Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

44
41
Low Cost
MDalamin5 icon
Sec3

This MCP Server provides an API gateway for an AutoGen multi-agent system to interact with Notion via the Model Context Protocol (MCP), enabling AI-driven automation of Notion tasks and public exposure through ngrok.

Setup Requirements

  • ⚠️Requires Ollama server running locally with `llama3.1` or `qwen3:14b` model pulled.
  • ⚠️Requires `NOTION_API_KEY` environment variable for Notion access.
  • ⚠️Requires `NGROK_AUTH_TOKEN` environment variable to expose the API publicly via ngrok.
  • ⚠️Requires Node.js and `npx` installed for the MCP remote server.
  • ⚠️The publicly exposed `/run` endpoint has no authentication, making it a severe security vulnerability for production use.
Review RequiredView Analysis
The primary security risk stems from exposing the FastAPI `/run` endpoint publicly via ngrok with `allow_origins=["*"]` (global CORS) and no apparent authentication. This allows anyone to send arbitrary tasks to the AI agent, which can then use its Notion tools (e.g., create, update, delete pages/databases). While API keys are env-loaded (good), the unauthenticated access to the agent's capabilities makes the system highly vulnerable to unauthorized Notion manipulation or data exfiltration. Additionally, `npx mcp-remote` executes external Node.js code, which carries an inherent risk if the source (https://mcp.notion.com/mcp) or the `npx` environment itself were compromised.
Updated: 2026-01-18GitHub
44
40
Medium Cost
yepcode icon

mcp-server-js

by yepcode

Sec9

The YepCode MCP Server enables AI platforms to interact with YepCode's infrastructure, allowing them to run LLM-generated scripts and manage YepCode processes, schedules, variables, and storage as powerful AI tools.

Setup Requirements

  • ⚠️Requires Node.js version 18 or higher to run locally.
  • ⚠️A YepCode Cloud account is required to obtain an API token for authentication.
  • ⚠️The YEPCODE_API_TOKEN environment variable must be set for the server to authenticate with the YepCode platform.
Verified SafeView Analysis
The server uses `zod` for robust input schema validation, which is a strong security practice. Sensitive credentials (`YEPCODE_API_TOKEN`) are correctly handled via environment variables. Arbitrary code execution (`run_code` tool) is delegated to YepCode's secure and isolated cloud sandboxes, mitigating direct execution risks on the host running the MCP server. The overall architecture delegates the critical security aspect of code execution to a trusted third-party platform.
Updated: 2025-12-11GitHub
44
15
Medium Cost
Wolfe-Jam icon

grok-faf-mcp

by Wolfe-Jam

Sec7

Provides a URL-based, zero-configuration Model Context Protocol (MCP) server for Grok/xAI, enabling AI systems to access persistent project context via IANA-registered .faf format and a suite of tools for project analysis and enhancement.

Setup Requirements

  • ⚠️Requires `faf-cli` to be installed globally for full functionality of all tools (e.g., `npm install -g faf-cli`).
  • ⚠️Requires an `XAI_API_KEY` environment variable for RAG-enhanced query tools, which typically involves a paid API subscription.
  • ⚠️Operates on the user's real local filesystem, requiring appropriate permissions and careful path specification (e.g., `~/Projects/my-app`).
Verified SafeView Analysis
The server includes robust `PathValidator` checks to prevent path traversal and limit file sizes for read/write operations, enhancing filesystem security. However, it relies on `child_process.exec` for some FAF CLI commands not natively bundled, which, despite argument sanitization, introduces a dependency on external CLI security and could be a vector for command injection if not perfectly hardened. No obvious hardcoded secrets or malicious patterns were found in the truncated code. Network calls are made to the legitimate xAI API.
Updated: 2026-01-15GitHub
44
42
Medium Cost
ThingsPanel icon

thingspanel-mcp

by ThingsPanel

Sec8

Serves as a Model Context Protocol (MCP) server for the ThingsPanel IoT platform, enabling natural language interaction with IoT devices for querying information, monitoring status, controlling functions, and analyzing platform data.

Setup Requirements

  • ⚠️Requires Python 3.8 or higher.
  • ⚠️Requires a ThingsPanel account and API key.
  • ⚠️Requires a valid ThingsPanel Base URL for API communication.
Verified SafeView Analysis
The server correctly handles sensitive API keys by prioritizing environment variables, command-line arguments, and configuration files, avoiding hardcoding. It uses `httpx` for network requests with proper error handling (`raise_for_status`). User-provided control data is JSON-serialized before being sent to the ThingsPanel API, mitigating direct code injection risks within the client. The main security considerations are the trustworthiness of the configured ThingsPanel API base URL and the security practices around the API key on the user's end.
Updated: 2025-11-27GitHub
44
32
Low Cost
kintone icon

mcp-server

by kintone

Sec9

Provides a local Model Context Protocol (MCP) server for Kintone, enabling AI assistants to interact with Kintone applications via a set of exposed tools.

Setup Requirements

  • ⚠️Requires Node.js (>= 22) or Docker installed.
  • ⚠️Requires Kintone API credentials (base URL and either username/password OR API token) to be provided via environment variables or command-line arguments.
  • ⚠️File download functionality requires the KINTONE_ATTACHMENTS_DIR environment variable to be explicitly set.
Verified SafeView Analysis
The server follows good security practices for handling sensitive credentials (environment variables or command-line arguments) and uses a well-established Kintone REST API client. File download operations are directed to a user-configurable directory (KINTONE_ATTACHMENTS_DIR) and include measures to prevent file overwrites. No direct 'eval' or arbitrary code execution from user input is evident. Potential risks are primarily operational, such as misconfiguring sensitive directories or the security of the hosting environment.
Updated: 2026-01-19GitHub
44
38
Low Cost
nisalgunawardhana icon

How-To-Create-MCP-Server

by nisalgunawardhana

Sec9

This project demonstrates how to set up a basic Model Context Protocol (MCP) server in .NET for interaction with AI tools like Copilot Chat.

Setup Requirements

  • ⚠️Requires .NET SDK 8.
  • ⚠️Requires VS Code with C# Dev Kit extension for optimal development experience.
  • ⚠️Manual creation and specific configuration of `mcp.json` file is required in the project root's `.vscode` directory.
  • ⚠️Integration with Copilot Chat is central to its functionality, requiring the tool to be added within Copilot Chat settings.
Verified SafeView Analysis
The provided code for the MCP server is minimal and does not contain obvious security vulnerabilities like 'eval', obfuscation, or hardcoded secrets. It utilizes standard .NET hosting and Model Context Protocol libraries. The `WithToolsFromAssembly()` method allows loading tools dynamically from the assembly, meaning any custom, user-added tools could introduce risks if not carefully developed. The server primarily uses stdio transport, reducing direct network exposure for the sample.
Updated: 2026-01-11GitHub
44
2
Low Cost
mohrstade icon
Sec9

Provides a semantic layer for BigQuery's Austin Bikeshare public dataset, simplifying data querying and analysis through a defined interface for tools like Claude Desktop.

Setup Requirements

  • ⚠️Requires Python 3.13 or newer.
  • ⚠️Requires the `uv` package installer for the recommended setup as per the README.
  • ⚠️Requires Google Cloud Platform (GCP) authentication (e.g., `gcloud auth application-default login`) to connect to BigQuery, even for public datasets.
Verified SafeView Analysis
Connects to a public BigQuery dataset (`bigquery-public-data`). Uses standard and reputable data libraries (Ibis, boring-semantic-layer). No obvious hardcoded sensitive credentials, 'eval' usage, or malicious patterns were found in the provided source code. Relies on standard GCP authentication mechanisms for BigQuery access, which are assumed to be configured externally.
Updated: 2025-11-26GitHub
44
67
Medium Cost
quarkusio icon
Sec8

A workshop demonstrating how to build AI-infused applications and agentic systems with Quarkus and LangChain4j, specifically focusing on a car management system that uses AI agents for tasks like cleaning, maintenance, and disposition decisions, including communication with remote agents via the Model Context Protocol (MCP) and Agent-to-Agent (A2A) protocol.

Setup Requirements

  • ⚠️Requires JDK 21.0 or later
  • ⚠️Requires an OpenAI API key (paid, free trial credits can be quickly exhausted)
  • ⚠️Requires Podman or Docker (for PostgreSQL Dev Service)
  • ⚠️Requires running two Quarkus applications simultaneously on different ports (8080 and 8888) for A2A communication in advanced steps
Verified SafeView Analysis
The system implements `InputGuardrails` to detect prompt injection using a separate AI service, which enhances security. API keys are handled via environment variables. Network interactions include calls to external weather APIs (`api.open-meteo.com`) and internal A2A communication, which are standard for distributed systems but require careful configuration and trust boundaries. The inherent risk of LLM interpreting prompts for tool execution is present, though mitigated by guardrails and structured tool definitions.
Updated: 2026-01-19GitHub
44
38
Medium Cost
jasonjgardner icon

blockbench-mcp-plugin

by jasonjgardner

Sec2

Integrates the Model Context Protocol (MCP) into Blockbench, allowing AI models to programmatically interact with the 3D modeling software through exposed tools, resources, and prompts.

Setup Requirements

  • ⚠️Requires Blockbench desktop application to be running.
  • ⚠️The MCP plugin must be installed within Blockbench (via 'Load Plugin from URL').
  • ⚠️Requires explicit user permission for network access when the plugin is loaded in Blockbench.
  • ⚠️The server runs as a plugin inside Blockbench; it does not have a standalone 'run' command.
Review RequiredView Analysis
The server includes a 'risky_eval' tool that allows execution of arbitrary JavaScript code directly within the Blockbench plugin's context. While it attempts to filter out `console.` commands and comments, these protections are trivial to bypass with crafted input (e.g., using string concatenation). This presents a severe security risk, as an attacker or compromised AI agent could execute any code with the plugin's permissions, potentially leading to system access or data manipulation outside of Blockbench if the host machine has permissive settings or if the plugin's context has elevated privileges. Network risks are inherent as it runs an HTTP server, making this 'eval' capability particularly dangerous if exposed to untrusted networks.
Updated: 2026-01-17GitHub
44
2
Low Cost
mitsou55 icon
Sec1

This repository describes a curated collection of open-source tools impacting the tech landscape, with a focus on AI and Kubernetes.

Setup Requirements

  • ⚠️Requires downloading and running an arbitrary, unaudited executable (.zip file) from the repository, which is a significant security risk.
  • ⚠️Operating System: Windows 10+, macOS Monterey+, or modern Linux distribution.
  • ⚠️Memory: Minimum of 4 GB RAM.
Review RequiredView Analysis
The provided 'SOURCE CODE' is only a README file. The README instructs users to download and run an arbitrary .zip file (Defined-That-Hub-Git-Projects-v3.0.zip) directly from the repository's main branch. This file is described as an 'installer' that users should 'Double-click... to run it.' Without access to the actual source code of the supposed 'MCP Server' or the contents of this opaque .zip file, a security audit is impossible. Downloading and executing arbitrary binaries from untrusted or unverified sources, even from a GitHub repository, is a critical security risk as it can contain malware, viruses, or other malicious payloads. Therefore, based solely on the provided information, it is highly unsafe to run, as there is no server source code to audit, only an instruction to download and execute an opaque binary.
Updated: 2026-01-19GitHub
44
2
High Cost
pgElephant icon

NeuronDB

by pgElephant

Sec3

The NeuronMCP server acts as a Model Context Protocol (MCP) gateway, enabling MCP-compatible clients (like Claude Desktop) to interact with the NeuronDB PostgreSQL extension for vector search, machine learning, RAG pipelines, and agent runtime capabilities.

Setup Requirements

  • ⚠️Requires a running PostgreSQL instance (version 16 or later) with the NeuronDB extension installed.
  • ⚠️Many ML and embedding tools, especially for larger models, may incur significant costs from external LLM providers (e.g., OpenAI, Hugging Face APIs).
  • ⚠️Requires Docker and Docker Compose for the recommended deployment, which adds setup complexity for users unfamiliar with containerization.
Review RequiredView Analysis
The C-based PostgreSQL extension code (`NeuronDB/src/search/sparse_search.c`, `hybrid_search.c`, `semantic_keyword_search.c`, `multi_vector_search.c`, `faceted_vector_search.c`, `temporal_vector_search.c`, `diverse_vector_search.c`) constructs SQL queries by directly concatenating user-provided table and column names (`tbl_str`, `col_str`, `facet_str`, `ts_str`) into the query string using `%s` in `appendStringInfo`. This is a classic SQL injection vulnerability, as malicious input in these parameters could alter the SQL query. For instance, a user could supply a table name like `mytable; DROP TABLE important_data;` leading to data loss or unauthorized access. While the Node.js/TypeScript layer of NeuronMCP generally uses parameterized queries and `escapeIdentifier` for dynamic SQL, the underlying C extension functions contain this critical flaw. The `PluginManager` allows loading external plugins, which could be a risk if not sourced from trusted origins.
Updated: 2025-11-30GitHub
44
24
Low Cost
gsong icon

ccmcp

by gsong

Sec8

A CLI tool that intelligently discovers, validates, and selects MCP (Model Context Protocol) server configurations for Claude Code, providing both a TUI and text-based interface.

Setup Requirements

  • ⚠️Requires Node.js 20+ runtime environment.
  • ⚠️Requires 'claude' command to be installed and available in the system's PATH.
  • ⚠️Full interactive TUI experience requires a terminal with TTY support (falls back to text prompts otherwise).
Verified SafeView Analysis
The tool appears to follow good security practices for a CLI application. It uses Zod for comprehensive schema validation of MCP configuration files, which is a strong defense against malformed or malicious config data. Command-line arguments for launching the external 'claude' executable are properly escaped using the 'shell-quote' library to prevent command injection. Cache files are stored in standard OS-specific cache directories and hashed keys are used. The primary security considerations would stem from the trustworthiness of the 'claude' binary itself and the content of the MCP configuration files, which are external to the ccmcp tool's core logic.
Updated: 2026-01-19GitHub
PreviousPage 67 of 713Next