Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

47
9
Low Cost
For-Sunny icon
Sec9

Production-grade GPU-accelerated vector memory for AI applications, providing secure and high-performance vector search.

Setup Requirements

  • ⚠️Requires an NVIDIA GPU with CUDA support for optimal sub-2ms performance (CPU-only mode is slower).
  • ⚠️A separate Python tether service (e.g., 'tether_faiss_complete.py' from the RESEARCH_TOOLS directory) must be running and accessible via TCP socket on a specified host and port (e.g., localhost:9997).
  • ⚠️A secure 32-character hex 'TETHER_SECRET' must be generated and consistently configured as an environment variable for both the Node.js MCP server and the Python tether for authentication to succeed.
Verified SafeView Analysis
Implements robust HMAC-SHA256 authentication for communication, replay protection via timestamp validation (MAX_TIMESTAMP_DRIFT), and input validation with Zod schemas. Error responses are sanitized (stack traces are suppressed). Relies on a securely generated 'TETHER_SECRET' environment variable for authentication, which is critical for preventing unauthorized access to the underlying Faiss tether. Communication with the Python tether is via TCP socket, making network security important.
Updated: 2025-12-05GitHub
47
52
Medium Cost
jonigl icon
Sec2

Provides an API layer in front of the Ollama API, seamlessly adding tools from multiple MCP servers so every Ollama request can access all connected tools transparently.

Setup Requirements

  • ⚠️Requires an Ollama server running (local or remote).
  • ⚠️Requires a `mcp-config.json` file defining MCP servers.
  • ⚠️Requires Python 3.10.15 or newer.
Review RequiredView Analysis
The bridge allows configuration of Model Context Protocol (MCP) servers via a `mcp-config.json` file. When configuring `stdio` transport, the `command` and `args` fields in this file are executed as shell commands on the host machine. If `mcp-config.json` is not trusted or can be manipulated by an attacker, this can lead to arbitrary code execution, which is a critical security risk. Environment variables, either directly retrieved via `os.getenv` or expanded from `${env:VAR_NAME}` within the configuration, can influence server behavior including commands executed or URLs accessed, posing an injection risk if untrusted. The default `CORS_ORIGINS` is `*`, which allows all origins and is not recommended for production environments.
Updated: 2026-01-16GitHub
47
62
Medium Cost
barryyip0625 icon

mcp-discord

by barryyip0625

Sec9

Enables AI assistants to interact with the Discord platform by providing a set of Discord-related functionalities via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires a Discord bot with a token and specific privileged intents enabled (Message Content, Server Members, Presence) in the Discord Developer Portal.
  • ⚠️The Discord bot must be added to the target Discord server(s) with appropriate permissions (e.g., Administrator or specific granular permissions like Send Messages, Manage Channels, etc.).
  • ⚠️Requires Node.js v16.0.0+ and npm v7.0.0+ to run locally.
Verified SafeView Analysis
The server uses standard practices for Discord bot development, including robust error handling and input validation (Zod schemas). Discord bot tokens are handled via environment variables or command line arguments, preventing hardcoding. There are no obvious signs of 'eval' or other direct arbitrary code execution vulnerabilities. The `searchMessagesHandler` properly uses `URLSearchParams` for constructing API queries, minimizing injection risks. The system requires specific Discord bot intents and server permissions, which is standard for Discord integrations.
Updated: 2026-01-13GitHub
47
38
Medium Cost
ssakone icon

pb_mcp_server

by ssakone

Sec8

Provides an MCP interface for AI assistants to interact with PocketBase databases for data management, authentication, and administrative tasks.

Setup Requirements

  • ⚠️Requires Node.js version 18.0.0 or higher.
  • ⚠️Requires a running PocketBase instance accessible at the configured URL (default: http://127.0.0.1:8090).
  • ⚠️Many administrative and user management operations require PocketBase admin credentials for full functionality.
Verified SafeView Analysis
The server uses environment variables for sensitive configuration (PocketBase URL, admin credentials), which is good practice. It implements session management and explicit authentication checks for privileged operations. A robust testing suite (including property-based tests) significantly enhances reliability and security posture. The 'send_custom_request' tool is very powerful, allowing raw HTTP requests to any PocketBase API endpoint, potentially with admin privileges. While flexible, this tool poses a significant risk if the MCP server itself is exposed publicly or used in an untrusted environment, as a compromised client could perform arbitrary actions on the PocketBase instance. However, in its intended local/trusted MCP client deployment, this is a feature rather than a vulnerability.
Updated: 2025-11-29GitHub
47
80
Medium Cost
keboola icon

mcp-server

by keboola

Sec1

Keboola MCP Server acts as an open-source bridge connecting Keboola projects with modern AI agents (e.g., Claude, Cursor, CrewAI, LangChain). It exposes Keboola features like data storage access, SQL transformations, job triggers, and data app management as callable tools for AI assistants, enabling them to interact with and manage data in Keboola without manual glue code.

Setup Requirements

  • ⚠️Requires a Keboola project and a valid Keboola API token for operation.
  • ⚠️Local setup requires careful configuration of OAuth client credentials and the MCP server's URL.
  • ⚠️Python 3.9+ is required to run the server locally.
Review RequiredView Analysis
Critical SQL Injection Risk: The `query_data` tool (used in `tools/sql.py` and potentially injected into `data_apps`) directly passes user-provided SQL queries to the backend without explicit sanitization by the tool itself. If AI agents construct these queries from untrusted user input, it creates a severe SQL injection vulnerability. High Arbitrary Code Execution Risk: The `modify_data_app` tool accepts `source_code` as input, which is then executed as a Streamlit application. An AI agent, if compromised or given malicious instructions, could inject arbitrary Python code into these data apps, potentially leading to unauthorized actions within the sandboxed environment. Medium OAuth Redirect URI Whitelist Concerns: The OAuth provider validates `https` redirect URIs against a predefined whitelist but allows arbitrary custom URI schemes. While custom schemes typically require client-side registration, this approach could be exploited if a local system has a vulnerable handler for a custom scheme or if the `https` whitelist is incomplete. Low Risk from Debugging Flag: The `KEBOOLA_MCP_SERVER_OAUTH_LOG_ALL` environment variable, if enabled in a production environment, could expose sensitive OAuth token details in server logs.
Updated: 2026-01-19GitHub
47
52
Medium Cost
gavdilabs icon

cap-mcp-plugin

by gavdilabs

Sec9

Integrate SAP CAP services with the Model Context Protocol (MCP) to expose them as AI-accessible resources, tools, and prompts for natural language interaction and automation.

Setup Requirements

  • ⚠️Requires SAP Cloud Application Programming Model (CAP) version 9+ and Express version 4+ to run.
  • ⚠️For authentication (XSUAA/IAS), OAuth credentials (client ID, client secret, URL) must be configured externally in CAP's environment settings (`cds.env.requires.auth.credentials`).
  • ⚠️A custom URI template workaround is implemented for an MCP SDK bug, which might require attention if the SDK is updated.
Verified SafeView Analysis
The server implements robust security measures including input validation (Zod, ODataQueryValidator with forbidden patterns), sanitization of environment variables, and leverages CAP's authentication and authorization system (inheriting roles and restrictions). It uses helmet for HTTP security headers and CORS. OAuth integration relies on @sap/xssec for token validation and exchange. Potential area of concern includes `cds.parse.expr` for OData filters, though it's heavily mitigated by prior validation.
Updated: 2026-01-13GitHub
47
195
High Cost
finite-sample icon

rmcp

by finite-sample

Sec9

Perform sophisticated statistical analysis, econometrics, machine learning, and time series tasks using natural language conversations with AI assistants, demonstrating capabilities through a web interface.

Setup Requirements

  • ⚠️Requires R (4.4.0+) to be installed locally, with a comprehensive ecosystem of up to 429 R packages, which need to be installed.
  • ⚠️The Streamlit demo and Claude web integration require an Anthropic (Claude) API Key, which is a paid service.
  • ⚠️Python 3.10+ is required.
  • ⚠️Docker is recommended for full R integration development and some advanced deployment/testing scenarios.
Verified SafeView Analysis
The project explicitly prioritizes security by design, implementing a Virtual File System (VFS) to restrict file access to allowed paths, a comprehensive 4-tier R package whitelist (429 packages) with security assessments, and a "Universal Operation Approval System" for sensitive operations (e.g., file writing, package installation, system calls). It uses `subprocess` to execute R scripts, which can be risky, but this risk is extensively mitigated by the VFS, package sandboxing, and explicit user/admin approval mechanisms for potentially dangerous R functions like `system()` or `install.packages()`. No hardcoded secrets were identified in the truncated source. The Streamlit app handles API keys as session-only and untracked. CORS is configurable for HTTP transport. It is designed to be safe if configured correctly and used responsibly.
Updated: 2025-12-28GitHub
47
59
Medium Cost
mcpc-tech icon

mcpc

by mcpc-tech

Sec7

Build and compose agentic Model Context Protocol (MCP) servers and tools, enabling AI assistants to discover, integrate, and orchestrate other MCP servers for complex tasks.

Setup Requirements

  • ⚠️Requires Deno runtime environment installed (can use `npx deno run`).
  • ⚠️Requires other MCP servers to be installed and configured (e.g., `desktop-commander`, `lsmcp`, `claude-code-acp`).
  • ⚠️GitHub API integration requires a `GITHUB_PERSONAL_ACCESS_TOKEN` with `repo`, `read:org`, `user` scopes.
  • ⚠️Using AI SDK modes (`ai_sampling`, `ai_acp`) requires a compatible LLM client (e.g., VS Code with Copilot, Claude Desktop) and corresponding API keys for the chosen LLMs.
Verified SafeView Analysis
The project's core functionality involves orchestrating other tools and executing code/commands, which inherently requires flexible permissions. While some examples and CLI usage (`deno run --allow-all`) grant broad access, the `plugin-code-execution` module provides a secure Deno sandbox with granular permission control for user-provided JavaScript code. The framework encourages best practices for handling secrets (e.g., `GITHUB_PERSONAL_ACCESS_TOKEN` via environment variables). A documented `eval` example in plugin documentation includes a warning not to use it in production, which demonstrates awareness but can still be a risk for inexperienced users. Overall, security depends heavily on how users configure and deploy agents, and the trustworthiness of integrated MCP servers.
Updated: 2026-01-19GitHub
47
87
High Cost
microsoft icon

files-mcp-server

by microsoft

Sec6

This server provides a local testing environment for the Model Context Protocol, allowing clients to interact with Microsoft OneDrive and SharePoint resources via contextual tools and resources.

Setup Requirements

  • ⚠️Requires `ODMCP_TENANT_ID` and `ODMCP_CLIENT_ID` environment variables to be set.
  • ⚠️Requires an MCP client that supports the Model Context Protocol.
  • ⚠️Delegated authentication via the 'protected resource flow' is mentioned as being supported by specific clients like Visual Studio Code Insiders, indicating potential client-side requirements for full authentication.
Verified SafeView Analysis
The server implements delegated authentication (`requireAuthentication`) for its primary MCP endpoints, expecting a Bearer token. However, a specific direct file stream route (`/file/*/contentStream`) hardcodes `const token = "fake"`, which would prevent successful access to real Microsoft Graph API content through that endpoint and could lead to confusion or misuse if not carefully understood. The project explicitly states it is for 'DEVELOPER ENVIRONMENT — NOT FOR PRODUCTION'. No direct 'eval' or obfuscation was found. The core MCP communication relies on properly provided tokens.
Updated: 2026-01-07GitHub
47
71
Medium Cost
RamXX icon

mcp-tavily

by RamXX

Sec9

Provides AI-powered web search, answer generation, and news search capabilities to LLMs via the Tavily API for research, fact-finding, and gathering detailed information.

Setup Requirements

  • ⚠️Requires a Tavily API key (Tavily is a paid service).
  • ⚠️Requires Python 3.11 or later.
Verified SafeView Analysis
The Tavily API key is securely managed via environment variables or command-line arguments, not hardcoded. Input validation for parameters is implemented using Pydantic models. Domain list parsing uses `json.loads` within a controlled context, with fallbacks for non-JSON strings, which appears safe. The server interacts via MCP's `stdio_server`, avoiding direct network exposure. External API calls to Tavily are a core function and handled responsibly.
Updated: 2025-11-25GitHub
47
145
Low Cost
jcaromiq icon

goku

by jcaromiq

Sec4

Goku is an HTTP load-testing tool designed for benchmarking and performance analysis of web services; the MCP server allows LLM agents to programmatically interact with this load testing functionality.

Setup Requirements

  • ⚠️Requires Rust toolchain (`cargo`) for building from source or `curl`/`wget` for script installation.
  • ⚠️The MCP server runs as a long-running process and communicates via standard I/O (stdio), requiring proper process management.
Review RequiredView Analysis
The `reqwest` client used for making HTTP requests is configured by default with `danger_accept_invalid_certs(true)`, which disables SSL/TLS certificate validation. This makes all requests vulnerable to man-in-the-middle attacks and should be addressed by either enabling validation by default or providing a clear, configurable option to disable it only when necessary. The MCP server allows arbitrary URL targets for load testing, which, if not properly sandboxed or secured, could be misused by an agent to target internal networks or perform unintended requests.
Updated: 2025-11-25GitHub
47
63
Medium Cost
AzureCosmosDB icon
Sec9

Enables AI assistants (LLMs like Claude, Continue.dev) to interact with and query Azure Cosmos DB databases using natural language.

Setup Requirements

  • ⚠️Requires an existing Azure Cosmos DB account with configured URI, key (or Managed Identity), database, and container.
  • ⚠️Requires Python 3.8 or higher, Node.js 14+ (for JavaScript sample), Go, or Java for respective implementations.
  • ⚠️Claude Desktop integration requires setting up an additional Python proxy script to bridge STDIO to HTTP transport.
Verified SafeView Analysis
The server loads sensitive Cosmos DB credentials from environment variables or a .env file, supporting Azure Managed Identity for enhanced security, which is a good practice. Default network binding is to localhost (127.0.0.1:8080), limiting external exposure. No explicit 'eval' usage or code obfuscation was found. Error handling for tool calls wraps exceptions, preventing direct exposure of internal stack traces, though some generic error messages might reveal operation failure types.
Updated: 2025-11-25GitHub
PreviousPage 61 of 713Next