Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

100
6282
Low Cost
modelcontextprotocol icon

registry

by modelcontextprotocol

Sec8

The MCP Registry serves as a centralized metadata repository for publicly-available MCP servers, facilitating discovery and publishing of server information for clients and aggregators.

Setup Requirements

  • ⚠️Requires Docker for container orchestration.
  • ⚠️Requires 'ko' for building Go applications into container images.
  • ⚠️Requires Go 1.24.x and golangci-lint v2.4.0 for development.
  • ⚠️Admin operations require `gcloud` CLI and `jq` to be installed and configured.
Verified SafeView Analysis
The project demonstrates strong security awareness through features like package integrity verification (SHA-256), OIDC authentication, and domain verification (DNS/HTTP challenges). However, hardcoded development secrets (GitHub Client ID/Secret, JWT Private Key, OIDC Client ID) and anonymous authentication (`MCP_REGISTRY_ENABLE_ANONYMOUS_AUTH=true`) are present in `docker-compose.yml`. While these are intended for local development and mitigated by secure configuration in production (Pulumi), their presence in a configuration file used by `make dev-compose` is noted. The OpenAPI spec also explicitly warns clients about potential command injection risks when executing package arguments, which is a critical consideration for consumers of the registry data, though not a direct vulnerability in the registry itself.
Updated: 2026-01-16GitHub
100
1150
High Cost
microsoft icon

azure-devops-mcp

by microsoft

Sec9

Provides a local Model Context Protocol (MCP) server that enables AI agents to interact with Azure DevOps, performing tasks such as managing work items, repositories, pipelines, test plans, wikis, and advanced security directly from a code editor.

Setup Requirements

  • ⚠️Requires Node.js 20+ to run the server.
  • ⚠️Requires configuration of an Azure DevOps organization name in the `mcp.json` file or as a command-line argument.
  • ⚠️Authentication can be interactive (OAuth), via Azure CLI (`az login` required), or using a Personal Access Token through the `ADO_MCP_AUTH_TOKEN` environment variable. Interactive OAuth might be restricted by strict tenant admin policies.
  • ⚠️Multi-tenant authentication issues may require explicit Azure Tenant ID configuration for the 'azcli' authentication type.
  • ⚠️Tools retrieving large datasets (e.g., batches of work items, search results, full wiki page content) or binary content (e.g., `pipelines_download_artifact` which returns base64 encoded data) can incur very high token costs, as the raw or encoded data is sent directly to the language model.
Verified SafeView Analysis
Authentication uses standard OAuth2 (via `@azure/msal-node`) or Azure CLI (`@azure/identity`), or a Personal Access Token via an environment variable. The OAuth client ID (`0d50963b-7bb9-4fe7-94c7-a99af00b5136`) is publicly listed, which is expected for an OAuth client and not a secret. Logging is correctly redirected to `stderr` to avoid interfering with the `stdout` protocol. Tenant IDs are cached locally with a 1-week TTL. No explicit 'eval' or code obfuscation found. Overall, follows good security practices for integrating with Azure DevOps APIs.
Updated: 2026-01-16GitHub
100
32909
Low Cost
1Panel-dev icon

1Panel

by 1Panel-dev

Sec4

1Panel is a web-based Linux server management tool for efficient host monitoring, file management, database administration, container orchestration, and rapid website deployment, including AI tools and backup/restore functionality.

Setup Requirements

  • ⚠️Requires Docker for container management and application deployment.
  • ⚠️Requires root privileges for installation and most server management functionalities, which can introduce significant security risks if not managed carefully.
  • ⚠️Requires internet access during installation to download various components from GitHub and resource.fit2cloud.com.
  • ⚠️Relies on specific `sudo` configurations and backend validation for secure execution of privileged commands.
Review RequiredView Analysis
The application handles sensitive server management operations including file system modifications, process management, and firewall rules, often requiring root privileges. Frontend input validation exists but robust server-side sanitization and privilege separation for commands like `sudo chown`/`chgrp` are critical and not fully verifiable in the truncated code. Arbitrary file operations (move, delete, decompress, wget) pose significant risks if not tightly controlled against path traversal or command injection. No obvious hardcoded secrets or malicious patterns were found. The existence of a 'Pro Edition' with enhanced security features (WAF, tamper protection) implies the open-source version may have a less comprehensive security posture in specific areas.
Updated: 2026-01-19GitHub
100
1714
High Cost
OpenAgentPlatform icon

Dive

by OpenAgentPlatform

Sec1

A desktop AI chat application for managing and interacting with various AI models and integrated tools (MCP servers), supporting local and cloud-based LLMs.

Setup Requirements

  • ⚠️Requires API keys for most major LLM providers (e.g., OpenAI, Anthropic, Google Gemini), which incur usage-based costs.
  • ⚠️Integration with 'OAPhub' may require an account and potentially a paid subscription ('BASE' or 'PRO' levels).
  • ⚠️Running custom MCP servers requires advanced technical knowledge, including familiarity with command-line tools and JSON configuration, and grants the application arbitrary code execution privileges on your machine.
  • ⚠️For local LLMs (e.g., Ollama, LM Studio), users must have these services running locally independently of this application.
Review RequiredView Analysis
CRITICAL: The application allows users to define custom MCP servers via JSON, specifying arbitrary `command` and `args` to be executed on the host machine. This grants the user a direct shell execution capability, equivalent to running arbitrary code. While there are some UI validations and file system permission elicitation for built-in `fs` tools, the fundamental ability to execute any command makes this a significant security risk. Running this application requires a high degree of trust in any custom MCP configurations a user might create or import. Additionally, rendering markdown from external sources (`AI responses`, `OAPhub tool descriptions`) with `rehypeRaw` could introduce XSS vulnerabilities if the external content is malicious, although HTML previews are sandboxed.
Updated: 2026-01-19GitHub
100
43839
High Cost
sansan0 icon

TrendRadar

by sansan0

Sec9

An AI-powered server for aggregating, filtering, analyzing, and translating trending news and RSS feeds, providing deep insights and smart notifications.

Setup Requirements

  • ⚠️Requires an AI API Key (e.g., DeepSeek, OpenAI, Google Gemini) which may incur costs.
  • ⚠️For GitHub Actions 'Full Mode', requires S3-compatible cloud storage (e.g., Cloudflare R2), necessitating a payment method for identity verification, even for free tiers.
  • ⚠️Requires Python and 'uv' for local execution (installation handled by setup scripts).
Verified SafeView Analysis
The project emphasizes secure handling of API keys and webhooks by strongly recommending environment variables or GitHub Secrets over hardcoding in config files. The Docker deployment for the MCP server defaults to local (127.0.0.1) binding for enhanced security. While the `start-http.sh` script binds to `0.0.0.0`, the documentation explicitly advises users to configure reverse proxies and authentication for remote access, showing awareness of network security concerns. No obvious malicious patterns or unjustified use of dangerous functions like `eval` were found.
Updated: 2026-01-19GitHub
100
24492
Medium Cost
assafelovic icon

gpt-researcher

by assafelovic

Sec8

The GPT Researcher MCP Server enables AI assistants to conduct comprehensive web research and generate detailed, factual, and unbiased reports. It supports multi-agent workflows, local document analysis, and integration with external tools via the Machine Conversation Protocol (MCP) for various research tasks.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid)
  • ⚠️Requires Tavily API Key (Paid)
  • ⚠️Python 3.11+ required
  • ⚠️Potential OS-level library dependencies (e.g., glib, pango) for PDF generation on Linux/macOS
Verified SafeView Analysis
The project demonstrates good security practices regarding file path manipulation by using `sanitize_filename` and `os.path.basename` to prevent path traversal in file uploads, deletions, and report generation. Sensitive API keys are managed via environment variables. However, the default `docker-compose.yml` runs services as `user: root`, which grants excessive privileges within containers and should be mitigated for production. Additionally, the FastAPI server's CORS `allow_origins` includes `"*"` for testing purposes, which needs to be restricted to specific domains in a production environment. LLM-based components are also inherently susceptible to prompt injection risks.
Updated: 2025-12-14GitHub
100
1382
Medium Cost
timescale icon

pg-aiguide

by timescale

Sec9

Provides AI-optimized PostgreSQL expertise, including semantic search over documentation and curated best practices, to assist AI coding tools in generating better PostgreSQL code.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid service for embeddings used during semantic search calls and for semantic chunking during initial data ingestion).
  • ⚠️Requires a running PostgreSQL database with the 'pgvector' extension enabled for vector similarity search.
  • ⚠️Requires prior 'ingest' of documentation (PostgreSQL and/or TigerData) into the database using the provided Python scripts to be fully functional.
Verified SafeView Analysis
The server uses environment variables for sensitive credentials (API keys, database connection parameters). SQL queries are parameterized, mitigating SQL injection risks. The Python ingest scripts execute shell commands (`git clone`, `make html`, `./configure`) for documentation building; while these carry inherent risks, they are used for trusted internal processes (cloning from PostgreSQL's official GitHub repository) and not exposed to arbitrary user input. The server leverages a boilerplate library (`@tigerdata/mcp-boilerplate`), assuming its security. No direct 'eval' or dangerous dynamic code execution from untrusted input is observed in the provided source code.
Updated: 2026-01-12GitHub
100
8455
Low Cost
open-metadata icon

OpenMetadata

by open-metadata

Sec8

This server acts as a plugin for Apache Airflow, exposing REST APIs to manage OpenMetadata workflow definitions, DAGs, and tasks.

Setup Requirements

  • ⚠️Requires Apache Airflow version 2.3.3 to be installed.
  • ⚠️Specific configuration needed in `airflow.cfg` file (`dag_generated_configs` path).
  • ⚠️Manual directory creation: `mkdir -p {AIRFLOW_HOME}/dag_generated_configs` is required.
  • ⚠️Python `pip install openmetadata-airflow-managed-apis` is needed in Airflow's Python environment.
Verified SafeView Analysis
The provided source code is primarily for the frontend UI. It demonstrates good practices for handling user input and constructing search queries (using `escapeESReservedCharacters`) to mitigate potential injection risks in Elasticsearch. Authentication is handled via JWT tokens (backend responsibility, but frontend uses it securely). There are explicit tests for XSS vulnerabilities within the audit logs display. No `eval` or malicious patterns were found in the provided UI code. The overall security relies heavily on the backend API's implementation, but the frontend interaction patterns are sound.
Updated: 2026-01-19GitHub
100
7461
Medium Cost
firerpa icon

lamda

by firerpa

Sec1

AI-powered Android automation framework for mobile data and task automation.

Setup Requirements

  • ⚠️Requires Root access on Android devices.
  • ⚠️The `lamda-server-<ABI>.tar.gz` file must be manually downloaded and placed for Magisk installation.
  • ⚠️Requires a `LICENSE` environment variable, suggesting commercial licensing for full features.
  • ⚠️Docker is required for server deployment via `firerpa.yml`.
Review RequiredView Analysis
CRITICAL: The `tools/scp.sh`, `tools/ssh.sh`, and `tools/rsync.sh` scripts hardcode a universal RSA private key. This means anyone with access to the source code can impersonate clients configured to use this default key, leading to complete compromise. Additionally, these scripts disable SSH host key checking (`-o StrictHostKeyChecking=no`), making connections vulnerable to Man-in-the-Middle attacks. The system requires root access, which amplifies the impact of any security flaw. The `startmitm.py` script facilitates MITM attacks by installing a CA certificate, and `DNS2SOCKS.c` enables DNS tunneling, which, while functional, poses significant risks if misused. The default proxy credentials are randomly generated, which is good, but the core vulnerability of the hardcoded SSH key remains.
Updated: 2025-12-13GitHub
100
1095
Medium Cost
tavily-ai icon

tavily-mcp

by tavily-ai

Sec9

Provides real-time web search, data extraction, website mapping, and crawling capabilities for AI assistants.

Setup Requirements

  • ⚠️Requires a Tavily API Key (paid service with free tier available)
  • ⚠️Requires Node.js v20 or higher to run locally
  • ⚠️Designed to be used by an MCP client (e.g., Claude Desktop, Cursor)
Verified SafeView Analysis
The server correctly retrieves the Tavily API key from environment variables, preventing hardcoding. It uses `axios` for network requests, a standard library. The `DEFAULT_PARAMETERS` environment variable is parsed as JSON, which is typically safe as environment variables are controlled by the deployment; however, improper configuration of this variable could lead to unexpected behavior. No 'eval' or other direct code injection vulnerabilities were found.
Updated: 2026-01-19GitHub
100
1989
High Cost
cyberagiinc icon

DevDocs

by cyberagiinc

Sec8

DevDocs is a web crawling and content extraction platform designed to accelerate software development by converting documentation into LLM-ready formats for intelligent data querying and fine-tuning.

Setup Requirements

  • ⚠️Requires Docker installed and running on your system.
  • ⚠️Relies on the `Crawl4AI` service, provided as a Docker image.
  • ⚠️Requires careful environment variable configuration, especially `NEXT_PUBLIC_BACKEND_URL` and `CRAWL4AI_API_TOKEN`, for non-default or production deployments.
Verified SafeView Analysis
The server includes robust path traversal prevention for file content access. However, a default demo API key for Crawl4AI is hardcoded, which should be replaced in production environments. The use of `execPromise` to run shell scripts from an API endpoint (`/api/debug`) is present, but it's specifically for a contained debug script (`debug_crawl4ai.sh`), which reduces immediate risk within a self-hosted development context. The MCP server is executed with write access to `/app/storage/markdown`, making its integrity critical.
Updated: 2025-12-11GitHub
100
13337
High Cost
triggerdotdev icon

trigger.dev

by triggerdotdev

Sec9

A platform for building and executing reliable, scalable background tasks and complex workflows, supporting various runtimes (Node.js, Python, Bun), including advanced AI agent orchestration, event-driven processing, and real-time data handling.

Setup Requirements

  • ⚠️Requires OpenAI/Anthropic API Keys (Paid) for AI features.
  • ⚠️Requires Docker/Kubernetes, pnpm, and uv (Python environment manager) for local development and self-hosting.
  • ⚠️Requires PostgreSQL and Redis for local data storage and messaging infrastructure.
  • ⚠️Slack app setup (token, channel ID) is necessary for approval workflows.
Verified SafeView Analysis
Strong focus on environment variables for secrets, robust authentication/authorization with JWTs/API Keys/MFA. Critical AI-generated SQL/code execution is mitigated by explicit approval steps (Slack) or sandboxing (@e2b/code-interpreter). Uses child processes for system commands and browser automation (lightpanda, playwright), which require secure build/runtime environments. File uploads have size limits and would require further content validation in production. Proper network segmentation and access control are crucial for deployment.
Updated: 2026-01-19GitHub
PreviousPage 6 of 713Next