Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

45
46
Medium Cost
Sec8

The MCP Server provides a standardized API for AI assistants (LLMs) to access and process U.S. Census Bureau data and geography information, enabling data retrieval and analysis through an agent-like interface.

Setup Requirements

  • ⚠️Requires a U.S. Census Bureau API Key (`CENSUS_API_KEY`).
  • ⚠️Requires Docker and Docker Compose for easy setup and database management.
  • ⚠️Initial database seeding can be time-intensive due to fetching large datasets from the Census API and processing them.
Verified SafeView Analysis
The server uses environment variables for sensitive data like `CENSUS_API_KEY` and `DATABASE_URL`, which is good practice. Input validation is implemented using `zod` schemas. Database interactions largely use parameterized queries, which mitigates common SQL injection risks. However, the `recordApiCall` and `hasApiBeenCalled` functions directly interpolate the `url` parameter into SQL queries. While `url` is typically constructed internally from trusted Census API endpoints, this pattern could pose a risk if malicious user input could somehow manipulate this variable without prior sanitization.
Updated: 2026-01-16GitHub
45
6
High Cost

Enables AI assistants to integrate with FreeCAD for assisted development and debugging of 3D models, macros, and workbenches, supporting various CAD operations and environment introspection.

Setup Requirements

  • ⚠️Requires Python 3.11 to match FreeCAD's bundled Python for ABI compatibility; mismatch causes fatal crashes.
  • ⚠️Embedded connection mode crashes on macOS/Windows due to FreeCAD's library linking; use XML-RPC or Socket mode on these platforms.
  • ⚠️Requires the 'Robust MCP Bridge workbench' to be installed and manually started inside FreeCAD for XML-RPC and Socket modes.
  • ⚠️Docker deployments require `--add-host=host.docker.internal:host-gateway` and `FREECAD_SOCKET_HOST=host.docker.internal` to connect to FreeCAD on the host.
Verified SafeView Analysis
CRITICAL: The `execute_python` tool allows execution of arbitrary Python code within the FreeCAD environment, which can lead to severe security vulnerabilities if untrusted input is processed. This grants full access to the underlying system and FreeCAD's capabilities, including file system access and network operations (if FreeCAD itself is configured for them). While the `ServerConfig` includes `enable_sandbox: True` and `allow_network_access: False`, the effectiveness and scope of this sandbox are not explicitly detailed, and the direct `exec()` usage in the `_execute_code` method bypasses Python's normal security checks. Deploying this server on a system with sensitive data or network access, especially if exposed beyond localhost, is a significant risk. Users must carefully manage the trust level of the AI assistant and the code it generates. Additionally, the default `socket_host` can be configured to `0.0.0.0` making the server externally accessible.
Updated: 2026-01-19GitHub
45
41
Medium Cost
democratize-technology icon

vikunja-mcp

by democratize-technology

Sec10

Facilitates integration and automation of Vikunja task and project management by exposing its API functionalities via the Model Context Protocol (MCP), enabling structured, AI-driven interactions.

Setup Requirements

  • ⚠️Authentication Requirements: Requires a Vikunja API URL (VIKUNJA_URL) and API token (VIKUNJA_API_TOKEN). Certain operations (e.g., user management, data export) strictly require JWT authentication, which might necessitate changing the API token type.
  • ⚠️Vikunja API Limitations: The Vikunja 'Users' API endpoint is known to sometimes fail with standard API tokens, potentially impacting features that rely on user resolution, such as assignee assignments during batch imports.
  • ⚠️Performance for Large Datasets: Operations like 'vikunja_export_project' can consume significant memory for very large projects with numerous tasks or deep hierarchies, requiring awareness of configured limits or careful usage.
  • ⚠️Specific Permissions: Webhook operations and certain other advanced features may require API tokens with additional, specific permissions beyond basic access rights.
Verified SafeView Analysis
The project demonstrates an extremely high focus on security. It includes comprehensive input sanitization (XSS, SQL injection, Command Injection, Path Traversal, LDAP/NoSQL injection, Unicode bypass, Prototype Pollution) with 180+ regex patterns and 40 dedicated test cases. Production-grade rate limiting with circuit breakers and mutexes is implemented to prevent DoS attacks, memory leaks, and race conditions, explicitly addressing architectural flaws. Sensitive data like API tokens are handled via environment variables and masked in logs. The 'defense in depth' strategy is robust and well-documented.
Updated: 2026-01-11GitHub
45
40
Low Cost
Sec8

Provides AI assistants with comprehensive tools to interact with Contentful APIs for content creation, management, asset organization, workflow automation, and content modeling.

Setup Requirements

  • ⚠️Requires a Contentful Management API personal access token, which is a sensitive credential.
  • ⚠️Requires Node.js >=22.0.0 and npm >=10.0.0.
  • ⚠️Requires a Contentful account with a Space ID.
Verified SafeView Analysis
The project uses Contentful Management API tokens, which are handled as environment variables, a good security practice. It utilizes `child_process.execSync` in the license update script, but for a controlled, internal dependency check (`license-checker-rseidelsohn`). No obvious malicious patterns or widespread use of `eval` or similar dangerous functions were identified. Adherence to environment variable best practices for sensitive credentials is key to maintaining security.
Updated: 2026-01-16GitHub
45
13
Medium Cost
xjustloveux icon

aspose-mcp-server

by xjustloveux

Sec9

Provides powerful office document processing capabilities (Word, Excel, PowerPoint, PDF) to Model Context Protocol (MCP) clients, enabling AI agents to interact with documents.

Setup Requirements

  • ⚠️Requires a valid Aspose license for full functionality; otherwise, it runs in trial mode with watermarks and limitations.
  • ⚠️For Linux/macOS, `libgdiplus` is required for certain image processing functions (e.g., slide export, thumbnail generation).
  • ⚠️While pre-compiled versions are self-contained, running from the DLL requires a .NET 8.0 Runtime installation.
Verified SafeView Analysis
The project demonstrates strong security practices including comprehensive path validation (preventing traversal attacks, limiting length, validating characters), array and string input validation, and robust error message sanitization to prevent information leakage in production. It supports optional API Key and JWT authentication with various modes and caching, and allows for session isolation. No obvious hardcoded secrets or malicious patterns were found. Code quality exceptions are well-documented and justified.
Updated: 2026-01-17GitHub
45
54
Medium Cost
gleanwork icon

mcp-server

by gleanwork

Sec8

The Glean MCP Server facilitates integration between AI clients (like LLMs or coding assistants) and Glean's enterprise knowledge base, providing tools for company search, people profile search, chat with Glean AI, and document retrieval.

Setup Requirements

  • ⚠️Requires `mise` for environment setup (Node.js and pnpm).
  • ⚠️Mandatory environment variables: `GLEAN_INSTANCE` and `GLEAN_API_TOKEN` for authentication with the Glean API.
  • ⚠️Recommended to use Glean's remote MCP server for better performance and updates, indicating this local server is primarily for experimental/testing use.
Verified SafeView Analysis
The server uses environment variables for sensitive API tokens (GLEAN_API_TOKEN), which is a good practice. Input validation for tool arguments is enforced using Zod schemas, significantly mitigating injection risks. Communication is via stdio, reducing external network attack surface. Docker deployment options suggest good security practices like dropping privileges and read-only filesystems. A direct `fetch` is used in `read_documents.ts` (noted as a workaround for an SDK bug) for Glean API calls, manually constructing headers, but the values for `Authorization` and `X-Glean-ActAs` still originate from controlled environment variables, so no immediate user-controlled injection is apparent. The `open` utility is used to display launch warnings, but the URLs are hardcoded to a Glean-controlled domain and package version, minimizing the risk of opening arbitrary malicious links.
Updated: 2026-01-15GitHub
45
16
High Cost
pwno-io icon

treesitter-mcp

by pwno-io

Sec8

Provides a Model Context Protocol (MCP) server and CLI for static code analysis using Tree-sitter.

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️Critical dependency inconsistency: `pyproject.toml` specifies `tree-sitter>=0.22.0`, but `docs/ARCHITECTURE.md` explicitly warns that newer versions of Tree-sitter (beyond 0.21.3) introduced breaking API changes which the code relies on. This discrepancy is likely to cause installation or runtime failures due to incompatible `tree-sitter` core or language bindings.
  • ⚠️Installing directly with `uv pip install treesitter-mcp` (or similar for other package managers) is recommended as the project includes multiple `tree-sitter-<language>` bindings.
Verified SafeView Analysis
The `treesitter_run_query` tool allows executing arbitrary Tree-sitter queries provided by the user. While Tree-sitter queries do not allow arbitrary code execution, a complex or resource-intensive query could potentially be used for a Denial-of-Service (DoS) attack by consuming excessive CPU or memory. File path handling for input and output files uses standard Python `os.path` functions (`abspath`, `expanduser`) and writes results to specified `output_file` paths, potentially overwriting existing files. No explicit hardcoded secrets or malicious patterns were found.
Updated: 2026-01-14GitHub
45
44
Medium Cost
yuna0x0 icon

hackmd-mcp

by yuna0x0

Sec7

The server provides an interface for LLM clients to access and manage HackMD notes, teams, user profiles, and reading history through the HackMD API.

Setup Requirements

  • ⚠️Requires a personal HackMD API Token, which must be created and securely provided.
  • ⚠️Requires Node.js 18+ to run.
  • ⚠️If self-hosting via HTTP transport, the endpoint must be secured by the user to prevent unauthorized access to your HackMD API token.
Verified SafeView Analysis
The server handles sensitive HackMD API tokens via environment variables or HTTP headers. It includes a feature to restrict allowed HackMD API URLs, which is a good security practice. However, if self-hosting the HTTP transport with a pre-configured token, the README explicitly warns that the endpoint must be protected with authentication, otherwise anyone can access the server using the configured token. There is also a point where base64-encoded config from query parameters is JSON parsed, which, while mitigated by subsequent schema validation, could potentially be a vector for malformed data attacks if not robustly handled by the underlying MCP SDK.
Updated: 2025-11-28GitHub
45
61
High Cost
gradion-ai icon

ipybox

by gradion-ai

Sec8

A Python code execution sandbox for AI agents to programmatically interact with MCP tools and execute code actions in a stateful, sandboxed environment.

Setup Requirements

  • ⚠️Requires `@anthropic-ai/sandbox-runtime` (npm package) for full sandboxing features, along with system dependencies (e.g., `ripgrep`, `bubblewrap`).
  • ⚠️Sandboxing with `sandbox-runtime` is primarily supported on macOS; Linux/Windows users must run without sandboxing or use Docker, implying higher security risk if not properly contained.
  • ⚠️Secrets like API keys (e.g., `GITHUB_API_KEY`, `BRAVE_API_KEY`) must be provided via environment variables or a `.env` file.
Verified SafeView Analysis
The server is explicitly designed to execute untrusted Python code. It provides strong mitigation through Anthropic's `sandbox-runtime` for kernel isolation (filesystem and network control) and mandates application-level approval for all MCP tool calls. However, `sandbox-runtime` currently has platform limitations (primarily macOS support), and running `ipybox` without sandboxing (an available option, though warned against) carries significant security risks, as it would execute arbitrary code directly on the host machine. Docker containerization is suggested for Linux/Windows to mitigate this.
Updated: 2026-01-19GitHub
45
48
Medium Cost
WhenMoon-afk icon

claude-memory-mcp

by WhenMoon-afk

Sec9

Provides local, persistent, and searchable memory for AI assistants like Claude Desktop, enabling them to store and recall information efficiently.

Setup Requirements

  • ⚠️Requires Node.js 18+ to be installed on the host machine.
  • ⚠️Initial startup may be slow (30+ seconds) if using the `npx github:` method for the first time, as it downloads and installs dependencies.
  • ⚠️For Windows, using the `npx github:whenmoon-afk/claude-memory-mcp` command might require wrapping it in `cmd /c` or providing the full path to `npx.cmd` in some environments, as documented in the README.
Verified SafeView Analysis
The server is designed for local-first operation, primarily interacting with a SQLite database. SQL interactions use prepared statements, mitigating SQL injection risks. There are no instances of `eval` or explicit code obfuscation. Cloud synchronization (via `cloud.ts`) is an opt-in feature, handling API keys through environment variables or a dedicated config file, and communicating with a specified external API endpoint. The external API endpoint itself (Convex.site) should be trusted by the user for cloud sync to be used. Overall, the security practices appear solid for its intended use.
Updated: 2026-01-18GitHub
45
46
High Cost
VictoriaMetrics-Community icon

mcp-victorialogs

by VictoriaMetrics-Community

Sec8

The Model Context Protocol (MCP) server for VictoriaLogs provides an interface for AI clients to interact with VictoriaLogs APIs and documentation, enabling querying logs, exploring data, viewing instance parameters, and accessing log statistics.

Setup Requirements

  • ⚠️Requires an existing VictoriaLogs instance (single-node or cluster) to connect to.
  • ⚠️Go 1.24+ is required if building from source.
  • ⚠️Proper configuration of `VL_INSTANCE_ENTRYPOINT` and `VL_INSTANCE_BEARER_TOKEN` environment variables is critical for functionality and security.
Verified SafeView Analysis
The server is written in Go, which reduces common security vulnerabilities found in less type-safe or dynamic languages. It uses environment variables for sensitive configuration like `VL_INSTANCE_BEARER_TOKEN`, which is good practice. HTTP requests to the VictoriaLogs instance are constructed using `net/url.Query().Add()`, which properly URL-encodes parameters, mitigating injection risks. Custom HTTP headers are handled after explicit `Authorization` headers, preventing accidental overrides of the primary authentication token. The main security consideration lies in the configuration of the upstream VictoriaLogs instance; if not properly secured with access controls (e.g., via vmauth), broad or resource-intensive queries issued through this MCP server could pose risks to the backend. The MCP server itself appears to follow good security practices within its scope.
Updated: 2026-01-14GitHub
45
76
High Cost
kopfrechner icon

gitlab-mr-mcp

by kopfrechner

Sec8

Enables AI agents to programmatically interact with GitLab merge requests and issues via the Model Context Protocol.

Setup Requirements

  • ⚠️Requires Node.js runtime
  • ⚠️Requires a GitLab Access Token with 'api' or 'read_api' scopes for full functionality
  • ⚠️Requires the GitLab instance host to be configured
Verified SafeView Analysis
The server uses environment variables for sensitive GitLab API tokens, which is good practice. No 'eval' or direct command injection through 'exec' (which is imported but not used with user input) is present. The primary security consideration is the scope and permissions of the GitLab access token provided to the server, as it grants programmatic access to GitLab resources. Ensure the token has only the necessary permissions.
Updated: 2026-01-07GitHub
PreviousPage 65 of 713Next