Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
Areeshsheikh icon

mcp-server-connect

by Areeshsheikh

Sec10

The provided source code serves as a static biographical document detailing the life and legacy of Muhammad Ali Jinnah.

Verified SafeView Analysis
The provided source code is a static Markdown file with no executable content, client-side scripts, network calls, or server logic. It poses no inherent security risks.
Updated: 2025-11-23GitHub
0
0
Medium Cost
bhishman-desai icon

resume-mcp

by bhishman-desai

Sec9

A Model Context Protocol (MCP) server for managing and versioning resume data stored in a PostgreSQL database, with robust validation and safety features.

Setup Requirements

  • ⚠️Requires a PostgreSQL database connection (e.g., via DATABASE_URL or individual DB_HOST/PORT/NAME/USER/PASSWORD environment variables).
  • ⚠️An API_KEY environment variable must be set for all write and restore operations (update_resume, patch_resume, restore_version).
Verified SafeView Analysis
The server implements robust security measures including API key authentication for write operations, Zod schema validation for all data inputs (including merged patch results), and filename sanitization to prevent path traversal attacks during version restoration. Environment variables are used for sensitive configurations like API keys and database credentials, preventing hardcoding. Emergency backups are created on validation failures and before restores, enhancing data safety. No 'eval' or obfuscation is present. The resume schema uses `.passthrough()` which allows additional custom fields, offering flexibility but requiring careful consideration if strict schema enforcement is critical for preventing arbitrary data storage.
Updated: 2025-12-03GitHub
0
0
Medium Cost
Cyberpion-Github icon

ionix-mcp-server

by Cyberpion-Github

Sec9

The server provides an MCP interface for Claude Desktop and other clients to query IONIX API for asset information, security findings, assessments, and remediation items.

Setup Requirements

  • ⚠️Requires Claude Desktop or another compatible Model Context Protocol (MCP) client for full integration.
  • ⚠️Requires an active IONIX API Key and Account Name, which implies an existing IONIX account (likely a paid service). API keys have expiry dates that must be managed.
  • ⚠️Requires the 'uv' package manager for installation as per the official usage instructions.
Verified SafeView Analysis
Secrets (API Key, Account Name) are correctly loaded from environment variables, enhancing security. The `httpx` library is used for network requests with `response.raise_for_status()` for error handling. No 'eval' or obvious obfuscation patterns were found. The README provides strong privacy recommendations, advising users to disable data collection by AI tools when using this server.
Updated: 2025-11-20GitHub
0
0
Medium Cost
mach3builders icon

mach3ui-mcp

by mach3builders

Sec9

Provides structured access to Mach3UI component documentation, code snippets, and design tokens for AI assistants via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Node.js 18+ runtime
  • ⚠️Requires an AI assistant or tool that supports the Model Context Protocol (MCP) to be functional
Verified SafeView Analysis
The server primarily operates over standard I/O (stdin/stdout) using the MCP SDK, limiting direct network attack surface in its default configuration. It processes pre-defined, in-memory component and theme data, which significantly reduces risks associated with external data sources or dynamic code execution from user input. No direct usage of 'eval' or hardcoded sensitive credentials were found. Input arguments for tools are validated against schemas provided by the MCP SDK. Error handling for tool calls seems robust, reporting specific component/variant not found issues.
Updated: 2026-01-19GitHub
0
0
Low Cost
tomoharu-hayashi icon

mcp-skills-server

by tomoharu-hayashi

Sec8

The MCP Brain Server acts as a long-term memory and knowledge base for AI agents, allowing them to learn from past experiences, store new knowledge, and retrieve relevant information via semantic search, mimicking human learning processes.

Setup Requirements

  • ⚠️Requires Python 3.13.
  • ⚠️Requires Git installed and configured (the knowledge directory must be a Git repository with an 'origin' remote).
  • ⚠️Interactive UI elements (confirmation dialogs, sounds, VS Code integration for editing) are primarily designed for macOS.
Verified SafeView Analysis
The server primarily operates locally, interacting with the file system and Git. Input validation for knowledge names (kebab-case pattern) helps prevent directory traversal. `pyyaml.safe_load` is used for parsing knowledge files, mitigating YAML-related vulnerabilities. `pickle.load` is used for the embedding cache; while a known risk, it's mitigated here as the cache file is internally generated and its integrity is checked against a hash of the knowledge directory content. macOS-specific dialogs use AppleScript with input escaping (`_escape_applescript`) to prevent injection. Git operations (commit, push) are handled with `gitpython`, including mechanisms to prevent or resolve conflicts (rebase). The server requires a trusted Git repository and user interaction for `create`/`update` tools, making it generally safe for its intended use within a developer's environment.
Updated: 2025-12-11GitHub
0
0
Medium Cost
asiyakhan990 icon

mcp-server

by asiyakhan990

Sec5

The server implements or proxies the Minecraft Protocol, enabling custom multiplayer game experiences or integrations.

Setup Requirements

  • ⚠️Requires a specific runtime environment (e.g., Node.js, Python, Java) depending on its implementation.
  • ⚠️Requires specific network ports to be open and configured for external access.
Review RequiredView Analysis
Source code was not provided for analysis. A server handling network connections generally carries inherent security risks such as potential for DoS attacks, unauthorized access, or data manipulation if not properly secured. Without the actual code, specific vulnerabilities like 'eval' usage, hardcoded secrets, or malicious patterns cannot be identified. Users should exercise caution and review the complete source before deployment.
Updated: 2025-11-30GitHub
0
0
Low Cost
vthapar icon

sum-mcp-server

by vthapar

Sec7

Manages multiple Kubernetes clusters by providing generic and specialized operations (like ServiceExports) via a JSON-RPC 2.0 interface over stdio or HTTP.

Setup Requirements

  • ⚠️Requires Go 1.21 or later to build.
  • ⚠️Requires access to one or more Kubernetes clusters with valid kubeconfig files.
  • ⚠️Needs a `config.yaml` file explicitly defining cluster configurations.
Verified SafeView Analysis
The HTTP transport sets `Access-Control-Allow-Origin: *`, which enables broad CORS access. While potentially acceptable for internal or CLI-driven use, exposing this directly to the internet without additional security layers (e.g., API Gateway, more specific CORS policies, authentication/authorization) could be a significant risk, as it manages Kubernetes clusters. The generic resource operations pass user-provided API versions, resources, namespaces, and names directly to the Kubernetes API, meaning the server's effective permissions are those of the configured kubeconfig(s). Compromising this server would grant broad access to the configured Kubernetes clusters.
Updated: 2025-11-26GitHub
0
0
Low Cost
sumeetbansaloo7 icon

k8s-mcp-server

by sumeetbansaloo7

Sec10

An initial Python project possibly intended for Kubernetes multi-cluster management, currently serving as a minimal placeholder.

Setup Requirements

  • ⚠️Requires Python 3.13 or newer
Verified SafeView Analysis
The provided source code is extremely minimal, consisting only of a print statement and project metadata. There are no identifiable security risks, such as 'eval', network operations, hardcoded secrets, or malicious patterns.
Updated: 2025-11-28GitHub
0
0
Medium Cost
JAYKIM501 icon

my-mcp-server

by JAYKIM501

Sec8

A boilerplate TypeScript Model Context Protocol (MCP) server providing various tools (calculator, greeting, real-time clock, image generation, code review prompt) and resources (server information) for integration with MCP-compatible clients.

Setup Requirements

  • ⚠️Requires Node.js (version >=18 based on package.json engines and tsconfig.json target ES2022).
  • ⚠️A Hugging Face API Token (via `HF_TOKEN` environment variable or `huggingFaceToken` config) is required for the image generation feature, which may incur external API costs.
  • ⚠️The recommended build process relies on `@smithery/cli` (`npx smithery build`), adding a specific CLI tool dependency to the development workflow.
Verified SafeView Analysis
The server correctly uses environment variables or a configuration object for sensitive API tokens (e.g., Hugging Face API token), avoiding hardcoded secrets. Input validation for tools is implemented using Zod. No usage of dangerous functions like 'eval' or obvious malicious patterns were found. Standard server dependencies are used, implying common web security practices should be followed for deployment.
Updated: 2025-11-27GitHub
0
0
Low Cost
yang0733 icon
Sec9

Provides AI assistants with semantic search access to Databricks documentation via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Python 3.12 or higher.
  • ⚠️Initial setup (crawl and embedding generation) takes 15-22 minutes.
  • ⚠️Requires manual configuration in AI IDE settings (e.g., ~/.cursor/mcp.json or ~/Library/Application Support/Claude/claude_desktop_config.json).
Verified SafeView Analysis
The server binds to `0.0.0.0` by default, making it potentially network-accessible if local firewall rules permit. This is common for local development servers but should be secured (e.g., with a reverse proxy and authentication) if exposed publicly. No 'eval' or direct arbitrary command execution found. File persistence is local. The crawler includes URL filtering to restrict scope to Databricks documentation.
Updated: 2026-01-16GitHub
0
0
High Cost

agent-mcp

by tgrunnagle

Sec9

Provides a flexible, production-ready AI agent server with conversation context management via an MCP (Model Context Protocol) server.

Setup Requirements

  • ⚠️Requires API key for a supported LLM provider (e.g., OpenAI, Anthropic, Google) which incurs costs.
  • ⚠️Requires Docker for containerized deployment or Python 3.13+ and 'uv' for local execution.
  • ⚠️Relies on in-memory conversation context, which means state is lost if the server restarts (future enhancement mentions Redis).
Verified SafeView Analysis
The server binds to localhost by default, enhancing local security. API keys are loaded from environment variables, preventing hardcoding. No 'eval' or other highly dangerous patterns were observed. Standard network security practices should be applied if exposed externally.
Updated: 2025-11-24GitHub
0
0
Low Cost
scopweb icon

mcp-go-github

by scopweb

Sec9

A Go-based MCP server that connects GitHub to Claude Desktop, enabling direct local Git and GitHub API repository operations from Claude's interface.

Setup Requirements

  • ⚠️Requires Go 1.24.0 or superior to compile and run.
  • ⚠️Requires Git CLI installed locally for '0-token' local Git operations (recommended).
  • ⚠️Requires a GitHub Personal Access Token with 'repo' scope (minimum) for GitHub API operations and dashboard tools.
  • ⚠️Windows users may need PowerShell for batch scripts.
Verified SafeView Analysis
The project demonstrates a strong commitment to security with a dedicated `test/security` suite that includes dependency vulnerability scanning, code security analysis, and module integrity verification. Explicit tests for CWE-22 (Path Traversal) and CWE-78 (Command Injection) are present. The README.md and CHANGELOG.md confirm the implementation of these protections, input validation, and argument injection prevention. Go's built-in memory safety, type safety, and bounds checking are leveraged. Credentials (`GITHUB_TOKEN`) are handled via environment variables. The primary mechanism for local Git operations uses `os/exec.Command`, which is generally safer than direct shell execution. Overall, a high level of security awareness and implementation is evident.
Updated: 2025-12-01GitHub
PreviousPage 597 of 713Next