE-M3 API) or a local `sentence-transformers` model, necessitating API keys, URLs, or local model setup via `embedding_profiles.yaml` and environment variables.
  • ⚠️If `config.ner.enabled` is true, an external or local GLiNER NER service is required, adding another dependency.
  • ⚠️Relies on specific Python library versions (e.g., structlog==24.1.0, transformers), which may require careful environment setup.
Verified SafeView Analysis
The server implements strong security practices including JWT authentication, Redis-backed rate limiting, and a robust Cypher validator to prevent injection attacks and dangerous graph operations. Webhooks (e.g., GitHub) require signature verification. Some default secrets (`dev-secret-key` for JWT, `testpassword123` for Neo4j in migration scripts) exist, which are overwritten by environment variables in runtime configuration, but care must be taken in production to ensure strong, non-default values are always provided via environment variables. Circuit breakers are used for resilience against external service failures.
Updated: 2026-01-19GitHub
0
0
Medium Cost
naveenkshyam icon

JobApply-MCP-Server

by naveenkshyam

Sec5

An AI-powered application assistant providing multi-site job search, resume analysis, ATS scoring, company research, and cover letter generation prompts.

Setup Requirements

  • ⚠️Requires Python 3.12+ (specifically 3.13 mentioned in .python-version)
  • ⚠️Relies on external DuckDuckGo search (may be rate-limited or blocked without proxies if abused)
  • ⚠️Intended for integration with an external Large Language Model (LLM) like Claude Desktop for prompt execution, which incurs separate costs and setup.
Review RequiredView Analysis
The interactive CLI (`search_jobs.py`) takes arbitrary user-provided file paths for reading documents (`read_file`, `read_resume_pdf`, `read_document`) and saving (`save_cover_letter`). This presents a path traversal vulnerability, allowing a malicious user to read or potentially overwrite files outside the intended directory if not properly sanitized. There is no explicit path validation or normalization (`os.path.abspath`, `pathlib.resolve`) to prevent access to sensitive system files (e.g., `/etc/passwd`) or to write to arbitrary locations. Input validation for web scraping URLs (`scrape_job_posting`) is not explicitly shown, but `requests.get` with a timeout and `BeautifulSoup` parsing mitigates some direct code execution risks. No 'eval' or other direct code injection patterns were found.
Updated: 2025-12-01GitHub
0
0
Low Cost
himanshupawar-10 icon

figma-mcp-server

by himanshupawar-10

Sec8

A local Model Context Protocol (MCP) server designed to enable LLM clients to interact with Figma for listing projects, fetching file data, and generating React/HTML frontend code from Figma frames.

Setup Requirements

  • ⚠️Requires Node.js 18+ for native fetch API.
  • ⚠️A Figma personal access token (`FIGMA_TOKEN`) is required to access Figma API, set via environment variable or passed with each tool call.
  • ⚠️Requires an MCP-capable LLM client (e.g., Claude Desktop, Cursor) to launch and interact with the server over stdio.
Verified SafeView Analysis
The server uses `process.env.FIGMA_TOKEN` or passes a token argument, which is good practice for secret handling. It explicitly states it uses stdio transport and does not expose an HTTP port, reducing direct network attack surface. There is no usage of `eval` or obvious obfuscation. The `generate_frontend` tool produces React/HTML code; while basic, it uses `escapeJsxText` for text content, mitigating simple XSS from Figma text. The primary security consideration is the sensitive nature of the Figma Personal Access Token and the potential for its misuse if the LLM client or the environment running the server is compromised.
Updated: 2025-11-20GitHub
0
0
Medium Cost
maxnoller icon

jules-mcp

by maxnoller

Sec9

Provides an MCP interface for LLMs to interact with Google Jules, enabling automatic pull request creation and GitHub issue integration for AI-powered coding sessions.

Setup Requirements

  • ⚠️Requires `JULES_API_KEY` from Google AI Studio (required for core functionality).
  • ⚠️Requires Node.js version 18 or higher.
  • ⚠️GitHub Token (`GITHUB_TOKEN`) is optional but recommended for `create_session_from_issue` to avoid rate limits or access private repos/issues.
Verified SafeView Analysis
The server uses environment variables for sensitive API keys (`JULES_API_KEY`, `GITHUB_TOKEN`) and performs network requests to legitimate Google Jules and GitHub APIs. Input validation is handled using Zod schemas for tool parameters. No 'eval' or obvious obfuscation found. Network calls are securely made via HTTPS. Risks are generally associated with the security of the provided API keys and the remote services themselves.
Updated: 2026-01-17GitHub
0
0
Medium Cost

azure-devops-server-mcp

by aaron-lee-hebert

Sec5

Manages or interacts with an Azure DevOps Server instance for multi-customer platform purposes.

Setup Requirements

  • ⚠️Requires an existing Azure DevOps Server instance to operate.
  • ⚠️Specific configuration details for connecting to Azure DevOps Server are likely needed but not visible.
Review RequiredView Analysis
The provided source code is too truncated to perform a comprehensive security audit. No explicit malicious patterns, 'eval' calls, or hardcoded secrets were visible in the extremely limited snippets, but crucial operational code is missing.
Updated: 2025-11-24GitHub
PreviousPage 588 of 713Next