Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

45
37
Medium Cost
mapbox icon
Sec9

Provides AI assistants with direct programmatic access to Mapbox developer APIs, enabling efficient interaction with Mapbox services for application development and resource management.

Setup Requirements

  • ⚠️Requires a Mapbox Access Token (`MAPBOX_ACCESS_TOKEN` environment variable) with appropriate scopes for different operations (e.g., `styles:read`, `styles:write`, `tokens:read`).
  • ⚠️Requires Node.js and npm/npx installed to build and run the server locally.
  • ⚠️The server makes external API calls to Mapbox services, which may incur costs and require network access.
Verified SafeView Analysis
The server correctly handles Mapbox Access Tokens by expecting them via environment variables or authentication context, not hardcoding them. It includes robust input validation using Zod schemas for all tools and performs checks for valid JWT token format. API interactions include error handling for network issues and specific Mapbox API error messages, including scope/permission errors. It does not use 'eval' or similar dangerous functions. The use of external UI resources and static images is managed, but like any external dependency, should be monitored.
Updated: 2026-01-15GitHub
45
5
Medium Cost
mitchchristow icon

unity-mcp

by mitchchristow

Sec8

Enables an AI assistant to directly control and interact with the Unity Editor for game development tasks.

Setup Requirements

  • ⚠️Requires Node.js 18+ installed.
  • ⚠️Requires the Unity Editor to be running with the `org.christowm.unity.mcp` package installed and its internal HTTP/WebSocket servers active on ports 17890/17891.
  • ⚠️Antigravity IDE requires global MCP configuration using absolute paths to the `gateway/index.js` file, not project-specific or relative paths.
Verified SafeView Analysis
The Node.js gateway acts as a local proxy between the IDE and the Unity Editor. It connects to the Unity Editor's RPC server and WebSocket server, both hardcoded to localhost (127.0.0.1:17890 for HTTP RPC, 127.0.0.1:17891 for WebSocket events). This local-only network interaction significantly reduces external attack surface. No 'eval' or direct execution of arbitrary code from user input is observed in the provided gateway code. Tool inputs are defined via schemas, and parameters are mapped to specific Unity RPC methods, limiting arbitrary command injection on the Node.js side. The primary security considerations would be the robustness and input sanitization of the Unity Editor's internal MCP server implementation (not provided in this source code).
Updated: 2025-12-07GitHub
45
27
Medium Cost
the-momentum icon

python-ai-kit

by the-momentum

Sec9

A Model Context Protocol (MCP) server built with FastMCP for integrating AI assistants with external data sources and tools, providing a structured way for agents to access custom functionalities.

Setup Requirements

  • ⚠️Requires API key for LLM provider (e.g., OpenAI, Anthropic) if the MCP tools or integrated agents use LLMs.
  • ⚠️Requires Python 3.12+.
  • ⚠️Uses `uv` for dependency management.
Verified SafeView Analysis
The project demonstrates strong security practices, including the use of Pydantic SecretStr for sensitive configurations and Fernet encryption scripts for API keys. It employs HMAC for secure token generation in SQLAdmin. No 'eval' or obvious hardcoded secrets were found in the provided source. The primary security consideration for the MCP server is proper deployment and access control if exposed to public networks, as its core function is to expose tools.
Updated: 2025-12-11GitHub
45
51
Low Cost
hostinger icon

api-mcp-server

by hostinger

Sec8

The Model Context Protocol (MCP) server enables AI models to interact with Hostinger API services for hosting, domain management, billing, email marketing, and VPS management.

Setup Requirements

  • ⚠️Requires Node.js version 24 or higher.
  • ⚠️Requires `API_TOKEN` environment variable for authentication with Hostinger API.
  • ⚠️File-based deployment tools (e.g., WordPress import, plugin/theme deploy, JS/Static app deploy) require local file system access, meaning the server must run in an environment where it can access these specified local files.
Verified SafeView Analysis
The server correctly uses environment variables for API authentication (API_TOKEN) and avoids hardcoding sensitive information. It utilizes standard libraries like Axios for HTTP requests and tus-js-client for file uploads, which generally follow secure practices. Custom tools handle local file paths for deployment operations; while file system access is a potential attack vector, the current implementation focuses on reading files for upload rather than executing arbitrary commands based on user-provided paths, and includes basic file existence and format validation. There are no obvious `eval` or direct arbitrary command execution patterns in the runtime server logic.
Updated: 2026-01-13GitHub
45
39
Medium Cost
freema icon

mcp-gsheets

by freema

Sec9

A Model Context Protocol (MCP) server for Google Sheets API integration, enabling reading, writing, and managing Google Sheets documents directly from MCP clients like Claude Code, Claude Desktop, or Cursor.

Setup Requirements

  • ⚠️Requires Node.js v18 or higher.
  • ⚠️Requires a Google Cloud Project with the Google Sheets API enabled.
  • ⚠️Requires a Google Service Account with JSON key file, or direct private key/email, and 'Editor' permissions on target spreadsheets.
Verified SafeView Analysis
The server demonstrates strong security practices, including explicit reliance on environment variables for sensitive Google Cloud credentials (avoiding hardcoding), comprehensive input validation using Zod and custom helpers, and robust error handling. No 'eval' or obfuscation was found. The interaction with Google Sheets API occurs over HTTPS, and local execution uses stdio, limiting direct network exposure. The `parseJsonInput` utility uses `JSON.parse`, which is safe for its intended use case of parsing configuration objects.
Updated: 2025-12-15GitHub
45
42
Low Cost
inai-sandy icon

inAI-wiki

by inai-sandy

Sec9

A collaborative, open-source knowledge hub and index for a wide array of AI resources, including news, applications, agents, LLMs, and Model Context Protocol (MCP) servers.

Setup Requirements

  • ⚠️Requires Jekyll (Ruby-based static site generator) to run locally.
Verified SafeView Analysis
The provided source code consists primarily of Markdown files for a static website (Jekyll theme). There is no executable server-side code (e.g., Python, Node.js, Go) for an actual 'MCP Server' or any other dynamic application. Therefore, common server-side security risks such as 'eval' usage, obfuscation, network vulnerabilities from dynamic routes, or hardcoded secrets within active server logic are not applicable to this repository itself. The project explicitly details a `SECURITY.md` for vulnerability reporting, which is a good practice. The main risk, as with any content repository, would be malicious content in contributed Markdown files if not properly reviewed, but this is a content-level risk, not a code execution one. The score reflects the inherent low risk of running this as a static site.
Updated: 2026-01-19GitHub
45
52
Medium Cost
IzumiSy icon
Sec9

Manages and queries a knowledge graph using DuckDB as an embedded backend for AI agent memory, specifically designed for the Model Context Protocol.

Setup Requirements

  • ⚠️Requires Node.js 24.x
  • ⚠️Primarily designed for integration with Model Context Protocol (MCP) clients such as Claude Desktop
Verified SafeView Analysis
The server uses parameterized SQL queries via the `@duckdb/node-api` library, effectively preventing SQL injection vulnerabilities. Input validation for all MCP tool calls is handled robustly using Zod schemas. Communication occurs over standard I/O (stdio), limiting direct network exposure. No hardcoded secrets or 'eval' usage were identified. File system operations are confined to managing the DuckDB data file.
Updated: 2026-01-13GitHub
45
25
Low Cost
saaslabsco icon

justcall-mcp-server

by saaslabsco

Sec9

Enables Large Language Models (LLMs) and AI agents to make real-world voice calls, send SMS, and manage other telephony features directly through JustCall’s APIs.

Setup Requirements

  • ⚠️Requires JustCall API Key & Secret (paid JustCall account).
  • ⚠️Requires an MCP-compatible client (e.g., Claude Desktop/Web, ChatGPT Plus/Pro/Business/Enterprise) for interaction.
  • ⚠️The server acts as a proxy; actual voice/SMS/AI usage will incur costs from JustCall and the interacting LLM platform.
Verified SafeView Analysis
The server implements OAuth2 authentication with PKCE (Proof Key for Code Exchange) using S256, which is a strong security standard. All protected endpoints (`/mcp`, `/sse`, `/sse/message`) require Bearer token authentication, which is validated upon each request. API keys are expected to be provided via environment variables (`JUSTCALL_API_KEY`, `JUSTCALL_API_SECRET`) or as a bearer token in the `Authorization` header, preventing hardcoding. Input validation is performed using Zod schemas, mitigating common input-related vulnerabilities. No 'eval' or other directly dangerous functions are observed in the provided source, and network calls are restricted to the official JustCall API. The server is designed to run in environments like Cloudflare Workers, which can offer additional security benefits.
Updated: 2026-01-09GitHub
45
64
Low Cost
DataZooDE icon

flapi

by DataZooDE

Sec3

A fast and flexible API gateway powered by DuckDB, providing configurable HTTP and MCP endpoints for data access and management, with built-in caching, authentication, and rate-limiting features.

Setup Requirements

  • ⚠️Requires C++ toolchain (e.g., g++ or clang, make) for server compilation.
  • ⚠️Requires Node.js 20+ for building and running the companion CLI.
  • ⚠️Implicitly requires DuckDB library, which is integrated and managed as part of the C++ build process.
Review RequiredView Analysis
Critical SQL Injection Vulnerability: The `QueryExecutor` directly executes SQL query strings (`duckdb_query(conn, query.c_str(), &result)`) which are constructed from Mustache templates and user-provided parameters. While a `RequestValidator` attempts to prevent SQL injection using regex, this method is fundamentally insufficient and prone to bypasses, posing a severe risk. This allows malicious users to execute arbitrary SQL commands including data exfiltration, modification, or deletion. Additionally, `executeWrite` splits queries by semicolon, enabling multi-statement injection. It is recommended to use parameterized queries with prepared statements for all user-controlled inputs. Other security aspects like JWT/OIDC authentication are implemented using standard libraries (jwt-cpp, OpenSSL) which is a positive, and AWS Secrets Manager integration leverages DuckDB's secret management, but the core SQL execution flaw is critical.
Updated: 2026-01-19GitHub
45
53
Low Cost
manusa icon
Sec6

A Model Context Protocol (MCP) server that enables AI assistants to interact with container runtimes like Podman and Docker for container management tasks.

Setup Requirements

  • ⚠️Requires Podman or Docker CLI to be installed and available in the system's PATH.
  • ⚠️Easily installed via npm (requiring Node.js) or pip (requiring Python) which then downloads and runs the Go binary.
  • ⚠️Exposes powerful container management capabilities; careful consideration of client trust and network exposure (if using HTTP mode) is critical.
Verified SafeView Analysis
The server's primary function is to wrap and execute Podman/Docker CLI commands based on incoming requests. While Go's `os/exec.Command` prevents direct shell injection by not invoking a shell, arguments (such as `imageName`, `name`, `containerFile`, `environment` variables) are passed directly to the `podman` executable without explicit content sanitization by the server. This exposes a risk of 'argument injection' or exploitation of potential vulnerabilities within the `podman` or `docker` CLI itself if malicious or malformed inputs are provided. As the server allows powerful operations like running, stopping, and removing containers/images, exposing it to untrusted input sources (e.g., over HTTP without strong authentication/authorization) could lead to destructive actions on the host system. The server does not contain obvious malicious patterns or hardcoded secrets.
Updated: 2026-01-19GitHub
45
13
Medium Cost
awslabs icon
Sec9

The server acts as an AI agent providing expert assistance on OSCAL (Open Security Controls Assessment Language) by leveraging specialized tools and Amazon Bedrock's knowledge base capabilities.

Setup Requirements

  • ⚠️Requires an AWS Account with Bedrock access to use the `query_oscal_documentation` tool effectively.
  • ⚠️The `OSCAL_KB_ID` environment variable must be configured with a valid Amazon Bedrock Knowledge Base ID for the documentation query tool to function. Without it, the feature defaults to an unimplemented local fallback.
  • ⚠️Developed with Python 3.11 and 3.12 compatibility; other Python versions may not be fully supported.
Verified SafeView Analysis
The codebase demonstrates strong security practices. It explicitly implements file integrity checks using SHA-256 hashes against a `hashes.json` manifest for both OSCAL schemas and documentation directories at server startup. This prevents the server from operating with tampered or corrupted bundled content. Configuration for sensitive details like AWS credentials and Bedrock IDs are handled through environment variables, with no hardcoded secrets found. The server defaults to binding to `127.0.0.1`, limiting network exposure. Interaction with AWS Bedrock is via the official Boto3 SDK, relying on AWS's inherent service security. The primary point of external interaction (Bedrock KB) relies on the security posture of the AWS account and the content within the knowledge base, which is outside the direct control of this server's codebase.
Updated: 2026-01-13GitHub
44
40
Medium Cost
freema icon
Sec5

Extracts UI component information, HTML, CSS, and design tokens from Storybook instances for analysis and integration into development workflows.

Setup Requirements

  • ⚠️Requires Node.js 18+.
  • ⚠️A running Storybook instance is required for functionality, configured via `STORYBOOK_URL`.
  • ⚠️Requires Chrome/Chromium to be installed on the host system for Puppeteer functionality.
  • ⚠️Using `NODE_TLS_REJECT_UNAUTHORIZED=0` to bypass SSL certificate validation for self-signed certificates carries significant security risks.
Review RequiredView Analysis
The server connects to external Storybook instances and uses Puppeteer to render dynamic content. Puppeteer is launched with several security-disabling flags (`--no-sandbox`, `--disable-setuid-sandbox`, `--disable-web-security`, `--ignore-certificate-errors`), which significantly reduce the isolation and security of the browsing context. Additionally, the `NODE_TLS_REJECT_UNAUTHORIZED=0` environment variable, used for self-signed certificates, bypasses critical SSL/TLS security checks, making connections vulnerable to man-in-the-middle attacks. While `get_external_css` includes domain validation, these broader configurations expose the system to risks, especially if connecting to untrusted or compromised Storybook instances. The dependency `pac-resolver` (indirectly via `proxy-agent`) uses `degenerator`, which can involve `eval` for PAC file processing, adding a minor attack surface, though typically constrained.
Updated: 2026-01-10GitHub
PreviousPage 66 of 713Next