Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

42
28
Low Cost
Agent-Hellboy icon

mcp-server-fuzzer

by Agent-Hellboy

Sec9

Fuzzing and security testing of Model Context Protocol (MCP) servers across multiple transport protocols (HTTP, SSE, Stdio) to validate functionality, robustness, and protocol compliance.

Setup Requirements

  • ⚠️Requires Node.js 18+ and npm for building and running some target MCP servers (e.g., 'Everything MCP Server' for e2e tests).
  • ⚠️Requires Python 3.10+ for the fuzzer itself; some e2e tests specify Python 3.13+.
  • ⚠️Docker is required for containerized testing environments; network configuration differs for Linux (`--network host`) versus macOS/Windows (`http://host.docker.internal`) when accessing host servers.
  • ⚠️For source installations, the MCP spec is vendored as a Git submodule and requires `git submodule update --init --recursive`.
Verified SafeView Analysis
The MCP Server Fuzzer is explicitly designed with robust, multi-layered safety features (command blocking, filesystem sandboxing via `--fs-root`, strict network policies with `--no-network`/`--allow-host`, process isolation, and non-root Docker user execution) to safely test potentially vulnerable target servers. Its internal architecture (e.g., `SafetyFilter`, `SystemCommandBlocker`) is built to prevent the fuzzer itself from performing dangerous operations on the host machine.
Updated: 2026-01-18GitHub
42
22
Medium Cost
infobip icon

mcp

by infobip

Sec9

Build conversational AI agents capable of interacting with the Infobip platform for omnichannel communication (SMS, WhatsApp, Viber, etc.) using the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires an Infobip account with API access and appropriate scopes (e.g., sms:manage). This is a paid service.
  • ⚠️Requires an Azure OpenAI account with a deployed model, or an AWS account with Bedrock access and a specific model ID. These are paid AI services.
  • ⚠️Requires specific SDKs depending on the chosen demo: .NET 9.0+ SDK (for C#), Python 3.12+ with 'uv' (for Python), or Node.js with 'npm' (for JavaScript).
Verified SafeView Analysis
The code consists of client examples interacting with remote Infobip MCP servers and AI models (Azure OpenAI, AWS Bedrock). It correctly utilizes environment variables for all API keys, preventing hardcoded secrets. No 'eval', obfuscation, or malicious patterns were found. Network risks are limited to standard outbound HTTPS API calls to trusted endpoints, which are securely handled by external services.
Updated: 2026-01-09GitHub
42
1
Medium Cost
foscomputerservices icon

hindsight-mcp

by foscomputerservices

Sec9

An MCP server that maintains a searchable knowledge base of development learnings, common errors, coding patterns, and best practices to assist developers.

Setup Requirements

  • ⚠️Requires Python 3.11+.
  • ⚠️Manual client configuration for Claude Desktop/Code is required if not using the Homebrew `hindsight-init` script.
  • ⚠️The knowledge base is stored locally in an SQLite database, which may not suit users requiring cloud synchronization or shared team knowledge.
Verified SafeView Analysis
The server uses parameterized SQL queries, which prevents SQL injection vulnerabilities. No dynamic code execution (e.g., 'eval') is present in the provided source. Data is stored locally in an SQLite database, mitigating external network data exposure risks. File system operations are confined to the user's ~/.hindsight/ directory. Overall, good security practices are evident.
Updated: 2025-12-04GitHub
42
52
Medium Cost
mailtrap icon

mailtrap-mcp

by mailtrap

Sec9

The Mailtrap MCP server provides tools for sending transactional emails and managing email templates, including a sandbox environment for testing.

Setup Requirements

  • ⚠️Requires a Mailtrap account and API token (paid service potentially involved for full functionality).
  • ⚠️Domain verification is necessary for sending actual transactional emails.
  • ⚠️Specific Mailtrap Account ID is required for template management operations.
  • ⚠️A Mailtrap Test Inbox ID is required for sandbox email functionality.
Verified SafeView Analysis
The server correctly uses environment variables for sensitive API tokens and account IDs, preventing hardcoding. Input validation for all tools is implemented using Zod schemas. Error handling is structured, returning clear messages and an 'isError' flag. There is no usage of 'eval' or other directly dangerous dynamic code execution. Network communication relies on standard SDK and web server practices.
Updated: 2026-01-07GitHub
42
28
Medium Cost
CheckPointSW icon

mcp-servers

by CheckPointSW

Sec8

Provides AI assistants with capabilities for malware analysis, file scanning, and threat detection by integrating with Check Point's Threat Emulation and Anti-Virus cloud services.

Setup Requirements

  • ⚠️Requires Node.js 20+ and npm 10+ to run.
  • ⚠️Requires a valid Check Point Threat Emulation API Key (or other specific credentials for other MCP servers in the monorepo) which must be obtained from Check Point.
  • ⚠️The 'file_path' parameter for file upload must point to an uncompressed text file (e.g., for CPInfo Analysis, raw data for Threat Emulation). Compressed archives require manual extraction.
  • ⚠️Using complex tools or processing large files (e.g., for CPInfo Analysis) may incur higher token costs and potentially require a paid subscription to the AI model provider.
Verified SafeView Analysis
The system utilizes standard API key authentication (or OAuth for Spark Management, interactive prompts for Gaia) for Check Point services. Credentials are handled securely, either passed as API keys, exchanged for bearer tokens, or cached in-memory per session (Gaia). Interactive UI dialogs for authentication run a local HTTP server and open a browser to a localhost URL, with URL validation to prevent external access. Telemetry is opt-out and uses hashed machine IDs, without sensitive data. File path inputs (e.g., for `file_path` in `upload_file`) are processed using Node.js's `fs` module, which means the MCP server requires read access to the specified paths. The security risk here depends heavily on the privileges of the running MCP server process and the trustworthiness of the client invoking the AI. The `bundle-mcp.js` and `build-mcpb.js` scripts use `execSync` for build-time tasks (npm install, chmod, mcpb pack) but not in the runtime server logic. Regular expressions are heavily used in `cpinfo-analysis`, which could theoretically pose a ReDoS risk if applied to arbitrary untrusted input, but are generally applied to diagnostic log file content.
Updated: 2026-01-19GitHub
42
6
High Cost
blueraai icon

bluera-knowledge

by blueraai

Sec8

Provides a semantic knowledge base and intelligent web crawling capabilities to power coding agents, enabling them to search internal project files, Git repositories, and crawled web documentation.

Setup Requirements

  • ⚠️Requires Claude Code CLI to be installed and accessible in the system's PATH for intelligent crawling and content extraction features.
  • ⚠️Requires Python 3 along with specific dependencies (e.g., crawl4ai) which are managed by the hooks/check-dependencies.sh script, for web crawling and Python AST parsing.
  • ⚠️Downloads and utilizes local Hugging Face embedding models (e.g., Xenova/all-MiniLM-L6-v2) which consume significant disk space (100-200MB) and RAM during processing.
Verified SafeView Analysis
The system uses child_process.spawn to interact with external Python (crawl4ai) and Claude CLI tools. While arguments for these tools are constructed internally and user inputs are primarily passed via stdin or validated parameters, external process execution always carries some inherent risk. File system operations for managing stores and job data rely on internally generated paths and UUIDs, mitigating direct path traversal vulnerabilities from user input. The application exposes an HTTP API and an MCP endpoint, which require standard network security practices during deployment. No obvious hardcoded secrets or eval usage detected in the core application logic.
Updated: 2026-01-18GitHub
42
1
Medium Cost
stefans71 icon

Claude_GPT_MCP

by stefans71

Sec9

Allows Claude Code users to query over 200+ other AI models via OpenRouter for tasks like code review, second opinions, and architectural feedback, without leaving their coding environment.

Setup Requirements

  • ⚠️Requires an active Claude Code CLI installation (which requires a Pro subscription or Anthropic API key).
  • ⚠️Requires Node.js version 18 or higher to be installed.
  • ⚠️Requires an OpenRouter API Key, which may incur costs depending on model usage and OpenRouter's pricing (though a free tier is available).
Verified SafeView Analysis
The project demonstrates strong security practices for handling API keys. It explicitly stores API keys locally with `chmod 600` permissions (owner-only access) and emphasizes direct communication with OpenRouter without telemetry. The setup script transparently modifies user shell configurations and Claude's MCP config. It avoids dangerous patterns like `eval` by using `jq` or Node.js for JSON manipulation. The API key is verified with OpenRouter during setup. The main security risk is inherent to providing an API key to a local script, but measures are in place to mitigate misuse and ensure transparency.
Updated: 2026-01-19GitHub
42
15
Medium Cost
yoavf icon
Sec9

Allows AI agents to search, list, and read your previous local coding sessions from multiple CLI coding agents.

Setup Requirements

  • ⚠️Requires Go 1.25 or later to build from source.
  • ⚠️Requires an MCP-compatible AI client (e.g., Claude Code, OpenAI Codex, Gemini CLI) to use as a server.
  • ⚠️Manual PATH configuration may be required after installation via `install.sh`.
Verified SafeView Analysis
The server runs locally and primarily reads user-generated session files from well-defined paths within the user's home directory (`~/.claude`, `~/.codex`, etc.). This is its core functionality and expected behavior. The installation script uses `curl | bash`, which always carries inherent risk, though it mitigates this by performing checksum verification of downloaded binaries from GitHub Releases. The `openBrowser` function, which executes external commands, is restricted by `validateAPIURL` to only open trusted domains (`https://aisessions.dev`, `http://localhost:*`, `http://127.0.0.1:*`), preventing arbitrary command execution via malicious URLs. User authentication tokens are stored in `~/.aisessions/config.json` with secure `0600` file permissions. No hardcoded secrets were found. No `eval` or similar direct code execution vulnerabilities are apparent in the Go source code. The CLI upload feature includes a 'Data Responsibility Notice' and requires user confirmation before uploading sensitive data.
Updated: 2025-12-13GitHub
42
27
Medium Cost
GitGuardian icon

ggmcp

by GitGuardian

Sec9

A focused MCP server for developers, providing remediation tools for secrets detected in code and honeytoken management capabilities.

Setup Requirements

  • ⚠️Requires `uv` for package installation and dependency management.
  • ⚠️Requires Python 3.10+ (Python 3.13+ is recommended for development).
  • ⚠️Authentication with GitGuardian is necessary, either via a Personal Access Token (PAT) environment variable or an interactive OAuth 2.0 PKCE flow (opens a browser).
  • ⚠️Honeytoken management features may be omitted for self-hosted GitGuardian instances unless specifically enabled and the user holds a 'manager' role with appropriate scopes.
Verified SafeView Analysis
Developed by GitGuardian, a security company, the server incorporates robust security practices. It supports OAuth 2.0 PKCE and Personal Access Token (PAT) authentication, with strict scope-based access control for individual tools. Sensitive data is redacted in VCR test cassettes, and development workflows leverage `ggshield` pre-commit/pre-push hooks to prevent secret leaks in the repository itself. The server is designed to operate with 'read-only' permissions for AI agents by default, minimizing potential risks. There is no evidence of dangerous patterns like `eval()` or dynamic code execution from untrusted input in the core server logic.
Updated: 2026-01-16GitHub
42
11
Medium Cost
Algiras icon

skillz

by Algiras

Sec9

Skillz enables AI agents to dynamically build, manage, and execute custom tools at runtime using WebAssembly and scripts, with features like persistent memory, Docker service orchestration, and external MCP server integration.

Setup Requirements

  • ⚠️Requires `rustup target add wasm32-wasip1` for WASM tool compilation.
  • ⚠️Docker must be installed and running for Docker service management.
  • ⚠️Ensure `~/.cargo/bin` is in your PATH for client visibility, or use absolute path.
Verified SafeView Analysis
The server implements robust security measures including a fully sandboxed WebAssembly runtime for Rust tools, and optional Linux sandboxing (bubblewrap, firejail, nsjail) for script tools. Environment variables passed to tools are strictly filtered, with `SKILLZ_*` prefixed variables forwarded for secrets. Tool imports from Git/Gist are supported, with the imported code subject to the same sandboxing. Docker services add a dependency on Docker's security model, but are managed within a dedicated network and prefixed volumes. No 'eval' or direct obfuscation patterns were observed; the codebase is transparent Rust.
Updated: 2026-01-10GitHub
42
20
High Cost
Zhang-986 icon

Stardew-Sage

by Zhang-986

Sec2

An AI-powered assistant for Stardew Valley, providing conversational AI, RAG-powered search, multimodal image analysis, daily game insights, and personalized recommendations.

Setup Requirements

  • ⚠️Requires a paid ZhipuAI (or OpenAI compatible) API Key for AI operations.
  • ⚠️Requires MySQL 8.0+ database, with schema and data imported from `database.sql`.
  • ⚠️Requires RedisStack (Redis with RediSearch module) for vector store functionality, standard Redis is insufficient.
  • ⚠️Java 17+ and Node.js 8.9+ (with npm) are required for backend and frontend components respectively.
Review RequiredView Analysis
Critical security vulnerabilities detected: - **SQL Injection**: The `DatabaseMapper` directly injects `tableName` into SQL queries (e.g., `SELECT * FROM ${tableName}`) in `getTableInfo` and `getSampleData` methods, which are exposed via `RagLoadController`. While `getTableInfo` performs a whitelist check, `getSampleData` called by `getRAGDataInfo` does not, creating a severe SQL injection risk. This allows arbitrary table data access or potential database manipulation. - **Hardcoded Sensitive Credentials**: AI API keys (`spring.ai.openai.api-key`), Redis credentials (`spring.data.redis.password`, `host`), MySQL database credentials (`spring.datasource.password`, `username`, `url`), and even Druid monitoring credentials (`login-password`) are hardcoded directly in `application.yml` and `application-druid.yml` within the source code. This is a major security flaw, exposing sensitive access tokens and database access information. - **Wide-Open CORS Policy**: The `CorsConfig` allows `*` for `allowedOrigins`, `allowedMethods`, and `allowedHeaders`, making the API vulnerable to cross-origin attacks in a production environment. - **Hardcoded RSA Keys**: `jsencrypt.js` in the frontend hardcodes public and private RSA keys, which could be a risk if used for sensitive server-side operations or if client-side code is easily tampered with to bypass protections. While likely used for client-side password encryption, it's generally best practice to avoid hardcoding keys.
Updated: 2025-12-14GitHub
42
25
Medium Cost
hashicorp icon

vault-mcp-server

by hashicorp

Sec9

Provides a Model Context Protocol (MCP) server implementation to integrate HashiCorp Vault secrets management and PKI operations with LLM clients.

Setup Requirements

  • ⚠️Requires Docker.
  • ⚠️Requires a running HashiCorp Vault server.
  • ⚠️Requires a valid Vault token with appropriate permissions.
Verified SafeView Analysis
The server implements robust security features including configurable CORS policies (`MCP_ALLOWED_ORIGINS`, `MCP_CORS_MODE`), TLS support (`MCP_TLS_CERT_FILE`, `MCP_TLS_KEY_FILE`), and global/per-session rate limiting. It explicitly rejects Vault tokens passed via URL query parameters. It uses environment variables for sensitive configurations, preventing hardcoding. The README clearly warns that the server is intended for local use only and that exposing Vault data (including secrets) to untrusted LLMs/clients is a significant inherent risk that users must mitigate.
Updated: 2026-01-15GitHub
PreviousPage 76 of 713Next