Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

44
23
Medium Cost
zacharypodbela icon

django-rest-framework-mcp

by zacharypodbela

Sec8

Enables developers to quickly build Model Context Protocol (MCP) servers for existing Django REST Framework APIs, allowing AI agents and LLM clients to leverage these endpoints as tools.

Setup Requirements

  • ⚠️Requires Python 3.8+.
  • ⚠️Requires Django 4.0+ and djangorestframework 3.14.0+.
  • ⚠️MCP requests bypass parts of the standard DRF request lifecycle (e.g., `dispatch`, `initialize_request`, `finalize_response`, `handle_exception`), which developers must be aware of for custom logic.
  • ⚠️STDIO transport for MCP clients is not directly supported and requires an `mcp-remote` bridge for local testing with tools like Claude Desktop.
Verified SafeView Analysis
The MCP endpoint (`/mcp/`) uses `@csrf_exempt`, bypassing Django's CSRF protection; this is standard for API endpoints primarily consumed by non-browser clients, but should be noted. The overall security relies heavily on the underlying Django REST Framework's authentication, permission, and throttling configurations. The documentation explicitly warns that DRF's built-in throttling is not a robust security measure against sophisticated attacks like brute-forcing or Denial of Service (DoS). The demo `settings.py` includes a `SECRET_KEY` marked as 'insecure' by Django, which is acceptable for development/demo purposes but must be replaced in a production environment.
Updated: 2025-11-25GitHub
44
30
High Cost
antvis icon
Sec9

A Model Context Protocol (MCP) server that provides AntV documentation context and code examples for AI development and quality assurance workflows.

Setup Requirements

  • ⚠️Requires Node.js >= v18.0.0
  • ⚠️Requires an MCP Client (e.g., Cursor, VSCode MCP Extension) to connect and utilize its functionality
  • ⚠️Relies on external Context7.com and DeepWiki.com services for documentation retrieval; functionality will be impaired if these services are unavailable
Verified SafeView Analysis
The server interacts with external services (context7.com and mcp.deepwiki.com) to fetch documentation. These are legitimate documentation sources, and the access is controlled by specific endpoints. Robust input validation is implemented using Zod schemas for all tool inputs. No 'eval' or other direct arbitrary code execution vectors were found. No hardcoded secrets were identified.
Updated: 2025-12-11GitHub
44
41
Low Cost
deploystackio icon

deploystack

by deploystackio

Sec9

Centralized management and optimization of Model Context Protocol (MCP) servers and AI agent tools, including credential management and governance.

Setup Requirements

  • ⚠️Requires Node.js (v18+) and npm (v8+).
  • ⚠️Requires Docker for production deployment or full local development setup.
  • ⚠️Requires PostgreSQL database.
  • ⚠️Mandatory `DEPLOYSTACK_ENCRYPTION_SECRET` environment variable which must be changed from its default placeholder in production.
  • ⚠️Mandatory `DEPLOYSTACK_SATELLITE_NAME` and `DEPLOYSTACK_REGISTRATION_TOKEN` for the Satellite service to register with the Backend.
Verified SafeView Analysis
The server demonstrates strong security practices. It explicitly uses OAuth2/JWT for authentication, implements environment variable filtering (BLOCKED_ENV_VARS) to prevent injection, and leverages `nsjail` for sandboxing stdio subprocesses in production, significantly mitigating risks from arbitrary MCP tool execution. Secret masking is applied to URLs and headers in logs. It correctly flags placeholder secrets (e.g., DEPLOYSTACK_ENCRYPTION_SECRET) as mandatory changes for production. Persistence of API keys is handled with awareness of Docker volume permissions.
Updated: 2026-01-17GitHub
44
131
Medium Cost
call518 icon
Sec8

The MCP server provides professional operations, monitoring, and management capabilities for PostgreSQL databases using natural language queries.

Setup Requirements

  • ⚠️Requires Python 3.12 or newer.
  • ⚠️Requires a PostgreSQL database connection (host, port, user, password, database) configured via environment variables.
  • ⚠️Optional PostgreSQL extensions (`pg_stat_statements`, `pg_stat_monitor`) and specific `postgresql.conf` settings (`track_functions = pl`, `track_io_timing = on`) are needed for full functionality, which may require manual installation or configuration on the target PostgreSQL instance.
Verified SafeView Analysis
The server is explicitly designed for read-only operations, significantly reducing the attack surface. It utilizes environment variables for database credentials, avoiding hardcoded secrets in the code. SQL queries are generally parameterized or carefully constructed to mitigate injection risks, with input validation applied to parameters like 'limit'. Authentication for 'streamable-http' mode is optional but strongly recommended, and the code issues warnings if disabled. A comprehensive SECURITY.md policy is in place.
Updated: 2025-12-16GitHub
44
40
Medium Cost
jlucaso1 icon

whatsapp-mcp-ts

by jlucaso1

Sec8

Connects a personal WhatsApp account to an AI agent, enabling the agent to search messages and contacts, list chats, retrieve message history, and send messages via WhatsApp.

Setup Requirements

  • ⚠️Requires Node.js version 23.10.0 or higher.
  • ⚠️Requires an initial manual WhatsApp QR code scan for authentication, which can be time-sensitive.
  • ⚠️Initial message history synchronization can take significant time depending on your WhatsApp history size.
  • ⚠️Specific configuration JSON is required for the AI client (e.g., Claude Desktop, Cursor) to launch and connect to the MCP server.
Verified SafeView Analysis
The server stores all WhatsApp authentication credentials and message history locally in a SQLite database and authentication cache, which is good for privacy from the server's perspective. It communicates with the AI client via standard input/output (stdio), avoiding direct network exposure to the outside for the MCP protocol itself. No 'eval' or other direct dangerous dynamic code execution patterns were found. The primary security considerations are the security of the local machine storing sensitive WhatsApp data and the trustworthiness of the connected AI agent that will access this data via MCP tools.
Updated: 2025-12-06GitHub
44
2
High Cost
fortaine icon
Sec9

An AI-powered research server utilizing Gemini models for both quick web searches with citations and comprehensive multi-step deep research, including query clarification and follow-up capabilities.

Setup Requirements

  • ⚠️Requires a valid Google AI Studio `GEMINI_API_KEY` (Paid).
  • ⚠️Requires Python 3.12+.
  • ⚠️Deep research tasks (`research_deep`) can be long-running (3-20 minutes, up to 60 minutes for complex queries) and expensive ($2-5 per task, consuming ~250k-900k tokens).
Verified SafeView Analysis
The server relies on the `google.genai` client and `httpx` for network requests and URL resolution, which are standard and generally secure. It correctly mandates `GEMINI_API_KEY` via environment variables. There are no obvious signs of 'eval', obfuscation, or hardcoded secrets. The primary 'risk' is the dependency on external Google services and web scraping for citations, which is inherent to its function.
Updated: 2026-01-19GitHub
44
2
Low Cost
xiangweizeng icon

mcp-any-rest

by xiangweizeng

Sec2

An MCP (Micro-service Composition Protocol) server that dynamically configures and exposes APIs defined using ZML (ZenTao Markup Language), acting as an API gateway for ZenTao or similar APIs.

Setup Requirements

  • ⚠️Requires `config` directory (or specified via `--config-dir`) containing `config.json`, `modules.json`, and a `presets` subdirectory. These files are central to the server's configuration, including upstream API authentication details and module enablement.
  • ⚠️Requires `zml` directory (relative to config dir, or configurable) for ZML definition files: Dynamic modules are defined in `.zml` files located in this directory.
  • ⚠️Disables SSL certificate validation for all upstream API calls by default: All connections to upstream APIs will bypass SSL certificate checks, which is a significant security risk for production environments.
Review RequiredView Analysis
1. Critical: Web Configuration Server Lacks Authentication/Authorization: The /config endpoints exposed by WebServer in src/config/web.rs (e.g., /config, /config/presets, /config/modules, /config/server) do not appear to implement any authentication or authorization. This means anyone with network access to the server (default 127.0.0.1:8082) can read, modify, and delete all server configurations, including sensitive upstream API credentials, module enablement, and server settings, allowing arbitrary control over the gateway. 2. High: Disables SSL Certificate Validation: `danger_accept_invalid_certs(true)` is explicitly used in `reqwest` clients (`src/services/auth_service/auth_factory.rs`, `src/services/auth_service/unified_auth_service.rs`). This is a severe vulnerability as it allows for trivial man-in-the-middle attacks, compromising the confidentiality and integrity of communication with upstream APIs. This should never be enabled in production. 3. Sensitive Data in Configuration Files: Authentication credentials (tokens, API keys, usernames/passwords) can be stored directly in `config.json` or module configuration files. Without encryption at rest or secure access controls for these files, they are vulnerable to local compromise. 4. Error Message Disclosure: Login failure messages in `LoginAuthStrategyImpl` can expose internal details (`Login failed with status {}: {}`) potentially aiding attackers.
Updated: 2025-11-27GitHub
44
40
Medium Cost
aws-powertools icon

powertools-mcp

by aws-powertools

Sec9

This MCP server provides search and retrieval capabilities for the Powertools for AWS Lambda documentation, assisting LLM agents in finding relevant information across multiple runtimes.

Setup Requirements

  • ⚠️Requires Node.js (version 18+ for runtime, 24 for full support as per README).
  • ⚠️Project is experimental and under active development; APIs and features may change frequently without notice.
  • ⚠️Requires local disk write access for caching documentation.
Verified SafeView Analysis
The server strictly enforces requests to the 'docs.aws.amazon.com' domain for documentation fetching, mitigating external network risks. Input parameters for tools are rigorously validated using Zod schemas. No hardcoded secrets or 'eval' usage were found.
Updated: 2026-01-16GitHub
44
33
Medium Cost
ozgureyilmaz icon

polymarket-mcp

by ozgureyilmaz

Sec9

Integrate Polymarket prediction market data into external applications, particularly AI agents like Claude Desktop, providing real-time market insights and tools.

Setup Requirements

  • ⚠️Requires Rust toolchain (Rust 1.70+) to install and build.
  • ⚠️Manual editing of `~/Library/Application Support/Claude/claude_desktop_config.json` (or equivalent) is required for Claude Desktop integration.
  • ⚠️A Polymarket API Key, while optional for basic usage, may be required for higher rate limits or advanced access.
Verified SafeView Analysis
The project is written in Rust, which offers strong memory safety guarantees. Configuration handles API keys as optional and redacts them in debug output. Network requests include retry and basic rate-limiting logic. JSON input from stdin (for MCP server mode) is parsed into strongly typed structures, preventing common injection vulnerabilities. Dependencies are managed, with specific security fixes (RUSTSEC-2025-0047, RUSTSEC-2025-0055) noted in Cargo.toml. No direct 'eval' or malicious patterns were found. A high score is given due to robust Rust practices, but external API interaction and complex JSON deserialization always carry an inherent, minimal risk.
Updated: 2026-01-11GitHub
44
63
Medium Cost
rashidazarang icon

airtable-mcp

by rashidazarang

Sec9

Provides a Model Context Protocol (MCP) server for Airtable, enabling AI agents to perform full CRUD operations, schema management, webhooks, batch operations, and AI-powered analytics through natural language interactions.

Setup Requirements

  • ⚠️Requires an Airtable Personal Access Token (PAT) with appropriate scopes.
  • ⚠️Requires Node.js 14 or later installed locally.
  • ⚠️Initial setup may require providing an Airtable Base ID, though it can be discovered dynamically using the 'list_bases' tool.
Verified SafeView Analysis
The server demonstrates strong security practices including explicit input sanitization and HTML escaping to prevent XSS and formula injection. It implements rate limiting, robust error handling to avoid leaking internal API details, and has built-in governance features like allow-lists for bases/tables and PII masking policies. OAuth2 with PKCE is supported, and recent changelogs (v3.2.1-v3.2.4) highlight active fixes for critical XSS and command injection vulnerabilities, indicating a strong commitment to security. No hardcoded secrets or code obfuscation were found.
Updated: 2026-01-07GitHub
44
45
Low Cost
VeriTeknik icon

pluggedin-mcp

by VeriTeknik

Sec9

Acts as a unified Model Context Protocol (MCP) hub for AI agents, providing tools, knowledge (RAG), and memory (clipboard) by aggregating multiple downstream MCP servers and internal capabilities.

Setup Requirements

  • ⚠️Requires Node.js 18+ (v20+ recommended) due to engine requirements in package.json.
  • ⚠️Requires a Plugged.in API Key (obtainable from plugged.in/api-keys) for most functionalities, including RAG queries, document management, notifications, and access to dynamic MCP tools.
  • ⚠️Relies on the `plugged.in App` for managing and fetching configurations of dynamic MCP servers, meaning external setup in the web application is necessary for these tools to appear.
Verified SafeView Analysis
The codebase demonstrates a strong focus on security, with extensive input validation and sanitization (including HTML/XSS prevention via `sanitize-html`), URL validation (SSRF protection), and header injection prevention. It uses `child_process.execFile` with a strict command allowlist and argument sanitization for safe process execution. API key authentication utilizes timing-safe comparison, and lazy authentication allows tool discovery without a key while securing execution. Rate limiting is implemented for tool and API calls, and error messages are sanitized to prevent information disclosure. No hardcoded secrets were found; API keys are expected from environment variables.
Updated: 2026-01-13GitHub
44
66
Low Cost
aashari icon
Sec9

Provides a production-ready foundation for developing custom Model Context Protocol (MCP) servers in TypeScript to connect AI assistants with external APIs and data sources, exemplified by an IP geolocation tool.

Setup Requirements

  • ⚠️Requires Node.js (>=18.x).
  • ⚠️Extended IP data functionality requires an 'IPAPI_API_TOKEN' (optional for basic data).
  • ⚠️Cannot lookup private (e.g., 192.168.x.x) or reserved IP addresses.
Verified SafeView Analysis
The server uses standard Node.js and TypeScript practices, with no 'eval' or obvious malicious patterns detected. API keys (IPAPI_API_TOKEN) are loaded from environment variables or a global config file, preventing hardcoding. External API calls are made via standard `fetch`. Large API responses are logged to `/tmp/mcp/<project-name>/` with truncation, a designed feature, but users should be aware of local file storage of potentially sensitive data.
Updated: 2026-01-07GitHub
PreviousPage 68 of 713Next