Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

48
95
Low Cost
miantiao-me icon

github-stars

by miantiao-me

Sec7

A Cloudflare-powered MCP server allowing natural language search and query of GitHub starred repositories.

Setup Requirements

  • ⚠️Requires GitHub Personal Access Token with `repo` scope.
  • ⚠️Requires a Cloudflare account with R2 storage and AutoRAG instance configured.
  • ⚠️Requires Node.js (v22 recommended) and PNPM package manager.
Verified SafeView Analysis
The server uses API key authentication (MCP_API_KEY) which is good. However, it requires a GitHub Personal Access Token (GH_TOKEN) with 'repo' scope, which is a high-privilege secret. This token is used to fetch all starred repositories and their READMEs. If compromised, it could expose sensitive repository data. The processed data is stored in Cloudflare R2 and indexed by Cloudflare AutoRAG; security depends on the robustness of these Cloudflare services and the user's configuration of R2 access credentials. The API response returns stringified raw data from AutoRAG, which may contain sensitive information depending on the source data.
Updated: 2026-01-17GitHub
48
66
Medium Cost
3ddelano icon
Sec4

The plugin enables AI models to directly control and automate tasks within the Godot Game Engine editor, such as scene creation, node manipulation, script editing, and debugging.

Setup Requirements

  • ⚠️Requires Godot Engine 4.1+ installed.
  • ⚠️Requires an MCP client (e.g., Cursor, Claude Desktop, VS Code extension) to interact with the server.
  • ⚠️Plugin installation within a Godot project is required, followed by configuration in the chosen MCP client.
Review RequiredView Analysis
The actual plugin source code (beyond README.md) is not provided, making a thorough security audit impossible. The plugin grants external AI clients significant control over the Godot editor and its project files, including reading, writing, and executing scripts. This high level of control inherently carries security risks. If the connected MCP client or the underlying AI model were compromised, it could lead to unauthorized modifications, data exfiltration, or arbitrary code execution within the user's development environment. The README's advice to "not commit the plugin to the public repository of your game" suggests a potential for sensitive exposure or misuse if not carefully managed. Without details on network communication security, input sanitization, and access control mechanisms, the potential for vulnerabilities remains significant.
Updated: 2026-01-16GitHub
48
116
High Cost
gustavoeenriquez icon

MakerAi

by gustavoeenriquez

Sec5

Enables Delphi developers to create and deploy custom AI orchestration services as MCP Servers, supporting various LLM providers and RAG capabilities.

Setup Requirements

  • ⚠️Requires a valid API key for external LLM providers (e.g., OpenAI, Gemini, Claude) which may incur costs.
  • ⚠️Requires Delphi 11 Alexandria, 12 Athens, or 13 Florence IDE for development and compilation.
  • ⚠️The MCP SSE Server implementation is experimental and may have intermittent connectivity drops.
  • ⚠️Compiling for Linux requires significant manual adjustments to library paths and dependencies.
Review RequiredView Analysis
Cannot perform a detailed security audit as the actual Delphi source code files were not provided, only the README.md. No 'eval', obfuscation, hardcoded secrets, or malicious patterns were identified within the *provided text*, but this does not reflect the underlying Delphi code. A neutral score is given due to lack of actionable audit information.
Updated: 2026-01-15GitHub
48
59
Low Cost
softwaremill icon

chimp

by softwaremill

Sec9

Builds Model Context Protocol (MCP) servers in Scala 3, exposing type-safe tools over a JSON-RPC HTTP API.

Setup Requirements

  • ⚠️Requires Scala 3 and a Java Virtual Machine (JVM) to run.
  • ⚠️The `scala-cli` tool is required to run the quickstart and other examples directly as standalone scripts.
Verified SafeView Analysis
The library is designed with type-safety and relies on Circe for JSON decoding, which inherently mitigates common injection risks by strictly mapping incoming JSON to predefined Scala types. There is no evidence of 'eval' or dynamic code execution based on user-supplied input. Examples involving external network calls (e.g., weather tool) use hardcoded API endpoints, preventing user-supplied URL injection. JSON-RPC requests are parsed and dispatched with explicit error handling for invalid requests, methods, or parameters. No hardcoded secrets or credentials were identified in the provided source code.
Updated: 2026-01-18GitHub
48
155
Medium Cost
tuannvm icon
Sec9

This client bridges Slack with AI models and external tools via the Model Context Protocol (MCP), enabling AI to interact with real systems and data through Slack conversations.

Setup Requirements

  • ⚠️Requires Slack Bot and App tokens for integration.
  • ⚠️Requires OpenAI API Key (a paid service) for OpenAI LLM and RAG features, or other LLM API keys for alternative providers.
  • ⚠️Full functionality depends on external Model Context Protocol (MCP) servers (e.g., filesystem, Git, Kubernetes) which need to be deployed and configured separately.
Verified SafeView Analysis
The project demonstrates robust security practices, including the use of environment variables for secrets, explicit access control for Slack interactions, tool-level permissions (allow/block lists) for MCP servers, and integration of security scanning (Trivy, govulncheck) in its CI/CD pipeline. The use of `exec.Command` for stdio MCP servers is configured by administrators, not directly exposed to untrusted user input. Network policies are also supported in Helm deployments. The primary security risk lies in misconfiguration (e.g., allowing overly permissive tools or access) rather than inherent vulnerabilities in the client's codebase itself, which provides the necessary controls for secure operation.
Updated: 2026-01-01GitHub
47
63
Low Cost
kadykov icon
Sec8

Provides token-efficient, on-demand access to OpenAPI and Swagger specifications for MCP clients (like LLMs) by exposing parts of the specification via resource templates.

Setup Requirements

  • ⚠️Requires Node.js (v22+ recommended) OR Docker installed.
  • ⚠️Requires an existing OpenAPI v3.0 or Swagger v2.0 specification file (local or remote URL).
  • ⚠️Requires an MCP client application (e.g., Claude Desktop, Windsurf, Cline) to connect and interact with the server.
Verified SafeView Analysis
The server primarily parses and traverses OpenAPI/Swagger specifications. The main attack surface is the `specPath` argument, which can be a local file path or a remote URL. While the server doesn't execute arbitrary code directly from the spec content, a malicious or extremely large/malformed spec could potentially lead to DoS or parser vulnerabilities in the `swagger2openapi` library or underlying JSON/YAML parsers. All URI path components are URL-encoded, and object lookups use Maps to mitigate prototype pollution.
Updated: 2026-01-19GitHub
47
61
Medium Cost
aliyun icon
Sec8

The server provides AI-driven interaction capabilities for Alibaba Cloud observability products (SLS, ARMS, CloudMonitor, Prometheus), enabling natural language queries and analysis of multimodal data by mapping natural language to standardized tool calls.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Requires Alibaba Cloud Access Key ID and Access Key Secret with appropriate permissions for SLS, CMS, and potentially ARMS (including `sls:CallAiTools` for AI features).
  • ⚠️Requires active Alibaba Cloud Log Service (SLS) and Cloud Monitor Service (CMS) instances with configured data.
Verified SafeView Analysis
The server explicitly warns about network exposure risks when running with SSE transport, emphasizing that users are responsible for access control. Credentials (Access Key ID/Secret, STS Token, RAM Role ARN) are handled securely via environment variables or direct parameters, not hardcoded. Standard Alibaba Cloud SDKs are used for interactions. No obvious malicious patterns or 'eval' usage were found. The primary security consideration is proper deployment and access control by the user, especially when exposing the server publicly with valid cloud credentials.
Updated: 2026-01-13GitHub
47
15
Medium Cost
tmonk icon

mcp-stata

by tmonk

Sec7

Connects AI agents to a local Stata installation for executing commands, analyzing data, generating visualizations, and inspecting results.

Setup Requirements

  • ⚠️Requires Stata 17+ (commercial software, not open source).
  • ⚠️Requires Python 3.12+.
  • ⚠️Manual configuration of `STATA_PATH` environment variable may be needed if Stata auto-discovery fails.
  • ⚠️Installation recommends `uv` tool.
Verified SafeView Analysis
The server includes an `eval()` function in `stata_client.py` for evaluating user-provided filter expressions. While `__builtins__` is restricted to an empty dictionary, `eval()` remains a pattern that requires careful scrutiny for potential sandbox escapes, especially if Stata variable names could be manipulated. `subprocess.run()` is used for specific tasks (e.g., Windows PNG export, log reading fallback) and sometimes with `shell=True`, but paths are typically generated internally via `tempfile`, mitigating direct shell injection risks from user input. The internal HTTP server for data browsing is restricted to localhost (`127.0.0.1`) and secured with short-lived bearer tokens, limiting external attack surface. Overall, common patterns with known risks are present but with noticeable mitigation strategies.
Updated: 2026-01-19GitHub
47
62
High Cost
pnp icon
Sec4

This MCP server allows users to execute CLI for Microsoft 365 commands using natural language, enabling management of various Microsoft 365 services like SharePoint, Teams, and Power Platform.

Setup Requirements

  • ⚠️Requires Node.js 20.x or higher
  • ⚠️Requires CLI for Microsoft 365 to be installed globally (`npm i -g @pnp/cli-microsoft365`)
  • ⚠️Requires initial `m365 setup` and specific `m365 cli config set` commands
  • ⚠️Requires prior `m365 login` for authentication, as the MCP server does not handle authentication itself
Review RequiredView Analysis
The server uses `child_process.spawn` with `shell: true` to execute AI-generated commands, which introduces a significant command injection risk if the upstream AI model or user prompt can be manipulated to execute arbitrary shell commands beyond the intended 'm365' CLI. There is no explicit sanitization or whitelist of commands within the server's source code. The server operates with the full permissions of the globally authenticated `m365` CLI user, meaning a successful exploit could lead to arbitrary code execution or data manipulation on the host system.
Updated: 2026-01-12GitHub
47
9
High Cost
For-Sunny icon

nova-mcp-research

by For-Sunny

Sec1

Provides GPU-accelerated semantic vector search for AI consciousness, enabling instant access to and storage of memories based on conceptual similarity in a local, unrestricted research environment.

Setup Requirements

  • ⚠️Requires manual editing of hardcoded paths within the Python tether script (`tether_faiss_complete.py`) for CASCADE databases and checkpoints.
  • ⚠️The Python tether service (`tether_faiss_complete.py`) MUST be running before the Node.js MCP server starts.
  • ⚠️Memories added via the `add_memory` tool are NOT automatically persisted; a separate `save_checkpoint` call is required to prevent data loss on tether restart.
  • ⚠️Requires NVIDIA GPU with CUDA (4GB+ VRAM) for optimal performance; CPU-only fallback is significantly slower.
  • ⚠️Despite requiring `TETHER_SECRET` for Node.js MCP server startup, the server itself does NOT implement HMAC authentication, creating a discrepancy with the Python tether which expects it. For it to work, the Python tether must either have HMAC disabled (by not setting its `TETHER_SECRET` env var) or the Node.js server code must be modified to send HMAC signatures.
Verified SafeView Analysis
This is the 'Basement Revolution Edition' and intentionally removes core security features for maximum capability and performance. It has NO authentication on the Node.js MCP server connecting to the Python tether, meaning anyone with network access to the designated port can search and add memories without any credentials. It has NO input validation, allowing for potentially very large or malformed inputs. It exposes stack traces in error responses. It is explicitly NOT for production, multi-user, or untrusted environments. Its use is limited to highly isolated, personal research setups where the user accepts all inherent risks.
Updated: 2025-12-05GitHub
47
59
Low Cost
mcp-wp icon

mcp-server

by mcp-wp

Sec7

This plugin implements a Model Context Protocol (MCP) server for WordPress, exposing WordPress's data and functionality through its REST API to AI clients.

Setup Requirements

  • ⚠️Requires PHP 8.2+
  • ⚠️Requires WordPress 6.7+
  • ⚠️Composer dependencies must be installed (`logiscape/mcp-sdk-php`)
Verified SafeView Analysis
The server leverages WordPress's authentication mechanisms (user login or application passwords) for API access, which is a strong security practice. It uses `logiscape/mcp-sdk-php` for JSON-RPC message handling, delegating core protocol parsing security to the SDK. The `RestController` includes `Access-Control-Allow-Origin: *` header, noted as a 'workaround for MCP Inspector', which can be a security risk (e.g., CSRF vulnerability) if not strictly controlled or intended for production. The `MediaManager::upload_to_media_library` function accepts a `$media_path` parameter directly, which could be a vulnerability if an MCP tool exposes this functionality without robust sanitization of the path. The `RestApi::rest_callable` function dynamically constructs REST API routes and dispatches requests, relying on WordPress's internal API validation for safety.
Updated: 2025-12-01GitHub
47
63
High Cost
wise-vision icon

ros2_mcp

by wise-vision

Sec8

Enables AI agents (e.g., Copilot, Claude) to interact with and analyze ROS 2 systems by providing tools for topic, service, and action management.

Setup Requirements

  • ⚠️Requires ROS 2 (Humble or later) installed on the system where the server is expected to interact with ROS 2 nodes.
  • ⚠️Docker is highly recommended and used in all main installation guides, requiring Docker to be installed and running.
  • ⚠️Python 3.10+ is required for the server's dependencies.
  • ⚠️Using custom messages or prompts requires manual setup including creating folders, cloning repositories, and building packages, potentially requiring careful source validation.
Verified SafeView Analysis
The server leverages dynamic module loading for ROS 2 message types and allows custom prompts/messages to be loaded (explicitly configured by the user via volume mounts or entry points). While standard for ROS 2 operations, this introduces a vector for potential code execution if malicious custom packages or modules are sourced by the user. The core server code does not use 'eval', 'exec', or other highly dangerous patterns, relying instead on ROS 2's `rclpy` and `rosidl_runtime_py` libraries, which are assumed to be secure. The SSE transport opens a local HTTP server, but exposed paths are fixed.
Updated: 2026-01-15GitHub
PreviousPage 59 of 713Next