Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

42
36
Medium Cost
angrysky56 icon

mcp-logic

by angrysky56

Sec8

An MCP server for automated first-order logic reasoning, including theorem proving, model finding, counterexample finding, and categorical reasoning.

Setup Requirements

  • ⚠️Requires local installation and build of LADR (Prover9/Mace4) which involves git, cmake, and build-essential tools. The setup script attempts to automate this.
  • ⚠️The server requires the `--prover-path` argument to specify the absolute path to the Prover9/Mace4 binaries. This path is auto-generated in the `claude-app-config.json` during setup but needs manual update if the repository is moved.
  • ⚠️Different setup scripts are provided for Linux/macOS and Windows, indicating OS-specific installation steps.
Verified SafeView Analysis
The server uses `subprocess.run` to execute external binaries (Prover9/Mace4). While the input to these binaries is crafted from user input, it's passed as a list of arguments and not via `shell=True`, which mitigates common command injection risks. Temporary files are used for input, which are then cleaned up. The setup script downloads and builds the LADR library (Prover9/Mace4) from a third-party GitHub repository, which assumes the integrity of that external project. No hardcoded secrets or direct network calls from the core logic are evident.
Updated: 2025-12-12GitHub
42
48
Medium Cost
aashari icon
Sec9

Connects AI assistants to Jira projects, issues, and workflows to enable natural language interaction for project management and issue tracking.

Setup Requirements

  • ⚠️Requires an Atlassian Jira API Token for authentication.
  • ⚠️Supports Jira Cloud only; Jira Server/Data Center are not currently supported.
  • ⚠️Requires Node.js version 18.0.0 or higher.
Verified SafeView Analysis
The server handles sensitive Jira credentials by loading them from environment variables or a user's local configuration file (~/.mcp/configs.json), rather than hardcoding them. Input validation for tool arguments is implemented using Zod. JMESPath (jq) is used for data filtering, which is a safe query language, not allowing arbitrary code execution. File I/O operations for logging and raw response storage are restricted to user-specific directories (~/.mcp/data/ and /tmp/mcp/), minimizing risks to system files. JSON parsing for API responses is considered safe as Jira's API is a trusted source.
Updated: 2026-01-07GitHub
42
1
Low Cost
DICloak-Inc icon
Sec5

Enables natural language interaction with Dicloak Local API functions through GPT/MCP clients for environment, group, proxy, member, and social media automation.

Setup Requirements

  • ⚠️Requires DICLOAK_API_KEY and DICLOAK_BASE_URL, which must be obtained from a Dicloak account.
  • ⚠️The DICLOAK_BASE_URL requires '/openapi' to be manually appended after copying from the Dicloak settings.
  • ⚠️Requires Node.js and npm/npx to be installed locally to run the bridge.
Review RequiredView Analysis
The provided source code is a README only, so direct code analysis for 'eval', obfuscation, or other malicious patterns is not possible. Running `npx dicloak-local-api-mcp-bridge` involves downloading and executing a third-party Node.js package, which introduces inherent supply chain risks. Sensitive credentials (`DICLOAK_API_KEY`, `DICLOAK_BASE_URL`) are passed as environment variables to this external process.
Updated: 2025-11-28GitHub
42
32
Medium Cost
rhblind icon
Sec3

Connects Large Language Models (LLMs) to an Emacs environment, allowing LLMs to interact with and control Emacs functionality via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Emacs 27.1+ (for native JSON support).
  • ⚠️Requires `socat` for client connections (especially for the shell wrapper and direct `socat` client integrations).
  • ⚠️Requires Python 3 for the `mcp-wrapper.py` and Python client test scripts.
Review RequiredView Analysis
The server includes an `eval-elisp` tool which allows remote execution of arbitrary Emacs Lisp code by the connected LLM. While the project implements a sophisticated permission system, input validation, and execution limits, the README explicitly states that 'Using `eval-elisp` requires trusting the LLM completely' and details known bypasses (e.g., `funcall`, `apply`, macro evaluation) that can circumvent security checks. This inherent capability for remote code execution makes it a critical security risk if the LLM is untrusted or compromised, despite defense-in-depth measures.
Updated: 2026-01-08GitHub
42
14
High Cost
serkan-ozal icon

browser-devtools-mcp

by serkan-ozal

Sec8

This MCP server provides AI coding assistants with comprehensive browser automation and debugging capabilities using Playwright, enabling execution-level and visual debugging for web pages.

Setup Requirements

  • ⚠️Requires Playwright browser installation (managed by Playwright, but might need system dependencies).
  • ⚠️Requires `FIGMA_ACCESS_TOKEN` for `figma_compare-page-with-design` tool.
  • ⚠️Requires `AWS_REGION` and `AWS_PROFILE` (or other AWS credentials configuration) for Amazon Bedrock integrations (image/text embedding, vision models).
  • ⚠️Requires `BROWSER_PERSISTENT_ENABLE=true` and manual installation of 'React Developer Tools' Chrome extension in the browser profile for optimal reliability of React component inspection tools.
Verified SafeView Analysis
The `run_js-in-sandbox` tool utilizes Node.js `vm.createContext` for code execution, which offers context isolation but is explicitly stated in the documentation as 'NOT a security boundary' and 'intended for trusted automation logic'. It mitigates risks by carefully whitelisting safe built-ins and explicitly blocking dangerous Node.js APIs like `require`, `process`, and `fs`. The `run_js-in-browser` tool executes arbitrary JavaScript within the browser page context using Playwright's `page.evaluate()`, which is an inherent part of browser automation and operates with the permissions of the loaded web page. External API integrations, such as with Figma, rely on sensitive access tokens, which are configured via environment variables to avoid hardcoding.
Updated: 2026-01-19GitHub
42
28
Low Cost
royyannick icon
Sec10

A curated list of Model Context Protocol (MCP) servers, enabling AI models to interact with various blockchain networks, crypto market data, and decentralized finance protocols.

Verified SafeView Analysis
The provided source code is a `README.md` file, which serves as a curated list of external MCP servers. It contains no executable code, hardcoded secrets, 'eval' statements, or direct network risks within this repository itself. The security of the external MCP servers listed in this repository would require independent audits.
Updated: 2025-11-26GitHub
42
1
Medium Cost
madamak icon
Sec9

Enables AI agents to inspect Apache Airflow DAGs, runs, and logs, and perform operational tasks like triggering, pausing, and clearing resources across multiple instances.

Setup Requirements

  • ⚠️Requires `AIRFLOW_MCP_INSTANCES_FILE` environment variable pointing to a YAML configuration file.
  • ⚠️Airflow instance credentials (username/password/token) must be provided via environment variables, referenced within the YAML configuration.
  • ⚠️Depends on `apache-airflow-client` Python package, which must be compatible with the target Airflow API version (2.7.0 to 3.0.0).
Verified SafeView Analysis
The server includes robust measures against SSRF attacks by strictly validating UI URLs against configured instance hostnames. Sensitive credentials are managed via environment variables and are not logged or exposed directly. The use of `ast.literal_eval` for log parsing is controlled and safe. Bearer token authentication is explicitly marked as 'experimental'.
Updated: 2025-11-30GitHub
42
29
Medium Cost
bitrise-io icon

bitrise-mcp

by bitrise-io

Sec9

Integrate Bitrise CI/CD operations with AI assistants via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️A Bitrise Personal Access Token (PAT) is mandatory for authenticating with the Bitrise API.
  • ⚠️For running the server locally, Go (version >= 1.25) must be installed.
  • ⚠️Environment variables (e.g., BITRISE_TOKEN) must be correctly set and sourced for local server modes, with some IDEs like AWS Kiro having specific requirements for when variables are read.
Verified SafeView Analysis
No apparent malicious patterns, dynamic code execution, or hardcoded sensitive credentials within the server's source code. Personal Access Tokens (PATs) are handled securely via environment variables or HTTP headers, aligning with best practices. The server includes logging with configurable levels and proper error handling. The primary security consideration for users is ensuring secure management of their Bitrise PATs and properly configuring network access if using the HTTP transport.
Updated: 2026-01-19GitHub
42
1
Medium Cost
jiahuidegit icon

memory-mcp-server

by jiahuidegit

Sec8

A structured AI context memory system designed for Claude Code, focusing on comprehensive context preservation and multi-level retrieval for developer tasks.

Setup Requirements

  • ⚠️Requires Node.js >=18.0.0 and pnpm >=8.0.0 to build from source or run globally.
  • ⚠️Semantic search (L3 retrieval strategy) requires an embedding service. This can be configured to use OpenAI (requires a paid API key) or Ollama (free, requires a local Ollama server running 'nomic-embed-text' or a compatible model).
  • ⚠️PostgreSQL storage, suitable for team/production use, requires setting the 'DATABASE_URL' environment variable and relies on Prisma for schema management, which the MCP server attempts to automatically push on first run.
Verified SafeView Analysis
The server relies on environment variables for sensitive database connections. SQL injection risks are mitigated by using parameterized queries through 'better-sqlite3' for SQLite and Prisma for PostgreSQL. The 'execSync' command is used for Prisma database migrations, which is a controlled administrative task and not directly exposed to untrusted user input. No 'eval' or other blatant malicious patterns were found.
Updated: 2026-01-19GitHub
42
1
Medium Cost
Adidem23 icon
Sec2

Cardano J.A.R.V.I.S is an intelligent AI-powered automation system that allows users to perform Cardano blockchain operations using natural voice commands.

Setup Requirements

  • ⚠️Requires specific Windows OS setup for 'pyautogui' desktop automation (e.g., D: drive paths, specific screen assets).
  • ⚠️Requires a browser-based Cardano wallet (e.g., Typhon) installed and configured for 'pyautogui' to automate.
  • ⚠️Requires API keys for Google Gemini, Masumi Registry, and Masumi Payment services (likely paid).
  • ⚠️Python 3.12+ is required for the Masumi MCP server component.
Review RequiredView Analysis
The system utilizes 'pyautogui' for UI automation (e.g., opening wallets, typing addresses, clicking buttons). This grants the AI agent complete control over the user's desktop environment, which is a critical security vulnerability. A compromised or hallucinating AI could perform arbitrary, unauthorized actions, including accessing sensitive data or initiating unintended transactions outside the intended blockchain context, bypassing programmatic checks. Additionally, the FastAPI backend has CORS configured with `allow_origins=["*"]`, making it vulnerable to requests from any origin, which is highly insecure for a server handling blockchain operations.
Updated: 2025-12-01GitHub
42
25
High Cost
Mnehmos icon

rpg-mcp-servers

by Mnehmos

Sec8

This server suite provides advanced D&D 5e combat and game state management functionalities for AI-powered Dungeon Master experiences, including 3D spatial combat, character and inventory management, quest tracking, and dynamic spell creation.

Setup Requirements

  • ⚠️Requires Roo Code VS Code extension (or CLI) for Model Context Protocol communication.
  • ⚠️Requires manual configuration of `mcp_settings.json` with specific project paths for the MCP client to recognize the local servers.
  • ⚠️The system consists of two separate Node.js servers (`game-state-server` and `combat-engine-server`) that must be built and run concurrently in separate terminals.
Verified SafeView Analysis
The server suite is designed for local or controlled environments. Input validation for dice notation is implemented using regular expressions, mitigating arbitrary code execution through dice strings. MCP tool definitions enforce schema validation, reducing risks from malformed input. SQLite is used for local persistence. No hardcoded external secrets are exposed in the provided code. Running two separate Node.js processes locally (game-state-server and combat-engine-server) limits direct external exposure, assuming proper firewall configurations. The use of 'better-sqlite3' with prepared statements typically protects against SQL injection. However, a comprehensive audit would be needed for all database interaction points and the full MCP SDK.
Updated: 2025-12-06GitHub
42
29
Medium Cost
aywengo icon
Sec10

A comprehensive Model Context Protocol (MCP) server that provides Claude Desktop and other MCP clients with tools for Kafka Schema Registry operations, including schema management, migration, and export.

Setup Requirements

  • ⚠️Requires a running Kafka Schema Registry instance (SCHEMA_REGISTRY_URL) to connect to.
  • ⚠️Docker is highly recommended for deployment and testing; local Python setup also possible.
  • ⚠️OAuth 2.1 configuration (AUTH_ISSUER_URL, AUTH_AUDIENCE) is required if authentication (ENABLE_AUTH) is enabled.
  • ⚠️Default ports (e.g., 38000 for MCP server, 38081-38082 for registries) may conflict with existing services.
Verified SafeView Analysis
The server implements robust security measures, achieving 'perfect 100/100 MCP 2025-06-18 Specification Score'. It includes comprehensive OAuth 2.1 compliance with mandatory PKCE, RFC 8707 resource indicators, secure HTTP headers (e.g., Strict-Transport-Security, Content-Security-Policy), and URL validation to prevent SSRF. Sensitive data is filtered from logs, and containers are designed for non-root execution. No obvious 'eval' or other highly dangerous patterns without clear justification were found in the provided code snippets.
Updated: 2026-01-19GitHub
PreviousPage 77 of 713Next