Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
SCIAM-FR icon

server-mcp

by SCIAM-FR

Sec9

Manages blog articles with search and creation capabilities via the Model Context Protocol, intended for integration with AI assistants like Claude Desktop.

Setup Requirements

  • ⚠️Requires Java Development Kit (JDK) 21 to run.
  • ⚠️Requires Maven to build the executable JAR.
  • ⚠️Claude Desktop configuration requires an absolute path to the generated JAR file.
Verified SafeView Analysis
The server operates via stdin/stdout transport, limiting direct network exposure. Data is stored in-memory, mitigating common database-related vulnerabilities like SQL injection. Input validation is minimal beyond type enforcement, but given the in-memory nature and lack of external dependencies, direct code injection or severe exploits are unlikely. Potential for denial of service exists if large numbers of very large articles are created, exhausting memory resources in the in-memory repository.
Updated: 2025-11-20GitHub
0
0
Low Cost
earlbellen icon
Sec8

Enables Copilot in Visual Studio Code to query Microsoft 365 tenant data using the Microsoft Graph API for administrative insights.

Setup Requirements

  • ⚠️Requires 'Application Administrator' or 'Cloud Application Administrator' role in Entra ID tenant.
  • ⚠️Requires PowerShell to be run as Administrator for installation and configuration steps.
  • ⚠️The server itself is a Microsoft-hosted service, not intended for local deployment from this repository.
Verified SafeView Analysis
The provided "source code" consists of a README and PowerShell setup instructions, not the actual server implementation. The setup involves registering Microsoft-owned applications in an Entra ID tenant and granting specific delegated (read-only) permissions. The service emphasizes least privilege, no data storage, and audit logging. The security score reflects the robust security principles and transparency outlined for the setup, acknowledging that the actual server implementation code is not available for a direct audit. Risks are mitigated by using known Microsoft application IDs and delegated permissions.
Updated: 2025-11-27GitHub
0
0
Medium Cost
ldraney icon
Sec9

Controls Ableton Live via Claude Code, enabling natural language interaction for music production tasks.

Setup Requirements

  • ⚠️Requires Ableton Live with AbletonOSC (forked version recommended for full features like device insertion) installed and enabled.
  • ⚠️The `abletonosc-client` dependency needs to be installed from a local file path (`../ableton-music-development`), not a public PyPI package, requiring manual cloning of a separate repository.
  • ⚠️Many operations interacting with Ableton Live require explicit `time.sleep()` calls (e.g., 0.1s to 0.3s) after execution for Ableton to process changes, as noted in the troubleshooting guide.
  • ⚠️Certain UI-dependent operations, like `track_insert_device`, require the target track to be actively selected in Ableton Live's UI using `view_set_selected_track` beforehand.
Verified SafeView Analysis
The server's source code primarily acts as a wrapper around the `abletonosc-client` library to interact with Ableton Live locally via OSC (UDP). It does not expose any network services itself beyond the standard MCP stdio interface. File system access for `browser_scan_packs_from_disk` and `browser_generate_local_cache` is limited to user-specific music directories and local project files, reducing risk. No direct use of `eval` or `subprocess` for untrusted input is evident. The primary security consideration would be potential vulnerabilities within the `abletonosc-client` or the AbletonOSC MIDI Remote Script itself, which are external dependencies not fully provided for review. Given the provided code, it appears safe.
Updated: 2026-01-19GitHub
0
0
Low Cost
bioanywhere icon
Sec7

Dockerized deployment configuration for a Microservices Control Plane (MCP) server, managing its containerization and orchestration.

Setup Requirements

  • ⚠️Docker is required to build and run the server.
  • ⚠️The actual application code for the 'gitlab-mcp-server' is not provided; this repository only contains its Docker deployment configuration, implying the Dockerfile would contain the application build steps.
  • ⚠️GCP Project ID and Credentials are required as secrets for CI/CD if leveraging Google Artifact Registry for image management.
Verified SafeView Analysis
The provided source code files (docker-compose.yml, README.md, run.sh) do not contain 'eval', obfuscation, hardcoded secrets for runtime, or immediately malicious patterns. Network exposure is limited to port 3000, which is standard. GCP credentials for CI/CD are expected to be external secrets for the build/push process. CRITICAL NOTE: The Dockerfile content is not provided, making a full security audit of the application's build process and internal dependencies impossible. The security score reflects only the provided configuration files; the actual application's security or vulnerabilities introduced by the Dockerfile's build process are unknown.
Updated: 2025-12-02GitHub
0
0
Low Cost
dustingelegonya icon

zed-mainframe

by dustingelegonya

Sec8

Zed extension enabling AI agents in the Agent Panel to access a mainframe knowledge graph via an MCP context server.

Setup Requirements

  • ⚠️Requires the `mainframe-mcp` binary to be manually built or placed at `~/.local/bin/mainframe-mcp`.
  • ⚠️Requires a running PostgreSQL instance with a `mainframe` database (Docker Compose setup provided for local development).
  • ⚠️For building from source, Rust with the `wasm32-wasip1` target is required.
Verified SafeView Analysis
The extension's Rust code safely constructs and executes an external command (`mainframe-mcp`) based on either hardcoded defaults or user-defined settings.json configuration. It does not perform dynamic code evaluation. A hardcoded default PostgreSQL credential (`mainframe:mainframe-local`) is present for local development but is overrideable. The main security consideration is ensuring the `mainframe-mcp` binary itself is trusted, and that `settings.json` is not maliciously altered by a user to execute arbitrary commands, a risk inherent to configurable extensions.
Updated: 2026-01-16GitHub
0
0
Low Cost
kiki830621 icon

che-logic-pro-mcp

by kiki830621

Sec1

Controls Logic Pro on macOS using AppleScript for UI automation and CoreMIDI for musical interactions.

Setup Requirements

  • ⚠️Requires macOS 13+ and Logic Pro installed.
  • ⚠️Requires Swift 5.9+ for building.
  • ⚠️Manual macOS System Settings permissions required for Accessibility and Automation for System Events control.
  • ⚠️Virtual MIDI ports must be manually enabled in Logic Pro's preferences after creation.
  • ⚠️MIDI Machine Control (MMC) requires enabling in Logic Pro's Synchronization settings.
Review RequiredView Analysis
The server has critical security vulnerabilities. The `logic_screenshot` tool directly interpolates user-provided `save_path` into a `do shell script` command within AppleScript without proper sanitization. This allows for arbitrary shell command injection, meaning a malicious input to `save_path` could execute any command on the user's system (e.g., `save_path: "/tmp/foo.png' && rm -rf /"`). Additionally, while the `logic_shortcut` tool attempts to construct keyboard shortcuts, the `buildModifierClause` function has a `default` case that directly interpolates an unvalidated modifier string, which could lead to AppleScript injection attempts if crafted maliciously (though it's more likely to cause syntax errors here). The underlying `NSAppleScript(source:)` and `do shell script` mechanisms are inherently dangerous when inputs are not rigorously sanitized.
Updated: 2026-01-19GitHub
0
0
High Cost
gallis-local icon

mcp-outline

by gallis-local

Sec9

Enables AI assistants to interact with Outline document services for natural language document management and Q&A.

Setup Requirements

  • ⚠️Requires an Outline account with API access and a valid API key (cost dependent on Outline subscription).
  • ⚠️Requires Python 3.10+ to run.
  • ⚠️Docker is highly recommended for running the server to manage dependencies.
Verified SafeView Analysis
API key is loaded from environment variables, which is a standard secure practice. There are no obvious 'eval' or dynamic code execution patterns. The Docker deployment configuration explicitly binds the server port to localhost (127.0.0.1:3001:3001), limiting network exposure. Comprehensive error handling is in place for Outline API calls.
Updated: 2026-01-16GitHub
0
0
Low Cost
NANDINIGC22 icon

sqlite-mcp-server

by NANDINIGC22

Sec1

Provides a dynamic SQLite database server as an MCP tool, allowing creation, table management, data insertion, and natural language querying of databases.

Setup Requirements

  • ⚠️Requires broad (C:/) file system permissions, which is a major security risk for the host environment.
  • ⚠️Hardcoded Windows path for `BASE_DIR` (C:\AIProjects\MCPPROJECTS) makes it non-portable to other operating systems or environments without modification.
  • ⚠️Requires `mcp[server]` and `fastmcp` dependencies to be installed.
Review RequiredView Analysis
CRITICAL security risks identified: 1. Arbitrary File System Access: The `mcp.json` explicitly grants full file system access to `C:/`, which is extremely dangerous and allows the server to read, write, or delete any file on the drive. 2. SQL Injection (create_table): The `columns` parameter in `create_table` is directly concatenated into the SQL query without proper sanitization, allowing malicious SQL injection via crafted column names or types. 3. SQL Injection (insert_records): The keys of `records` (used as column names) in `insert_records` are directly concatenated into the SQL query, making it vulnerable to injection if an attacker controls the record keys. 4. SQL Injection (prompt_query): The `table_name` parameter in `nl_to_sql` (called by `prompt_query`) is directly inserted into the `SELECT` query, creating a severe SQL injection vulnerability where an attacker can execute arbitrary SQL commands by manipulating the table name. 5. Hardcoded Path: `BASE_DIR` is hardcoded to a Windows path (`C:\AIProjects\MCPPROJECTS`), which is poor practice and reduces portability.
Updated: 2025-11-19GitHub
0
0
Medium Cost
seanshin0214 icon
Sec9

Provides a RAG-based knowledge retrieval server for development teams, offering expert persona-specific information and coding best practices via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️The default source directory for `data_loader.py` in its `if __name__ == '__main__':` block points to a specific Windows path on the author's machine, which will likely need to be manually changed or passed as an argument for other users.
  • ⚠️The `sentence-transformers` model (`all-MiniLM-L6-v2`) will be downloaded on first initialization, which can take time and requires an internet connection.
Verified SafeView Analysis
The core server logic appears safe, primarily focused on data retrieval from a local vector store. No 'eval' or similar dangerous functions are used in the main server or data loading logic. The server exposes specific, well-defined tools. One example persona file (`security_lead.md`) contains a hardcoded `SECRET_KEY` (with a warning to change it), which is an example of a potentially unsafe pattern if copied directly, but not a vulnerability within the server's own code. The code snippets in persona files promote good security practices (e.g., parameterized queries, input sanitization).
Updated: 2025-11-28GitHub
0
0
High Cost
taejina icon

acemcp

by taejina

Sec8

MCP server for codebase indexing and semantic search, facilitating code context retrieval for AI agents.

Setup Requirements

  • ⚠️Requires `uv` (a modern Python package installer/runner) to be installed.
  • ⚠️Requires a `BASE_URL` (API endpoint) and `TOKEN` (authentication bearer token) for an external 'ACE' API, which are essential for functionality and likely tied to a paid service.
  • ⚠️The optional web management interface enabled by `--web-port` listens on `0.0.0.0`, potentially exposing it to external networks if not secured by a firewall.
Verified SafeView Analysis
The server processes local file paths (`project_root_path`) and sends code content to a remote API, which introduces dependencies on the security of the specified API endpoint and the integrity of the local file system. While the `project_root_path` is normalized using `Path().resolve()` to mitigate simple path traversal, users should be mindful of the scope of local directories provided. The web management interface, if enabled with `--web-port`, listens on `0.0.0.0` by default, meaning it's accessible from any network interface. While typically meant for local management, users should ensure proper firewalling if enabling this feature to prevent unauthorized access to configuration, logs, or the tool debugger. No direct `eval` or obvious arbitrary command injection vulnerabilities were found.
Updated: 2026-01-19GitHub
0
0
High Cost
zhangrunhao icon

mcp-local-files

by zhangrunhao

Sec9

This server provides a Model Context Protocol (MCP) interface for AI agents to list, read, and search local project files, acting as a bridge for code understanding and interaction.

Setup Requirements

  • ⚠️Requires the PROJECT_ROOT environment variable to be set to an absolute path of the project directory.
  • ⚠️Requires a Node.js runtime environment.
  • ⚠️Designed to be consumed by an MCP client; it does not provide a general-purpose REST API.
Verified SafeView Analysis
The server implements robust security measures for file system access, including a mandatory PROJECT_ROOT environment variable to define the scope, and a 'resolveSafe' function to prevent directory traversal attacks. It explicitly denies access to common sensitive/large directories and binary file extensions. File reading includes truncation and a check for null bytes to reject binary content. No 'eval' or direct arbitrary command execution (outside of controlled SDK dependencies) is observed. The server exits if PROJECT_ROOT is not set, enforcing secure configuration. The use of Zod for input validation is also a positive security practice.
Updated: 2026-01-19GitHub
0
0
Medium Cost
atharvm90 icon

mcp-server-regex

by atharvm90

Sec7

Provides a Model Context Protocol (MCP) server that enables regex pattern searching across files in specified directories.

Setup Requirements

  • ⚠️Requires Python 3.11 or higher to run.
  • ⚠️Requires the 'mcp' Python library to be installed (e.g., `pip install mcp`).
Verified SafeView Analysis
The server handles user-provided regex patterns, which introduces a potential Regex Denial of Service (ReDoS) vulnerability if a malicious or complex pattern is provided. It also performs file system traversal and reads file contents, which could lead to resource exhaustion if used on extremely large directories or files without proper limits, though the `max_depth` parameter helps mitigate this. File read errors and permission issues are handled gracefully, preventing crashes. No direct 'eval' or other obvious arbitrary code execution vulnerabilities were found.
Updated: 2026-01-19GitHub
PreviousPage 642 of 713Next