Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
2900xt icon
Sec9

Provides an MCP-compatible interface for Claude Code clients to search for similar research papers using the Reef AI embedding-based search API.

Setup Requirements

  • ⚠️Requires a Reef AI user ID (API key) and an active Reef AI account, as each search costs 1 credit.
  • ⚠️Requires Node.js (version 18 or higher, as indicated by package-lock.json and tsconfig.json target ES2022).
  • ⚠️Must be configured as an MCP tool with an MCP-compatible client like Claude Code to be usable.
Verified SafeView Analysis
The server acts as a proxy, wrapping the Reef AI external API. It uses environment variables for sensitive data (REEF_USER_ID, REEF_API_URL), which is a good security practice. There is no direct use of 'eval' or child_process, nor any obfuscation. API calls are made via standard fetch to a configurable URL. Error handling provides descriptive messages without exposing raw stack traces. Input parameters are defined with Zod, providing basic type validation before being passed to the external API. The main security considerations would be the security of the upstream Reef AI API itself, which is outside the scope of this server's code.
Updated: 2026-01-18GitHub
0
0
High Cost
TillMatthis icon

KOmcp

by TillMatthis

Sec9

Provides a secure, OAuth2-authenticated Model Context Protocol (MCP) server that enables LLM applications like Claude to manage (create, search, retrieve, delete) Kura notes via API calls.

Setup Requirements

  • ⚠️Requires a separate KOauth OAuth2 server instance to be running and properly configured for token issuance and dynamic client registration.
  • ⚠️Requires a separate Kura notes application instance (with API enabled) to be running and accessible.
  • ⚠️The project's environment validation (`src/config/env.ts`) requires `KURA_DATABASE_URL` (a PostgreSQL connection string), but the internal `KuraClient` for API interaction actually uses `KURA_URL` (a HTTP API base URL). Both must be provided, with `KURA_URL` pointing to the Kura HTTP API.
  • ⚠️The `src/services/embeddings.ts` file is a placeholder that would need to be correctly implemented (e.g., with an OpenAI API key) if KOmcp were to generate embeddings locally. However, the current `KuraClient` implementation directly calls Kura's API for semantic search, implying Kura itself handles embedding generation.
Verified SafeView Analysis
The server demonstrates robust security practices: Fastify with Helmet, CORS (configurable origins), and Rate Limiting. OAuth2 token validation is thorough, using JWKS for signature verification and checking issuer, audience, and expiration. Role-based access control is enforced via `requireScopes` middleware. Logging (Pino) is structured and redacts sensitive data like Authorization headers. Docker deployment uses a non-root user. Critically, KOmcp interacts with Kura via its HTTP API (`KuraClient` uses `fetch`), shifting direct database access and potential SQL injection risks to the Kura application itself. A minor inconsistency is that `src/config/env.ts` validates for `KURA_DATABASE_URL` while `src/services/kura-client.ts` uses `KURA_URL` to connect to Kura's API, which might lead to unnecessary environment variable requirements, but does not pose a direct security vulnerability.
Updated: 2025-12-05GitHub
0
0
Low Cost
ramu537 icon

todo-mcp-server

by ramu537

Sec8

This server provides a RESTful API for managing a TODO list, exposing standard CRUD operations and specific status filters, and also registers these functionalities as tools for potential integration with a Spring AI client.

Setup Requirements

  • ⚠️Requires Java Development Kit (JDK 17+ likely, for Spring Boot 3+)
  • ⚠️Requires Maven or Gradle to build and run the application
  • ⚠️Requires a relational database (defaults to in-memory H2 if not explicitly configured, but a persistent database is needed for production use)
Verified SafeView Analysis
No 'eval', obfuscation, or hardcoded secrets were found in the provided source code. Input validation is present via `@Valid` annotations and handled by a global exception handler. The `@CrossOrigin(origins = "*")` annotation on the `TodoController` allows all domains to make requests, which could be overly permissive for production environments and should be restricted to specific trusted origins. No explicit authentication/authorization mechanisms are implemented, making the API openly accessible to anyone who can reach the server.
Updated: 2025-12-14GitHub
0
0
Medium Cost
esx2ve icon
Sec9

SimpleMem-Lite provides a cloud backend API for AI agents (specifically Claude Code) to store and retrieve long-term memory, perform vector search, and execute graph-based reasoning across development sessions.

Setup Requirements

  • ⚠️Requires API keys for LLM services (e.g., LiteLLM, VoyageAI), which are paid services.
  • ⚠️Docker is required for running FalkorDB if chosen as the graph backend. KuzuDB is the default embedded option.
  • ⚠️Assumes Claude Code is installed and configured for full integration (trace processing, local hooks).
  • ⚠️Heavy reliance on `uv` for dependency management.
Verified SafeView Analysis
The system implements a strong security posture with explicit DEV/PROD modes, API key authentication, and strict validation of Cypher queries in PROD mode (only whitelisted templates allowed). Destructive admin endpoints (`/wipe`) are restricted to DEV mode only and require explicit confirmation. Input decompression includes size limits to prevent 'zip bomb' attacks. While some internal database interactions involve dynamic string formatting for KuzuDB, this is carefully controlled and not equivalent to arbitrary code execution or direct SQL/Cypher injection from user input. Network exposure is typically localhost for local development, with explicit API key authentication for cloud deployments.
Updated: 2026-01-19GitHub
0
0
Low Cost
JamesChampion icon

mcp-server-rust

by JamesChampion

Sec9

Provides a Rust library for building servers that expose custom tools to AI assistants like Claude using the Model Context Protocol (MCP) and JSON-RPC 2.0 over stdio.

Setup Requirements

  • ⚠️Requires Rust toolchain (stable or nightly) for compilation and execution.
  • ⚠️Its primary utility is realized when integrated with an MCP client (e.g., Claude Desktop, VS Code extension) which provides the AI assistant context.
Verified SafeView Analysis
The server framework itself is robust, utilizing stdio transport and `serde_json` for protocol handling, which mitigates network-based and parsing-based risks. No 'eval'-like functions, obfuscation, or hardcoded secrets were found in the provided source. The primary security consideration for users of this library lies in the implementation of custom `Tool`s, specifically how they validate and process `serde_json::Value` arguments in their `call` method. Improper validation could lead to vulnerabilities like command injection if tools execute external commands based on untrusted input.
Updated: 2025-12-15GitHub
0
0
High Cost
ArvidSU icon

agent-forum

by ArvidSU

Sec5

An AI-assisted Q&A forum enabling threaded conversations through user replies and configurable AI personas, leveraging external knowledge via the Model Context Protocol.

Setup Requirements

  • ⚠️Requires Node.js 18+.
  • ⚠️Requires AI provider API keys (e.g., OpenAI, Anthropic) which may incur cost.
  • ⚠️Ollama providers require a locally running Ollama server for local model inference.
Verified SafeView Analysis
API keys for AI providers (OpenAI, Anthropic) and for the internal MCP server are stored unencrypted in `backend/data/store.json`. This is a significant risk if the data file is compromised. The forum's MCP server can be configured for `public` access, which exposes forum content without authentication, though it warns against this. Request logging sanitizes sensitive data (e.g., API keys) before logging. Rate limiting is implemented for MCP server access to prevent abuse.
Updated: 2025-11-29GitHub
0
0
Medium Cost
vtnhogg icon

mcp-server

by vtnhogg

Sec8

Provides client-side auto-configuration for AI assistants to access 306+ APIs through APIVerve's remotely hosted Model Context Protocol (MCP) server.

Setup Requirements

  • ⚠️Requires signup and an API key from APIVerve for authentication (OAuth 2.0).
  • ⚠️The provided source code is a client configurator, not a local MCP server; the actual APIVerve MCP server is hosted remotely.
  • ⚠️Requires an existing MCP-compatible client (e.g., Claude Desktop, VS Code with Cline, Cursor) to be installed.
Verified SafeView Analysis
The provided source code for 'mcp-server' (specifically `bin/install.js` for NPM and `apiverve_mcp/__init__.py` for PyPI) functions solely as an installer/configurator for MCP-compatible clients (Claude Desktop, VS Code, Cursor). Its purpose is to modify local user configuration files to add an entry pointing to APIVerve's *remotely hosted* MCP server at `https://api.apiverve.com/v1/mcp`. The actual server logic that processes MCP requests and bridges to APIVerve's 306+ APIs is not present in the provided source code. For instance, the `index.js` file, hinted at in `npm/package.json` for a local server setup, is absent. The installer scripts themselves are straightforward JSON manipulators for known configuration paths and do not use dangerous functions like `eval` or obfuscation, nor do they contain hardcoded secrets. The primary action is modifying user configuration files, which is its stated purpose.
Updated: 2026-01-19GitHub
0
0
Low Cost
ClarkSauce icon

allowed-servers

by ClarkSauce

Sec10

To define and manage a curated list of allowed Managed Code Platform (MCP) servers for an organization, specifying their metadata and execution details.

Setup Requirements

  • ⚠️Requires Node.js and npm/npx to execute the referenced MCP servers (e.g., Playwright's test server).
Verified SafeView Analysis
The provided source code consists solely of a README and a JSON configuration file. It contains no executable logic, 'eval' statements, obfuscation, hardcoded secrets, or direct network operations, making it inherently safe on its own. Any potential risks would stem from the security posture of the external MCP servers it configures (e.g., the 'playwright' package), which is outside the scope of this repository's code.
Updated: 2025-11-25GitHub
0
0
High Cost
GlacierEQ icon
Sec2

Orchestrates cross-platform AI tools, integrates with numerous APIs, provides infinite memory, and deploys multi-engine AI workflows for complex automation.

Setup Requirements

  • ⚠️Requires numerous API keys for various paid AI services (OpenAI, Anthropic, DeepSeek, Groq, Perplexity) and integration platforms (GitHub, Notion, Supermemory, Mem0, Jira, ElevenLabs, Pinecone), which must be configured as environment variables.
  • ⚠️Contains hardcoded API keys in `aspen_grove_network_integration.py` that MUST be removed or replaced with environment variables for security before deployment.
  • ⚠️Requires Node.js and npm (for `npx install-mcp` commands specified in `aspen_grove_network_integration.py`) for full MCP client integration capabilities.
Review RequiredView Analysis
CRITICAL VULNERABILITY: The `aspen_grove_network_integration.py` file contains hardcoded API keys for Supermemory and Mem0. These keys are sensitive and should always be loaded from environment variables or a secure vault. Additionally, the `terminal.exec` tool, while attempting sandboxing with allowed/blocked commands, introduces a risk of arbitrary code execution if security constraints are bypassed or misconfigured. This combination of hardcoded secrets and command execution capabilities severely impacts the security posture.
Updated: 2025-11-23GitHub
0
0
Low Cost
nbjoin icon

resolve-tools

by nbjoin

Sec8

Provides a versioned Retrieval-Augmented Generation (RAG) knowledge base for DaVinci Resolve documentation, integrating with AI assistants like Claude Desktop and VS Code via an MCP server for accurate, cited information.

Setup Requirements

  • ⚠️Requires manual placement of DaVinci Resolve PDF manuals (e.g., 'DaVinci-Resolve-19-manual.pdf') in the repository root.
  • ⚠️The example MCP client configuration (for Claude Desktop) contains a hardcoded path (`/Users/nick/Documents/GitHub/nbjoin/resolve-tools`) that users must adjust to their local repository location.
  • ⚠️Requires initial 'build_kb.py' execution to process PDFs and populate the knowledge base before the server can be used.
Verified SafeView Analysis
The server appears generally safe for its intended use as a local RAG system. It utilizes standard Python libraries (pymupdf, chromadb, sentence-transformers) for PDF parsing, vector storage, and embeddings. File operations are confined to user-provided PDFs and a local persistence directory. There are no clear indicators of 'eval' or other direct code injection vulnerabilities. The use of `sys.path.insert` in `mcp_server/server.py` is noted but for internal module resolution, not directly exploitable in this context. The primary security consideration would be potential vulnerabilities in underlying third-party libraries (e.g., PyMuPDF when parsing untrusted PDFs), which is outside the scope of the custom server logic.
Updated: 2026-01-19GitHub
0
0
Low Cost
pixelaw icon
Sec10

Provides expert-level documentation and guidance for PixeLAW application development on Starknet using the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Node.js and npm for installation and execution.
  • ⚠️Requires manual configuration of the absolute path to the server's executable (`dist/index.js`) in the Claude Code or Claude Desktop MCP settings.
Verified SafeView Analysis
The server reads hardcoded local Markdown files based on tool requests, limiting risk. No dynamic code execution, external network requests (beyond MCP protocol), or hardcoded sensitive credentials were detected in the provided source. It operates via standard I/O, which is a secure local transport for this documentation-focused use case.
Updated: 2025-12-05GitHub
0
0
Low Cost
ineersa icon

mcp-sql-server

by ineersa

Sec2

An MCP server for executing SQL queries against various configured databases.

Setup Requirements

  • ⚠️Requires `DATABASE_CONFIG_FILE` environment variable to be set, pointing to a Doctrine DBAL YAML configuration.
  • ⚠️Requires specific PHP PDO extensions (e.g., `pdo_mysql`, `pdo_pgsql`, `pdo_sqlsrv`, `pdo_sqlite`) depending on configured databases.
  • ⚠️Requires Docker for running and testing with MySQL, PostgreSQL, and SQL Server containers.
  • ⚠️SQL Server extension (`pdo_sqlsrv`) may require manual installation and specific drivers depending on the operating system.
Review RequiredView Analysis
CRITICAL SQL INJECTION VULNERABILITY: The `QueryTool` directly executes user-provided SQL queries via `Doctrine\DBAL\Connection::executeQuery($query)`. If the `$query` argument is sourced from untrusted input without rigorous sanitization or parameter binding, this exposes the system to severe SQL injection attacks. Attackers could read, modify, or delete arbitrary data, and potentially execute database-level commands. Hardcoded Secrets: `databases.yaml` contains a hardcoded password. While `DATABASE_CONFIG_FILE` uses environment variables, the referenced configuration files should avoid embedding secrets directly in the repository. The `databases.test.yaml` also includes hardcoded credentials for test databases, which, while for testing, sets a risky pattern.
Updated: 2026-01-17GitHub
PreviousPage 671 of 713Next