Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

43
44
Medium Cost
jango-blockchained icon

advanced-homeassistant-mcp

by jango-blockchained

Sec9

A powerful, secure, and extensible Model Context Protocol (MCP) server that enables AI assistants like Claude, GPT, and Cursor to seamlessly interact with Home Assistant. Control your lights, climate, automations, and more through natural language commands.

Setup Requirements

  • ⚠️Requires a running Home Assistant instance with a long-lived access token.
  • ⚠️Bun runtime (v1.0.26+) is recommended for optimal performance.
  • ⚠️Speech features (wake word, speech-to-text, AI parsing) may require Docker and external AI API keys (e.g., Anthropic API Key for advanced NLP).
Verified SafeView Analysis
The server implements comprehensive security measures including rate limiting, input sanitization (using `sanitize-html` and custom logic), JWT authentication, and security headers (using `helmet`). Critical secrets like `HASS_TOKEN`, `ANTHROPIC_API_KEY`, and `JWT_SECRET` are correctly managed via environment variables. CORS is broadly enabled (`Access-Control-Allow-Origin: *`) in some HTTP contexts, which is often necessary for client-facing APIs like MCP, but should be noted. No direct `eval` calls, code obfuscation, or obvious malicious patterns were found; JSON parsing is used for standard JSON-RPC/WebSocket communication.
Updated: 2026-01-19GitHub
43
49
Medium Cost
rulego icon

rulego-server

by rulego

Sec6

A lightweight, high-performance, and modular automation workflow platform for orchestration, iPaaS, API/AI orchestration, data processing, and IoT rule engine scenarios.

Setup Requirements

  • ⚠️Requires Go (v1.23+) for server compilation and Node.js/npm for UI compilation.
  • ⚠️Default `require_auth = false` in `config.conf` must be set to `true` and `jwt_secret_key`/user credentials configured for production security.
  • ⚠️Multiple compilation tags (`with_extend`, `with_ai`, `with_ci`, `with_iot`, `with_etl`, `use_fasthttp`) are available, requiring specific builds to enable certain functionalities and components.
Review RequiredView Analysis
The server allows execution of commands via `cmd_white_list` and loading of Lua libraries (`load_lua_libs = true`), which introduce potential code execution risks if not managed carefully. The default configuration `require_auth = false` is a critical security vulnerability, as it bypasses user authentication, allowing anyone to manage workflows and expose internal data/APIs. The example `jwt_secret_key` and `api_key` in `config.conf` should never be used in production.
Updated: 2026-01-09GitHub
42
7
Medium Cost
mdrideout icon

viberag

by mdrideout

Sec9

Local codebase semantic search (RAG) for AI coding assistants via MCP server.

Setup Requirements

  • ⚠️Requires Node.js 20 or later; Node.js 24+ may have compatibility issues with native tree-sitter bindings (Node.js 22 LTS is recommended).
  • ⚠️Cloud embedding providers (Gemini, Mistral, OpenAI) require API keys, which may incur costs (free tier available for Gemini, others are paid).
  • ⚠️The local embedding model (Qwen3-Embedding-0.6B Q8) requires a ~700MB download and can use ~1.5GB RAM for operation.
Verified SafeView Analysis
The server uses local IPC (Unix sockets/named pipes) for client communication, limiting network exposure. API keys for cloud embedding providers are loaded from a local configuration file (.viberag/config.json) which is designed to be `.gitignore`-ed, preventing accidental exposure in source control. No direct usage of 'eval' or other highly dynamic code execution methods was found for processing external input. File system operations are scoped to the project root, and `.gitignore` is honored for exclusions. The system relies on external cloud services for embedding if configured, which introduces a dependency on the security of those providers.
Updated: 2026-01-18GitHub
42
12
Medium Cost
opentargets icon

otar-mcp

by opentargets

Sec9

The MCP server enables AI assistants to interact with the Open Targets Platform GraphQL API for comprehensive target-disease associations and drug discovery data.

Setup Requirements

  • ⚠️Requires Python 3.10 - 3.13.
  • ⚠️Relies on the `uv` package manager for quick installation and advanced deployment.
  • ⚠️Functions by making external API calls to the Open Targets Platform GraphQL API (api.platform.opentargets.org), requiring external network access.
Verified SafeView Analysis
The server explicitly uses `jq.compile()` for optional server-side JSON filtering. While `jq` filters are executed from a string, the `jq` library is a well-vetted JSON processing tool, not a Python `eval()` equivalent for arbitrary code execution. Risks are primarily confined to malformed filters causing processing errors or inefficiency rather than system compromise. The server implements adaptive rate limiting to prevent abuse and masks error details to prevent information leakage, both strong security practices. It also does not collect, store, or process any personal data.
Updated: 2026-01-11GitHub
42
1
Low Cost
foscomputerservices icon

homebrew-tap

by foscomputerservices

Sec8

Provides a local Multi-Client Protocol (MCP) server for a searchable knowledge base of development learnings, intended for integration with Claude clients.

Setup Requirements

  • ⚠️Requires Python 3.12 to be installed (managed by Homebrew).
  • ⚠️Requires manual initialization via `hindsight-init` after installation.
  • ⚠️Requires manual configuration in your Claude client (Code or Desktop) after initialization.
Verified SafeView Analysis
The Homebrew formula itself uses standard practices and does not contain obvious security flaws such as 'eval' or hardcoded secrets. It creates a Python virtual environment and installs 'mcp' and 'python-dateutil' from PyPI without specific version pinning, relying on PyPI's integrity. The actual server logic ('server.py') is not provided in this scope, so the security of the server implementation itself cannot be fully assessed. Assumes the 'hindsight-mcp' project's code is trustworthy.
Updated: 2025-12-04GitHub
42
72
Medium Cost
MatanYemini icon

bitbucket-mcp

by MatanYemini

Sec8

AI assistant integration with Bitbucket for repository, pull request, and pipeline management, enabling AI to interact with code and development workflows.

Setup Requirements

  • ⚠️Requires Node.js 18 or higher.
  • ⚠️Requires a Bitbucket App Password with specific permissions (minimum: Repositories: Read, Pull requests: Read/Write, Pipelines: Read) or an access token.
  • ⚠️BITBUCKET_USERNAME typically requires your Bitbucket email address, not your display name.
Verified SafeView Analysis
The `README.md` states 'no DELETE operations are used', which is contradicted by the source code including `deletePullRequestComment` and `deletePullRequestTask`. However, these 'dangerous' tools are explicitly gated by the `BITBUCKET_ENABLE_DANGEROUS` environment variable, which is disabled by default, ensuring that destructive actions are opt-in. Authentication credentials (token or username/password) are sourced from environment variables, preventing hardcoded secrets. While `logger.info` calls log tool arguments (e.g., PR titles, descriptions) which could contain sensitive metadata, direct logging of authentication credentials is avoided. The project utilizes CodeQL for security scanning as indicated by the badge.
Updated: 2026-01-05GitHub
42
1
Low Cost
MicroMichaelIE icon

mcp-copilotcli-history

by MicroMichaelIE

Sec9

Search and analyze GitHub Copilot conversation history to find past interactions, tool usage, and session statistics.

Setup Requirements

  • ⚠️Requires Python 3.13 or newer
  • ⚠️Relies on GitHub Copilot's local session history (~/.copilot/session-state/) being present
  • ⚠️Requires an MCP-enabled client (e.g., Claude Desktop, VS Code, Zed) for interaction
Verified SafeView Analysis
The server's primary function is to access local user data (~/.copilot/session-state/). It properly handles file I/O, JSON parsing, and regex compilation within try-except blocks. It does not appear to expose network services or process arbitrary remote input, mitigating common web vulnerabilities. The `SESSION_STATE_DIR` environment variable allows for explicit control over the session data path, enhancing security in sandboxed environments.
Updated: 2025-12-05GitHub
42
5
Low Cost
danielealbano icon
Sec8

Interacting with Azure DevOps Boards and Work Items via a Model Context Protocol (MCP) server.

Setup Requirements

  • ⚠️Requires Azure CLI to be installed and authenticated (`az login`) for all Azure DevOps interactions.
  • ⚠️HTTP Server mode binds to all network interfaces (`0.0.0.0`) by default, which may require firewall configuration to restrict access.
Verified SafeView Analysis
The server relies on standard Azure CLI authentication (`az login`), which is generally secure as it avoids hardcoding credentials within the application. HTTP server mode binds to `0.0.0.0` (all network interfaces) by default, meaning it can be externally accessible if not firewalled. The project explicitly recommends `stdio` mode for enhanced security.
Updated: 2025-12-07GitHub
42
28
High Cost
KhaiHuynhVN icon
Sec9

Facilitates advanced, persistent user-AI agent interaction by providing a modern UI for text input, file/folder attachment, and multi-image management, designed to integrate with Model Context Protocol (MCP) systems.

Setup Requirements

  • ⚠️Requires Python 3.8+ (although pyproject.toml specifies >=3.13, the README states 3.8+).
  • ⚠️Manual configuration of Claude Desktop/Cursor IDE's 'mcpServers' config file is required, including replacing an absolute path.
  • ⚠️Custom AI Agent Rules (prompts) from 'rule_for_ai_EN.txt' or 'rule_for_ai_VI.txt' MUST be copied and pasted into the AI's custom instructions for proper function.
Verified SafeView Analysis
The server employs good security practices, including suppressing all stderr output to prevent sensitive information leakage during MCP stdio transport. File operations are primarily local, restricted to a 'user_images' directory for image storage (with auto-cleanup logic), and an 'ai_interaction_bridge' for inter-process communication. Path validation is implemented for user-selected workspace files. There are no indications of hardcoded secrets or network calls to unknown external services for data exfiltration. The primary security consideration arises from the inherent nature of an AI agent interacting with a local file system, which this tool attempts to mitigate through validation and local-only operations.
Updated: 2026-01-19GitHub
42
30
Medium Cost
itential icon

itential-mcp

by itential

Sec7

Connects LLMs to the Itential Platform, enabling AI agents to manage network automation workflows, device configurations, orchestrate processes, and monitor platform health and operations.

Setup Requirements

  • ⚠️Requires access to a running Itential Platform instance.
  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Default platform credentials (`admin:admin`) must be overridden for secure production deployments.
  • ⚠️If exposed via HTTP/SSE, proper TLS configuration (`--certificate-file`, `--private-key-file`) is recommended for secure communication.
Verified SafeView Analysis
The server uses `jsonutils.loads` which wraps `json.loads` with error handling, reducing direct code injection risks from JSON inputs. However, default platform credentials (`admin:admin`) are hardcoded in `defaults.py`, posing a significant risk if not overridden. Dynamic tool discovery from a configurable `tools_path` means malicious Python modules placed in these locations could be executed if an attacker gains filesystem access. Robust authentication (JWT, OAuth 2.0) and TLS options are available, but explicit warnings are present for disabling TLS verification, highlighting potential misconfigurations. Overall, the system offers secure options but requires careful setup beyond defaults to avoid critical vulnerabilities.
Updated: 2026-01-16GitHub
42
27
Medium Cost
phughesmcr icon

deno-mcp-template

by phughesmcr

Sec8

A comprehensive template for building Model Context Protocol (MCP) servers using Deno, providing examples for prompts, resources, and tools.

Setup Requirements

  • ⚠️Requires Deno runtime to be installed.
  • ⚠️The default `deno run -A` command grants all permissions, which is too broad for production environments and needs to be narrowed down.
  • ⚠️The `KvEventStore` used for session resumability is not production-ready and should be replaced for any production deployment requiring robust state management.
  • ⚠️For DNS rebinding protection or specific CORS control, `ALLOWED_ORIGINS` and `ALLOWED_HOSTS` must be explicitly configured, as the default behavior can be permissive.
  • ⚠️Compiling to a Desktop Extension (DXT) requires `dxt` to be installed globally (`npm install -g @anthropic-ai/dxt`).
Verified SafeView Analysis
The server implements good security practices including CORS, rate limiting, security headers, request timeouts, and DNS rebinding protection. Input validation is performed using Zod and custom validators. However, the default Deno execution with `-A` (all permissions) is too broad for production and requires fine-tuning. The `KvEventStore` for session resumability is explicitly marked as 'not suitable for production use' in the README, indicating a potential weakness for persistent/scalable state management or security if not replaced. CORS protection is configurable but will allow all origins if no allowed origins are specified, which can be a security risk if not explicitly set.
Updated: 2025-11-25GitHub
42
23
Medium Cost
tolkonepiu icon

best-of-mcp-servers

by tolkonepiu

Sec10

This repository serves as a curated and ranked list of Model Context Protocol (MCP) servers, updated weekly, to help users discover relevant projects.

Setup Requirements

  • ⚠️To generate or update the list locally, it requires using the external 'best-of-generator' tool, which is not part of this repository's source code and may have its own dependencies (e.g., Python, Docker, specific GitHub Action setup).
Verified SafeView Analysis
This repository is a static curated list of other open-source projects. Its source code consists primarily of Markdown and YAML configuration files, used to generate the list's documentation. There are no executable server-side components, 'eval' statements, obfuscated code, or hardcoded secrets directly within this repository's provided source code. Therefore, there are no inherent security risks from 'running' this repository as a server. The security concerns would lie with the individual MCP servers *listed* in this repository, which are external projects.
Updated: 2026-01-19GitHub
PreviousPage 73 of 713Next