Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

46
55
Medium Cost
joelhooks icon

logseq-mcp-tools

by joelhooks

Sec8

Provides AI assistants structured access to a Logseq knowledge graph for retrieval, summarization, analysis, and modification.

Setup Requirements

  • ⚠️Requires Logseq to be running with the HTTP API enabled and an authentication token configured.
  • ⚠️For Claude Desktop integration, Node.js needs to be installed system-wide (e.g., via Homebrew) to avoid conflicts with version managers.
  • ⚠️Absolute path to `index.ts` is crucial for client configurations (Claude Desktop, Cursor, Junie).
Verified SafeView Analysis
The server securely handles the Logseq authentication token via environment variables. It primarily interacts with a local Logseq instance, limiting network exposure. Tools that execute DataScript queries (`smartQuery`) use predefined templates to reduce direct injection risks from user input. The main 'risk' is the inherent capability of AI to modify the Logseq graph via tools like `createPage`, `addJournalEntry`, and `addNoteContent`, which requires careful permission management of the AI client itself.
Updated: 2025-12-01GitHub
46
7
Medium Cost
yutakobayashidev icon

ava

by yutakobayashidev

Sec9

AI-powered progress tracking and communication tool for developers, integrating with coding agents and Slack to reduce context switching.

Setup Requirements

  • ⚠️Requires Node.js 18+
  • ⚠️Requires Docker & Docker Compose for PostgreSQL database
  • ⚠️Detailed Slack App setup required (creating app, configuring OAuth, scopes, slash commands, interaction URLs)
  • ⚠️Requires OpenAI API Key (paid tier recommended for consistent use)
  • ⚠️Requires Stripe account and API Key (for subscription features)
Verified SafeView Analysis
The project demonstrates strong security practices including OAuth 2.1 with PKCE, Slack request signature verification, timing-safe comparisons for sensitive data, robust input validation using Zod, and secure environment variable handling. Event sourcing pattern enhances data integrity and auditability. External client metadata fetching includes size limits, timeouts, and validation. No obvious 'eval' or obfuscation found.
Updated: 2025-12-13GitHub
46
33
Low Cost
PromptExecution icon

just-mcp

by PromptExecution

Sec3

Provides an MCP (Model Context Protocol) server for AI agents to discover, execute, and introspect Justfile recipes, enabling automated build and task management without direct shell access.

Review RequiredView Analysis
The `executor.rs` module directly substitutes user-provided arguments (via the `run_recipe` tool) and Justfile variables into shell commands executed with `sh -c`. This design pattern is highly vulnerable to command injection, as malicious input in arguments or variables could execute arbitrary code on the host system. The claim of being 'Safer Than Raw Bash Access' is not supported by the current implementation which directly uses `sh -c` with interpolated user input.
Updated: 2025-12-03GitHub
46
37
Medium Cost
shinpr icon

mcp-image

by shinpr

Sec9

The MCP server enables AI assistants to generate and edit images using Google's Gemini 3 Pro Image, with intelligent prompt optimization provided by Gemini 2.0 Flash.

Setup Requirements

  • ⚠️Requires a Google Gemini API Key, which is a paid service.
  • ⚠️Requires Node.js version 20 or higher.
  • ⚠️The `IMAGE_OUTPUT_DIR` environment variable must be an absolute path (e.g., /Users/username/images), not a relative path.
Verified SafeView Analysis
The server demonstrates a strong focus on security. It actively prevents path traversal and null byte injection in file operations via a dedicated `SecurityManager`. Sensitive information (like API keys, passwords, URLs, PII) is filtered and redacted from logs by the `Logger`. No hardcoded secrets or `eval` usage were found. External API calls to Google Gemini are expected, and network/API error handling is implemented. Overall, it appears safe to run, provided the user secures their `GEMINI_API_KEY` appropriately.
Updated: 2026-01-14GitHub
46
48
Medium Cost
mahdin75 icon

geoserver-mcp

by mahdin75

Sec8

Enables Large Language Models (LLMs) to interact with and manage geospatial data and services through the GeoServer REST API.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️A running GeoServer instance with REST API enabled is prerequisite.
  • ⚠️Requires GeoServer connection details (URL, username, password) to be provided via environment variables or command-line arguments.
  • ⚠️If using Docker, ensure the `--storage` directory is mounted as a volume for file-related operations.
Verified SafeView Analysis
The server uses environment variables or command-line arguments for GeoServer credentials (URL, username, password), which is good practice to avoid hardcoding. There are no obvious `eval` or `os.system` calls with unvalidated user input that would indicate direct code injection vulnerabilities. The `resolve_storage_path` function attempts to sandbox file operations to a specified base directory if `--storage` is provided, which mitigates some path traversal risks for file uploads. The primary security consideration is the extensive administrative control granted over GeoServer (e.g., creating/deleting workspaces, layers, users). If the GeoServer instance is not properly secured, or if the LLM is given overly permissive access, a compromised LLM or a malicious prompt could lead to data manipulation, deletion, or exposure.
Updated: 2025-12-13GitHub
46
108
Low Cost
KatherLab icon

STAMP

by KatherLab

Sec4

Enables LLM agents to orchestrate end-to-end computational pathology tasks from Whole Slide Images, including feature extraction, model training, cross-validation, deployment, and heatmap generation.

Setup Requirements

  • ⚠️Requires `uv` (version 0.8.5 or newer) for installation and dependency management.
  • ⚠️Native OpenCV dependencies (e.g., `libgl1-mesa-glx` or `libgl1 libglx-mesa0 libglib2.0-0` on Ubuntu) must be manually installed.
  • ⚠️GPU installation can be time-consuming, memory-intensive, and prone to PyTorch version mismatches, sometimes requiring manual `uv cache clean` operations.
  • ⚠️Requires Python 3.11+ and specific PyTorch versions (e.g., `torch>=2.7.1,<2.8.0`).
Review RequiredView Analysis
The server executes the `stamp` CLI via `subprocess.run` with dynamically generated configurations from user (LLM agent) input. This presents a significant risk of command injection if the `stamp` CLI or its underlying dependencies do not robustly sanitize all possible arguments and file paths. While `read_file` and `list_files` tools attempt path sanitization to limit file access to the server's base directory, this mechanism is not foolproof and could potentially be bypassed via directory traversal vulnerabilities, leading to exposure of sensitive local files. Therefore, running this server without strong sandboxing (e.g., Docker with strict security policies) is highly discouraged.
Updated: 2026-01-19GitHub
46
4
Low Cost
nirholas icon
Sec3

This MCP server is designed to fetch, parse, and organize documentation from websites implementing the llms.txt standard. It transforms raw documentation into structured, agent-ready formats, exposing tools for AI agents, LLMs, and automation workflows to consume documentation programmatically.

Setup Requirements

  • ⚠️Requires Node.js runtime (implied by Node.js/TypeScript codebase).
  • ⚠️Network access is required to fetch documentation from external websites, which may require specific firewall rules or proxy configurations if deployed publicly.
  • ⚠️Relies on `npx` being available in the execution environment to run the STDIO server locally.
Review RequiredView Analysis
The server's core functionality involves fetching content from arbitrary URLs provided by the client. This introduces a significant risk of Server-Side Request Forgery (SSRF) if input URLs are not rigorously validated, sanitized, and sandboxed. Maliciously crafted URLs could lead to unauthorized access to internal resources, data leakage, or resource exhaustion. Additionally, parsing and processing external HTML/Markdown content carries a risk of injection vulnerabilities or exploits if the parsing libraries are not robust or the environment is not sufficiently sandboxed.
Updated: 2026-01-19GitHub
46
68
Medium Cost
2b3pro icon
Sec6

Manages a Roam Research knowledge graph via CLI and exposes its functionalities as tools for AI agents (like Claude) to read, write, and organize notes.

Setup Requirements

  • ⚠️Requires Node.js runtime environment to run the server or CLI.
  • ⚠️Requires a Roam Research API token, implying access to a Roam Research graph (a paid service).
  • ⚠️Environment variables must be configured either for single-graph mode (`ROAM_API_TOKEN`, `ROAM_GRAPH_NAME`) or multi-graph mode (`ROAM_GRAPHS`, `ROAM_DEFAULT_GRAPH`).
Verified SafeView Analysis
The `roam_datomic_query` tool allows execution of arbitrary Datalog queries, which poses a significant risk if the Roam API token has broad permissions, as it can potentially read or modify any data without further validation. There is a potential ReDoS (Regular Expression Denial of Service) vector if a malicious regex pattern is provided to the `regexFilter` parameter within the `roam_datomic_query` tool. The CORS configuration in `src/config/environment.ts` can be a vulnerability if set to '*' in a production environment, allowing requests from any origin.
Updated: 2026-01-18GitHub
46
42
High Cost
KemingHe icon
Sec9

Provides up-to-date information and commands for various Python package managers (pip, conda, poetry, uv, pixi, pdm) by cross-referencing official documentation.

Setup Requirements

  • ⚠️Requires Docker to be installed and running on the host system.
  • ⚠️Specific `mcp.json` configuration is needed for integration with Agentic IDEs.
  • ⚠️Users need to actively manage Docker image versions (e.g., pin to a commit hash for production).
Verified SafeView Analysis
The server runs within a Docker container, providing good isolation. It primarily serves as a documentation search tool, mitigating common risks associated with code execution. No 'eval' or direct execution of user-provided code is apparent in the summarized source. The content is sourced from 'official docs' which is a critical trust assumption. The primary risks would involve malicious content in the indexed documentation (unlikely for official docs) or a sophisticated exploit of the search/display logic.
Updated: 2026-01-13GitHub
46
114
Medium Cost
Jakedismo icon

codegraph-rust

by Jakedismo

Sec9

Transforms codebases into a semantically searchable knowledge graph, enabling AI agents to reason about code relationships, architecture, and impact rather than just performing text-based searches.

Setup Requirements

  • ⚠️Primarily targets macOS for installer scripts; Linux users may need manual adaptation.
  • ⚠️Requires a running SurrealDB instance (local or cloud) with the CodeGraph schema applied.
  • ⚠️Requires Rust toolchain and Homebrew (on macOS).
  • ⚠️For 'balanced' or 'full' indexing tiers, language-specific LSP tools (e.g., `rust-analyzer`, `typescript-language-server`, `pyright-langserver`) must be installed.
Verified SafeView Analysis
The project extensively uses environment variables and configuration files for API keys, avoiding hardcoded secrets. It integrates with various trusted LSP servers and LLM/embedding providers, relying on their security. The use of 'unsafe' for SIMD and memory-mapped files is noted, but this is a common practice for performance in Rust. Debug logging, when enabled via `CODEGRAPH_DEBUG=1`, can write sensitive query and result data to local files; users should be aware of this for security. Default SurrealDB credentials (`root`/`root`) are used in local development setups and should be changed for production deployments.
Updated: 2025-12-20GitHub
46
6
Low Cost
can1357 icon

agentx

by can1357

Sec9

AI-native terminal issue tracker for developers, providing structured task management, Git integration, and a Model Context Protocol server for agent interaction.

Setup Requirements

  • ⚠️Requires Rust toolchain (compiler and Cargo) for building and installation.
  • ⚠️Requires Git installed and configured locally for Git integration features (branch creation, commits).
Verified SafeView Analysis
The MCP server operates over standard input/output (stdio), which limits direct network exposure. File system and Git operations are performed, but these are tied to explicit issue management commands and parameter validation is in place. No dynamic code execution (e.g., 'eval') based on user input or hardcoded sensitive information was observed in the provided source code. The primary security consideration would be the integrity of the upstream MCP client feeding commands via stdio.
Updated: 2025-11-24GitHub
46
100
Medium Cost
ruanrongman icon

IntelliConnect

by ruanrongman

Sec5

An intelligent IoT platform enabling AI agent development, supporting various large language models, knowledge bases, voice applications, and device management for smart hardware like ESP-32.

Setup Requirements

  • ⚠️Requires Docker for easy setup of MySQL, Redis, EMQX, and InfluxDB.
  • ⚠️Requires Java 17 runtime environment.
  • ⚠️Requires an EMQX cluster with exhook configured for MQTT message processing.
  • ⚠️Numerous API keys are required for integrated AI services (e.g., DashScope, GLM, DeepSeek, SiliconFlow, weather services), which incur external costs.
Review RequiredView Analysis
The server uses Spring Security with JWT for authentication and authorization, and correctly externalizes most secrets via `@Value` annotations. However, it incorporates a JavaScript execution sandbox (`NashornSandbox`) for rule and control scripts, which inherently introduces a significant attack surface if sandboxing can be bypassed. Additionally, the `onMessagePublish` method in `HookProviderImpl.java` contains a comment '安全屏障,后续更新' (Security barrier, subsequent updates), indicating incomplete or potential security vulnerabilities related to MQTT message processing that require further attention. The permissive CORS configuration (`addAllowedOriginPattern("*")`) may also pose risks depending on deployment context.
Updated: 2026-01-19GitHub
PreviousPage 63 of 713Next