Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

42
56
High Cost
mikepenz icon

adbfriend

by mikepenz

Sec8

Enables AI agents to manage Android devices, sync files, configure for tests, and perform package operations via ADB for development and testing.

Setup Requirements

  • ⚠️Requires `adb` binary to be installed and accessible in the system PATH.
  • ⚠️The `ANDROID_HOME` environment variable may need to be set to locate the Android SDK if `adb` is not in the system PATH.
  • ⚠️File system operations are restricted to `allowed_paths` on the Android device (default: `/sdcard/Download/`) and `host_allowed_paths` on the host system (default: `~/adbfriend`). These paths must be configured by the user if access to other directories is required.
Verified SafeView Analysis
The server executes ADB shell commands, which inherently carry a risk if user input is not properly sanitized. However, the project employs `escapeForSync()` and `escapeForMD5()` functions to mitigate shell injection risks. Crucially, file system operations (read, write, delete, move, copy-to-host, install-apk) are restricted to user-defined `allowed_paths` on the Android device and `host_allowed_paths` on the host system, significantly reducing the attack surface for arbitrary file access. Destructive operations are explicitly marked as such via MCP annotations. No 'eval' or obvious obfuscation was found.
Updated: 2026-01-08GitHub
42
6
Medium Cost
DePasqualeOrg icon

mcp-swift-sdk

by DePasqualeOrg

Sec8

Implement and integrate Model Context Protocol (MCP) servers and clients in Swift, enabling AI agents and applications to discover and interact with tools, resources, and conversational prompts over HTTP.

Setup Requirements

  • ⚠️Requires Swift 6.0+ and macOS 14+ (or compatible Linux/other platform for basic features).
  • ⚠️Reliance on Swift Package Manager (SPM) for building and running.
  • ⚠️SSE streaming functionality is not fully supported on Linux clients due to `URLSession.AsyncBytes` limitations.
  • ⚠️No built-in OAuth support; authentication needs to be implemented via external framework middleware.
Verified SafeView Analysis
The `HTTPServerTransport` implements DNS rebinding protection, which is crucial for local server deployments. Input validation via JSON Schema is applied to tool parameters using Swift macros. However, a complete OAuth implementation is not yet provided within the SDK itself, implying reliance on the integrating web framework's middleware for authentication. The 'Experimental' task features are explicitly noted as potentially unvetted. Overall, the project demonstrates good security awareness for common web server risks.
Updated: 2026-01-18GitHub
42
25
Low Cost
github-samples icon

turn-based-game-mcp

by github-samples

Sec9

Demonstrates the Model Context Protocol (MCP) by providing a turn-based games platform with an AI opponent that interacts with a Next.js frontend.

Setup Requirements

  • ⚠️The 'shared' workspace must be built before 'web' or 'mcp-server' (`npm run build --workspace=shared`).
  • ⚠️Requires two separate development servers to run concurrently: the Next.js frontend (`npm run dev --workspace=web`) and the MCP server (`npm run dev --workspace=mcp-server`).
  • ⚠️Full utilization of the AI opponent via MCP requires an understanding of the Model Context Protocol and an MCP-compatible client (e.g., VS Code Copilot).
Verified SafeView Analysis
The project implements explicit data sanitization for MCP API endpoints (`/api/games/rock-paper-scissors/mcp`) to prevent the AI from accessing current, uncommitted player moves, which is a strong security measure against cheating. API communication defaults to `http://localhost:3000` which is safe for local development, and allows configuration via `process.env.WEB_API_BASE`. Input validation is performed for game moves. No hardcoded sensitive secrets or 'eval' statements were found. The architecture provides good separation of concerns.
Updated: 2026-01-13GitHub
42
15
High Cost
southleft icon

company-docs-mcp

by southleft

Sec8

Transforms organizational documentation into an AI-powered knowledge base for semantic search, Q&A via chat interface, Claude Desktop, and Slack integration.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid for embeddings and chat completions).
  • ⚠️Requires Supabase account and database setup for content and vector storage.
  • ⚠️The Slack bot's AI prompt is aggressively configured to generate 'extremely long, comprehensive responses' (minimum 3000 words), which can lead to very high OpenAI token usage and costs per query.
Verified SafeView Analysis
The server correctly implements Slack request signature verification. Secrets management is well-documented, advising against committing sensitive data and promoting Cloudflare Worker secrets. CORS is broadly set to '*' which could be a risk if exposed publicly without additional authentication. The use of Supabase Service Role Key is noted in ingestion scripts and could be a risk if not securely managed.
Updated: 2025-11-23GitHub
42
1
Low Cost
kukapay icon

backtrader-mcp

by kukapay

Sec2

An AI-accessible MCP server for Backtrader, enabling agents to run, analyze, and optimize trading strategies through natural language prompts.

Setup Requirements

  • ⚠️Requires Python 3.10+
  • ⚠️Requires 'uv' for dependency management (recommended)
  • ⚠️Requires MCP CLI installation (`uv run mcp install main.py`)
Review RequiredView Analysis
The `run_backtest` tool uses `exec(strategy_code, {}, local_ns)` to execute user-provided Python code directly. This is a critical security vulnerability as it allows arbitrary code execution. An attacker could inject malicious Python code (e.g., `import os; os.system('rm -rf /')`) leading to severe system compromise, data theft, or denial of service if the server is exposed to untrusted input. While the `exec` call uses empty globals, core built-ins and module imports are still accessible.
Updated: 2025-11-27GitHub
42
1
High Cost
TiKcoc icon

orkel

by TiKcoc

Sec9

Generating AI-powered creative content including images, 3D models, and procedural environments using generative AI frameworks like Stable Diffusion, TripoSR, and Infinigen.

Setup Requirements

  • ⚠️Requires AMD GPU with ROCm support for optimal performance and compatibility (explicitly mentioned for SDNext and TripoSR).
  • ⚠️Significant disk space (hundreds of GBs) and RAM required for AI models and dependencies.
  • ⚠️Specific Python versions might be preferred or required (e.g., Python 3.11 for Infinigen setup option).
Verified SafeView Analysis
Setup scripts use standard package management (pip, docker pull from official registries) and do not contain obvious 'eval', obfuscation, or hardcoded secrets. The primary security consideration would be the integrity and safety of the upstream `infinigen`, `sdnext`, and `TripoSR` project dependencies themselves, which are not detailed in this source.
Updated: 2025-11-28GitHub
42
23
High Cost
botingw icon
Sec4

Provides a RAG and Knowledge Graph powered backend for grounding AI coding assistants in the LangGraph ecosystem, improving code generation accuracy and reducing hallucinations.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid Service) for embeddings and LLM interactions.
  • ⚠️Requires a Supabase Project (PostgreSQL with pgvector) URL and Service Role Key.
  • ⚠️Requires a Neo4j Graph Database instance (AuraDB or local desktop) URI, User, and Password.
  • ⚠️Requires Docker (recommended) or Python 3.12+ with `uv` for local development setup.
  • ⚠️Specific `NEO4J_URI` configuration is required based on whether Neo4j is running on the host (for Docker) or locally (for local development).
  • ⚠️Database SSL certificate validation (`rejectUnauthorized: false`) is disabled by default in production mode, which is a security risk.
Review RequiredView Analysis
Critical: Admin authentication uses direct plaintext password comparison (from environment variable) with no rate limiting, vulnerable to brute-force attacks. Database SSL (`rejectUnauthorized: false`) is insecure in production, risking Man-in-the-Middle (MITM) attacks. High Risk: Python tools (`llm_api.py` for LLM interaction, `web_scraper.py` for web scraping) expose potential local file exfiltration (via image encoding or generic file read prompts) and arbitrary URL fetching if AI agents are maliciously prompted. Minor: Content Security Policy (CSP) and Cross-Origin Embedder Policy are disabled in development mode for the Express API, requiring hardening for production. Logging of environment variable keys at startup in `llm_api.py` is a minor information leak.
Updated: 2025-11-29GitHub
42
19
High Cost
divar-ir icon

zoekt-mcp

by divar-ir

Sec8

Provides code search and content fetching capabilities using Zoekt, designed for integration with AI assistants and LLMs.

Setup Requirements

  • ⚠️Requires a running Zoekt search server instance.
  • ⚠️Requires Python 3.13+.
  • ⚠️Requires ZOEKT_API_URL environment variable to be set.
Verified SafeView Analysis
The server's primary function is to proxy and format requests to a user-configured Zoekt instance. Its security largely depends on the trustworthiness and proper configuration of the external Zoekt instance. No direct code execution vulnerabilities (e.g., eval) or hardcoded secrets were found in the provided source.
Updated: 2025-11-25GitHub
42
25
Medium Cost
dtyq icon

php-mcp

by dtyq

Sec8

Facilitates communication and integration between LLM applications and external data sources or tools by implementing the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires PHP 8.3+
  • ⚠️Composer dependencies must be installed.
  • ⚠️Process execution permissions are needed for StdioTransport to spawn child processes.
  • ⚠️`pcntl` extension is recommended for robust signal handling with StdioTransport.
  • ⚠️`mbstring` extension is required for UTF-8 validation.
  • ⚠️If using Hyperf integration with RedisSessionManager, a Redis server is required.
Verified SafeView Analysis
The server demonstrates robust message validation (UTF-8, JSON-RPC 2.0 structure, MCP stdio format) and uses interfaces for authentication and session management, promoting a secure design. Session IDs are generated cryptographically. Text content is sanitized to remove control characters. Potential risks include insecure implementations of custom tools, prompts, or resource handlers registered by the user, and possible path traversal/SSRF vulnerabilities if user-provided URIs are not meticulously validated by custom resource handlers leveraging `file_get_contents` or similar. The `Access-Control-Allow-Origin: *` header in HttpTransport exposes the API to all origins, which is standard for public APIs but should be noted.
Updated: 2025-12-12GitHub
42
28
Low Cost
clerk icon

mcp-tools

by clerk

Sec9

Provides a TypeScript library to simplify building Model Context Protocol (MCP) clients and servers, enabling AI applications to securely access private user data through OAuth-based authentication flows.

Setup Requirements

  • ⚠️Requires a Clerk account and configuration (publishable key, secret key) for Clerk authentication integration.
  • ⚠️Requires installing framework-specific dependencies (e.g., `next`, `express`, `@vercel/mcp-adapter`) depending on the target application environment.
  • ⚠️Requires a running instance of Redis, PostgreSQL, or a SQLite database file for production-ready persistent session storage if not using the development-only file system store.
Verified SafeView Analysis
The project follows good security practices including PKCE for OAuth flows and parameterized queries for database interactions (SQLite, Postgres), mitigating SQL injection risks. Environment variables are used for sensitive keys like Clerk API keys and database credentials. Publicly exposed OAuth metadata endpoints use `Access-Control-Allow-Origin: *` which is acceptable for metadata but should not be broadly applied to sensitive data endpoints. A minor `@ts-expect-error` is used for augmenting the Express request object, which is a common pattern but bypasses type safety.
Updated: 2026-01-15GitHub
42
33
Medium Cost
timescale icon
Sec9

This server acts as a wrapper for the Linear API, providing focused tools for LLMs to manage and query issue tracking and project data.

Setup Requirements

  • ⚠️Requires a LINEAR_API_KEY, which is typically associated with a paid Linear.app account.
  • ⚠️Requires Node.js environment for execution.
  • ⚠️Designed for integration with Model Context Protocol (MCP) clients like Claude Desktop or MCP Inspector, rather than as a standalone web application.
Verified SafeView Analysis
The server correctly retrieves the LINEAR_API_KEY from environment variables, avoiding hardcoded secrets. Input validation is implemented using Zod schemas for all API endpoints, which helps mitigate common injection vulnerabilities. The core server functionality relies on the '@tigerdata/mcp-boilerplate' library, which is assumed to handle fundamental security practices for an MCP server (e.g., transport layer security if applicable for HTTP, robust error handling). No direct 'eval' or other easily exploitable malicious patterns were found in the provided code. Caching of users and projects is implemented, which is good for performance but does not directly impact security, other than reducing unnecessary external calls. For production deployment, additional security measures like network access control, HTTPS (if using HTTP transport), and robust authentication for the MCP server itself (beyond just the Linear API key) would be standard practice.
Updated: 2026-01-07GitHub
42
1
Medium Cost
danpeig icon
Sec8

Provides an MCP interface for water and wastewater treatment system design tools via the Plutocalc Designer REST API, enabling AI applications to interact with engineering calculations.

Setup Requirements

  • ⚠️Requires Node.js 18+ to run.
  • ⚠️External Plutocalc Designer REST API is required, and compute-intensive models may require a paid license key.
  • ⚠️Server runs on port 3003 by default; requires environment variable configuration (`PORT`) or a reverse proxy for different ports or production deployment.
Verified SafeView Analysis
The server uses standard security middleware (helmet, cors, express-rate-limit) for common web vulnerabilities and rate limiting. It acts as an API gateway, proxying requests to an external API. There are no 'eval' or direct shell command executions observed. Sensitive URLs (`PLUTOCALC_API_BASE_URL`) are configurable via environment variables. Input validation against the `inputSchema` defined in `tools` metadata is not explicitly performed by the gateway before proxying requests; however, arguments are stringified as JSON to the backend API, which helps mitigate direct injection in the gateway itself. The ultimate security depends on the Plutocalc Designer API's own input handling.
Updated: 2026-01-18GitHub
PreviousPage 75 of 713Next