Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

47
24
Medium Cost
dalehurley icon

php-mcp-sdk

by dalehurley

Sec9

A PHP SDK for building Model Context Protocol (MCP) servers that expose AI capabilities (tools, prompts, sampling) and data resources to clients, facilitating AI agent orchestration and structured human-AI interaction.

Setup Requirements

  • ⚠️Requires PHP 8.1+ and Composer for dependency management.
  • ⚠️Leverages the Amp framework for asynchronous operations, which might require a learning curve for developers unfamiliar with async PHP.
  • ⚠️If using file-based `Root` resources, URIs must explicitly start with `file://`.
  • ⚠️Production deployments for HTTP/WebSocket transports would require proper web server setup (e.g., Nginx/Apache) and TLS configuration.
Verified SafeView Analysis
The SDK demonstrates a strong focus on security, employing robust input validation using `InvalidArgumentException` and `JsonSchemaValidator`, structured error handling (`McpError`), and network security features in its transport layers (`allowedHosts`, `allowedOrigins`, `enableDnsRebindingProtection` for HTTP/WebSocket). The OAuth implementation includes client authentication, token verification, PKCE support (configurable for proxy scenarios), and metadata endpoints, showing a good understanding of OAuth best practices. While complex OAuth flows always carry inherent configuration risks, the SDK provides the necessary primitives to implement them securely. No `eval()` or direct code injection vulnerabilities were found. URI validation for `Root` objects also adds a layer of safety.
Updated: 2025-11-25GitHub
47
58
Medium Cost
yuna0x0 icon

anilist-mcp

by yuna0x0

Sec8

An MCP server that interfaces with the AniList API, allowing LLM clients to access and interact with anime, manga, character, staff, and user data.

Setup Requirements

  • ⚠️Requires Node.js 18+.
  • ⚠️Requires an AniList API Token for authenticated operations (e.g., favouriting, updating lists, posting activities, getting authorized user info). Obtaining this token involves multiple steps on the AniList website.
  • ⚠️Uses pnpm as the package manager for local development.
Verified SafeView Analysis
AniList API token (ANILIST_TOKEN) is handled securely via environment variables or HTTP headers, and it is marked as sensitive/secret in configuration files (smithery.yaml, server.json). The `requireAuth` utility correctly enforces authentication for sensitive operations. Configuration inputs are validated using Zod. The server includes a caution in the README about protecting HTTP endpoints. A minor concern is the default broad CORS origin (`*`) which should be restricted in production deployments, though it is configurable via `CORS_ORIGIN` environment variable. No 'eval', obfuscation, or malicious patterns were detected.
Updated: 2025-11-28GitHub
47
74
High Cost
kunwarVivek icon
Sec9

AI-powered GitHub Project Management, including automated roadmap generation, sprint planning, issue triaging, task breakdown, and comprehensive project workflow automation.

Setup Requirements

  • ⚠️Requires Node.js 18.x or higher and TypeScript runtime (`ts-node` or `npm run dev`).
  • ⚠️Critical: Requires a valid GitHub Personal Access Token (GITHUB_TOKEN) with appropriate permissions (e.g., `repo`, `project`) set as an environment variable or CLI argument.
  • ⚠️Critical for AI features: Requires API keys for at least one AI provider (ANTHROPIC_API_KEY, OPENAI_API_KEY, GOOGLE_API_KEY, or PERPLEXITY_API_KEY) for AI-powered functionalities (e.g., PRD generation, task analysis, issue triaging).
Verified SafeView Analysis
Sensitive configurations (GitHub token, AI API keys, webhook secret) are correctly loaded from environment variables or CLI arguments, not hardcoded. The webhook handler uses `crypto.timingSafeEqual` for secure signature validation. Comprehensive error handling with retries helps API resilience. No obvious malicious patterns or unsafe code execution (`eval`) detected in the provided snippets.
Updated: 2025-11-24GitHub
47
18
Medium Cost
padmarajnidagundi icon
Sec9

An enterprise-grade Playwright test automation framework facilitating AI agent integration for comprehensive web and mobile testing across various categories, including visual diffs, performance, and security.

Setup Requirements

  • ⚠️Requires Node.js 18.x or 20.x
  • ⚠️Integration with AI agents for 'chatmode prompts' may require an OpenAI API Key (paid service) or a locally running LLM (e.g., Ollama), incurring external costs.
Verified SafeView Analysis
The framework demonstrates strong security practices for a testing project, using environment variables for sensitive data (E2E_USER, E2E_PASS) and promoting HTTPS enforcement. Dependencies like '@pact-foundation/pact' are used for contract testing, which is a controlled environment. The use of 'eval' is confined to Playwright's 'page.evaluate()' for browser-side ES6 feature testing, not for server-side code execution, and thus does not pose a direct security risk to the Node.js server. No obfuscation or malicious patterns were found in the provided source code.
Updated: 2026-01-17GitHub
47
5
Low Cost
shinokada icon
Sec9

Provides Flowbite-Svelte documentation and component information to an MCP client (LLM) via a set of exposed tools.

Setup Requirements

  • ⚠️Requires 'pnpm' package manager for installation and scripts.
  • ⚠️Initial setup requires internet access (`pnpm run copy:llm`) to download documentation data.
  • ⚠️The `generateComponentRegistry.ts` script (used for `pnpm run gen:registry`) contains a hardcoded absolute path (`/Users/shinichiokada/Flowbite/flowbite-svelte/src/lib`) that users will need to manually update to their local Flowbite-Svelte repository to regenerate `components.json`. If `components.json` is provided in the repo, this script isn't strictly necessary unless you need to update the registry.
Verified SafeView Analysis
The server's core functionality relies on reading local, pre-fetched documentation files, reducing runtime network risks. Path validation (`isValidFilePath`) is explicitly implemented to prevent path traversal, absolute path access, and invalid characters, which is a strong security measure for file access. The fetching of external data (`copyLlmData.ts`) is a build/setup step, not a runtime operation, and this script also uses the robust path validation.
Updated: 2025-11-27GitHub
47
34
Medium Cost
IBM icon
Sec8

The IBM i MCP Server enables AI agents to monitor, administer, and query IBM i systems using SQL tools, supporting performance analysis, system administration, and security vulnerability assessment.

Setup Requirements

  • ⚠️Requires Node.js 20+ to run the server component.
  • ⚠️Requires IBM i DB2 connection details (DB2i_HOST, DB2i_USER, DB2i_PASS, DB2i_PORT) set as environment variables.
  • ⚠️Docker is recommended for running the full agent infrastructure, which includes the MCP server.
Verified SafeView Analysis
The server design explicitly exposes powerful IBM i SQL tools, including some that can execute arbitrary SQL (with keyword filtering) and CL commands that modify system settings (e.g., `qsys2.qcmdexc` in `execute_impersonation_lockdown`). While this is inherent to its purpose, it's managed by robust security mechanisms: explicit `readOnly` and `destructiveHint` flags, comprehensive `sqlSecurityValidator` with AST-based parsing to prevent SQL injection and filter forbidden keywords, and a client-side `FilteredMCPTools` to restrict agent access. Configuration requires environment variables for DB2i credentials and HTTP authentication relies on securely managed private/public keys, avoiding hardcoded secrets. The `sanitizeForLogging` utility further improves security posture by masking sensitive data in logs. Overall, while exposing powerful commands, the project demonstrates a strong commitment to security through design and implementation.
Updated: 2026-01-18GitHub
47
58
Medium Cost
pulsemcp icon

mcp-servers

by pulsemcp

Sec9

An MCP server for managing files in Google Cloud Storage, supporting CRUD operations (save, get, search, delete) and exposing files as resources.

Setup Requirements

  • ⚠️Requires access to a configured Google Cloud Storage bucket.
  • ⚠️Requires valid Google Cloud credentials (e.g., `GCS_BUCKET`, `GCS_PROJECT_ID`, and either `GCS_CLIENT_EMAIL` + `GCS_PRIVATE_KEY` or `GCS_KEY_FILE`) configured via environment variables.
  • ⚠️Returning large text file content inline via `get_file` can be token-expensive; the tool explicitly advises using `local_file_path` to save files locally for large/binary content to preserve the context window.
Verified SafeView Analysis
Implements robust path validation (e.g., `validateLocalFilePath`) to prevent path traversal and unauthorized access/writes to sensitive local system directories. Relies on environment variables for API credentials rather than hardcoding. Uses the official `@google-cloud/storage` SDK, reducing direct network implementation risks.
Updated: 2026-01-19GitHub
47
63
Low Cost
mcpdotdirect icon

template-mcp-server

by mcpdotdirect

Sec9

Provides a CLI tool and template to quickly get started building a Model Context Protocol (MCP) server using FastMCP, supporting both stdio and HTTP transports.

Setup Requirements

  • ⚠️The default scripts in `package.json` (e.g., `npm start`, `npm run dev`) are configured to use Bun as the JavaScript runtime, requiring Bun to be installed in the execution environment.
  • ⚠️Requires Node.js version 18.0.0 or higher.
  • ⚠️Peer dependencies such as 'typescript', '@valibot/to-json-schema', and 'effect' need to be installed separately in the consuming project if not handled automatically by the package manager.
Verified SafeView Analysis
The server implementation relies on the FastMCP framework for protocol handling and uses Zod for robust input parameter validation in tools, which is a good practice for preventing injection attacks. The `create-mcp-server` CLI script performs file system operations typical of a project generator but includes checks (e.g., verifying directory emptiness) to prevent unintended overwrites. No hardcoded secrets, 'eval', or direct command injection vulnerabilities were found in the provided source code. Potential risks are primarily dependent on how FastMCP internally handles argument validation for prompts/resources and any custom logic introduced by the user beyond the template.
Updated: 2025-11-26GitHub
47
14
Medium Cost
mcbodge icon

MudMCP

by mcbodge

Sec9

Provides AI assistants with real-time, structured access to MudBlazor component documentation and code examples via the Model Context Protocol.

Setup Requirements

  • ⚠️Requires .NET 10 SDK (Preview) which may need specific installation steps or have stability considerations.
  • ⚠️Initial startup involves cloning the MudBlazor repository (~500MB), requiring significant disk space and network bandwidth, leading to a slow first run.
Verified SafeView Analysis
The project uses Roslyn for static analysis of a trusted, external MudBlazor repository, not for executing arbitrary user code. Deployment scripts include robust input validation, path traversal protection, and error handling. No hardcoded secrets were found in the truncated code. The `AllowedHosts: *` default in `appsettings.json` is common but should be restricted in production, and deployment documentation correctly advises HTTPS for production environments. Code review for deployment scripts is enforced.
Updated: 2026-01-19GitHub
47
53
Medium Cost
jenkinsci icon

mcp-server-plugin

by jenkinsci

Sec8

Enables Jenkins to act as a Model Context Protocol (MCP) server, exposing Jenkins functionalities as tools for LLM-powered applications or IDEs.

Setup Requirements

  • ⚠️Requires Jenkins version 2.479 or higher to be pre-installed and running.
  • ⚠️Authentication requires generating a Jenkins API token and using it with HTTP Basic Authentication.
  • ⚠️For enhanced security, explicit system properties must be set to enforce Origin header validation for incoming requests.
Verified SafeView Analysis
The plugin leverages Jenkins' robust security model, requiring Jenkins API tokens for authentication and respecting user permissions (ACL). Origin header validation is implemented and configurable, though it's not strictly enforced by default to facilitate AI agent usage. Dynamic method invocation is constrained to annotated methods on registered extensions, which is standard for Jenkins plugins. Parameter deserialization uses reflection for plugin compatibility but operates within the Jenkins parameter framework. No hardcoded secrets or obvious malicious patterns were found. Running safely requires proper Jenkins security configuration and consideration of the origin header validation settings.
Updated: 2026-01-13GitHub
47
14
Low Cost
contextstream icon

mcp-server

by contextstream

Sec9

Provides AI tools with persistent context, semantic code search, and team knowledge sharing across sessions.

Setup Requirements

  • ⚠️Requires a ContextStream API key for authentication (free plan available, but some features are PRO-gated).
  • ⚠️Node.js runtime version 18 or higher is required.
  • ⚠️Claude Code users are strongly recommended to install provided hooks to ensure AI uses ContextStream search and planning features effectively, overriding default behaviors.
Verified SafeView Analysis
The server primarily operates by making HTTP requests to a configurable API URL (defaulting to contextstream.io) and reading/writing local configuration files. File system operations are generally confined to user home directories or project roots (`.contextstream/config.json`, `~/.contextstream-mappings.json`, `~/.claude/hooks/`) and utilize `path.join` for safer path construction. Sensitive information like API keys is handled via environment variables or headers, aligning with best practices. Embedded Python hooks are provided for specific editor integrations; their source is transparent and they do not execute arbitrary user input. There are no obvious `eval` or direct `child_process.exec` calls with unvalidated user input. The code appears well-structured with security considerations in mind.
Updated: 2026-01-16GitHub
47
54
Medium Cost
greirson icon

mcp-todoist

by greirson

Sec9

Connects Claude with Todoist for comprehensive task and project management through natural language, acting as an AI assistant for productivity.

Setup Requirements

  • ⚠️Requires a Todoist API token, which must be manually obtained from Todoist account settings.
  • ⚠️Reminder Management features (create, update, delete reminders) require a Todoist Pro or Business plan.
  • ⚠️Requires specific JSON configuration to integrate with Claude Desktop or other Model Context Protocol (MCP) clients.
Verified SafeView Analysis
The server demonstrates strong security practices including retrieving the Todoist API token from environment variables, comprehensive input validation and sanitization (XSS, script injection, SQL injection patterns, safe URL protocols, allowed file types for attachments) via `src/validation.ts`, and a `DryRunWrapper` to simulate mutations without making real changes when enabled. A critical fix for a bulk operation vulnerability (Issue #34) highlights a proactive approach to security. While exhaustive security is never guaranteed, the codebase shows a high level of diligence.
Updated: 2026-01-17GitHub
PreviousPage 60 of 713Next