Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

42
31
Medium Cost
nim444 icon
Sec8

Provides an MCP server for AI agents to automate Android devices using uiautomator2.

Setup Requirements

  • ⚠️Requires Python 3.13 or higher.
  • ⚠️Requires Android Debug Bridge (adb) installed and in system PATH.
  • ⚠️Requires a connected Android device with USB debugging enabled.
  • ⚠️Requires manual modification of `server.py` to switch between HTTP and stdio transport modes for different use cases (e.g., AI agent vs. API).
Verified SafeView Analysis
The project uses `uiautomator2` which grants powerful control over a connected Android device. It uses `subprocess.run` to check ADB status but does so safely by resolving `adb` path and using fixed commands, avoiding injection risks. No hardcoded secrets or `eval` usage were found. The server can be configured to run on `0.0.0.0` (all network interfaces), which means it's accessible on the local network. Users should ensure their network environment is secure to prevent unauthorized access to the server, as control of the server implies control of the connected Android device.
Updated: 2025-11-21GitHub
42
3
Low Cost
mmornati icon

nexus-dev

by mmornati

Sec9

Provides a local RAG (Retrieval-Augmented Generation) system and persistent memory for AI coding agents to enhance their contextual understanding, cross-project learning, and tool-use capabilities.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid) or a locally running Ollama server with a pulled embedding model.
  • ⚠️Python 3.13+ is required for installation and execution.
  • ⚠️Manual configuration of the IDE's MCP client is necessary, often including setting the NEXUS_PROJECT_ROOT environment variable or ensuring correct working directory for the server.
  • ⚠️Specific `pipx` or `uv tool` installation method is recommended for isolated global installation.
Verified SafeView Analysis
Follows good practices like environment variables for secrets (e.g., OPENAI_API_KEY, GITHUB_PERSONAL_ACCESS_TOKEN), local-first data storage (LanceDB), and type-safe parsing with Pydantic and tree-sitter. Gateway mode proxies user-configured external MCP servers, so users are responsible for the security of those backend services. SSE transport exposes a network port, requiring proper network configuration (e.g., firewalls). CLI pre-commit hook installer uses a static script, mitigating injection risks. No direct 'eval' or execution of untrusted code found.
Updated: 2026-01-18GitHub
42
28
Low Cost
ukkit icon

memcord

by ukkit

Sec9

A privacy-first, self-hosted MCP server for organizing chat history, summarizing messages, and searching past conversations using AI, particularly for Claude interactions.

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️Utilizes 'uv' for virtual environment and package management, which the install scripts handle.
  • ⚠️Requires manual configuration (copying JSON files) to integrate with clients like Claude Desktop/Code or VSCode, in specific application data directories.
  • ⚠️Full functionality, especially 'infinite memory' for Claude conversations, implicitly requires active Claude client usage.
Verified SafeView Analysis
The server demonstrates a strong focus on security, implementing extensive input validation for slot names, group paths, and content to prevent common vulnerabilities like XSS, SQL injection, and path traversal. It includes checks for dangerous characters, reserved names, and system directory access. Network operations (e.g., URL imports) use timeouts and user-agent headers, and content extraction sanitizes scripts. Rate limiting and operation timeout mechanisms are also in place, contributing to overall system resilience against abuse.
Updated: 2026-01-19GitHub
42
21
Medium Cost
szaffarano icon

org-mcp-server

by szaffarano

Sec8

A Model Context Protocol (MCP) server for org-mode knowledge management, providing search, content access, and note linking capabilities for AI agents.

Setup Requirements

  • ⚠️Requires a Rust toolchain to build from source, or Nix for Nix Flakes installation.
  • ⚠️A TOML configuration file (`~/.config/org-mcp/config.toml`) is used, and users must configure `org_directory` to point to their org-mode file root.
  • ⚠️The configured `org_directory` must exist and be accessible by the running process for any file operations to succeed.
Verified SafeView Analysis
The project is written in Rust, which offers strong memory safety. It interacts with the file system for org-mode files, performing checks for directory existence and file validity (`OrgConfig::validate`, `OrgMode::read_file`). Path expansion uses `shellexpand::tilde`. The primary server transport shown is `stdio()`, limiting direct network exposure to agents running locally. However, if the `org_directory` configuration is set too broadly by the user, or if `--root-directory` is used carelessly, it could potentially expose more of the file system than intended, albeit limited to read operations. The `rmcp` dependency supports HTTP transport, but this is not the default configuration shown in `main.rs`.
Updated: 2026-01-15GitHub
42
38
Low Cost
Dark-Kernel icon

tuisic

by Dark-Kernel

Sec6

A terminal-based online music streaming application that provides an MCP (Model Context Protocol) server for AI integration, allowing AI clients to control music playback and search.

Setup Requirements

  • ⚠️Requires 'yt-dlp' to be installed for track download functionality (though not directly exposed by MCP tools).
  • ⚠️Optional MPRIS support requires 'sdbus-cpp', which may need manual building and installation.
  • ⚠️Requires a TUI-compatible terminal for the main application mode, but the MCP server runs headless.
Verified SafeView Analysis
The underlying MusicPlayer module, utilized by the MCP server, contains 'system()' calls for features like downloading tracks (via 'yt-dlp') and clipboard operations, which are vulnerable to command injection if input is not robustly sanitized. While the current MCP server tools do not directly expose these specific vulnerable paths to AI client commands, the presence of such methods in the codebase warrants caution. Additionally, 'execl()' is used for daemon mode, which could be exploited if arguments are not sanitized. There's a minor risk from 'notify-send' calls if messages contain shell metacharacters.
Updated: 2025-12-05GitHub
42
11
High Cost
MariyaSha icon

Docker_MCPGUIApp

by MariyaSha

Sec7

This repository provides a starter template for building full-stack AI assistants that integrate with real-world tools using Docker MCP Gateway and a Large Language Model.

Setup Requirements

  • ⚠️Requires Docker Desktop with MCP Toolkit & Catalog enabled.
  • ⚠️Requires Python 3.12+.
  • ⚠️Requires installing a lightweight model (e.g., Gemma3) in Docker Desktop.
  • ⚠️Stripe account is optional for certain remote MCP functionalities.
Verified SafeView Analysis
The `mcp_demo_app` setup instructs users to directly embed a Stripe secret key into `catalog.yaml`, which poses a risk if committed to a public repository. The `complete_app` mitigates this by using environment variables (`.env`) for secrets, which is a better practice. No 'eval' or obvious malicious patterns were found. Network communication to external services is handled via Docker MCP Gateway.
Updated: 2026-01-16GitHub
42
12
Medium Cost
opentargets icon
Sec7

This server acts as a Model Context Protocol (MCP) endpoint, enabling AI assistants to interact with the Open Targets Platform GraphQL API for drug discovery and target-disease association data.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Requires the `uv` package manager for local installation and execution (e.g., `uv sync`).
  • ⚠️Relies on an external Open Targets Platform API endpoint (https://api.platform.opentargets.org/api/v4/graphql by default).
Verified SafeView Analysis
The server uses `jq.compile()` to process JSON responses based on user-provided `jq_filter` strings. While `jq` is a domain-specific language for JSON transformation and not arbitrary code execution, a malicious or overly complex filter could potentially lead to resource exhaustion (Denial of Service) if not adequately rate-limited or validated. However, the project includes adaptive rate limiting middleware and error detail masking, which helps mitigate some risks. No obvious hardcoded secrets were found.
Updated: 2026-01-11GitHub
42
31
Low Cost
respawn-app icon

tool-filter-mcp

by respawn-app

Sec8

A proxy server for Model Context Protocol (MCP) that filters available tools from upstream MCP servers based on a regex-based deny list to optimize context for AI agents.

Setup Requirements

  • ⚠️Requires Node.js >= 20.0.0.
  • ⚠️Requires an existing upstream Model Context Protocol (MCP) server (HTTP/SSE or stdio) to proxy.
  • ⚠️Effective tool filtering requires proficiency in regular expressions to define `deny` patterns correctly.
Verified SafeView Analysis
The project uses `safe-regex2` to validate deny patterns, mitigating ReDoS vulnerabilities. It handles sensitive information by supporting environment variable expansion for authentication headers, preventing hardcoded secrets. In stdio mode, it spawns child processes for upstream servers, which is an inherent risk if the executed command is not carefully controlled by the deployer, though the tool itself does not introduce arbitrary user command execution.
Updated: 2026-01-06GitHub
42
28
Low Cost
opena2a-org icon
Sec9

A production-ready identity verification and security platform for AI agents and Model Context Protocol (MCP) servers, providing cryptographic identity, access control, and real-time threat detection.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose for the recommended full local setup.
  • ⚠️Production deployment critically requires overriding numerous default secrets (e.g., database, Redis, MinIO, Grafana passwords, JWT_SECRET, KEYVAULT_MASTER_KEY).
  • ⚠️Specific Go (1.23+) and Node.js (18+) versions are required for direct development setup (outside Docker).
Verified SafeView Analysis
The system is designed with strong security principles, including cryptographic identity (Ed25519, ML-DSA/PQC support), robust authentication/authorization, and rate limiting. It uses bcrypt for password hashing and implements measures to prevent information leakage in error responses. Critical components like JWT_SECRET and KEYVAULT_MASTER_KEY, along with other database/service passwords, have default values in development environments but are explicitly flagged for overriding in production. CORS middleware correctly rejects wildcards. The primary deduction is for the sheer number of secrets that require manual overriding for a secure production deployment, even if well-documented.
Updated: 2026-01-07GitHub
42
39
Low Cost
koki-develop icon

mmcp

by koki-develop

Sec9

Manages Model Context Protocol (MCP) server definitions in a central configuration and applies them to various AI agent tools.

Setup Requirements

  • ⚠️Requires npm or bun for installation.
  • ⚠️Relies on specific, predefined file paths for each supported agent's configuration, which might not be compatible with highly customized system setups.
  • ⚠️Users must understand that 'mmcp' configures agents to run commands; 'mmcp' itself does not execute the MCP server commands specified.
Verified SafeView Analysis
The tool primarily acts as a configuration manager, writing user-defined MCP server commands and arguments to local configuration files of various AI agents (e.g., Claude, Cursor, GitHub Copilot CLI). It does not directly execute these user-provided commands itself. The security risk lies with the user providing malicious commands which are then executed by the target AI agent, not by 'mmcp'. File system interactions are limited to reading/writing known configuration file paths in the user's home directory. No 'eval' or direct arbitrary command execution by 'mmcp' itself was found. Input validation is present for environment variables.
Updated: 2026-01-05GitHub
42
34
High Cost
JustasMonkev icon
Sec3

Automated web accessibility scanning and browser automation using Playwright and Axe-core, enabling LLMs to perform WCAG compliance checks and generate reports.

Setup Requirements

  • ⚠️Requires Node.js >=18.0.0.
  • ⚠️Requires Playwright-supported browsers to be installed (Chromium, Firefox, WebKit).
  • ⚠️Requires 'Playwright MCP Bridge' VS Code extension if `--extension` or `--vscode` flags are used.
  • ⚠️Requires correct JSON configuration for the MCP client (e.g., Claude Desktop).
Review RequiredView Analysis
The `browser_evaluate` tool allows arbitrary JavaScript execution within the browser's context. While Playwright provides isolation from the host machine, malicious scripts could still perform actions like data exfiltration from the loaded web page or contribute to browser-level exploits if not carefully sandboxed and monitored by the orchestrating LLM. More critically, the `mdb_push_tools` tool, used in advanced configurations, allows the dynamic loading of additional MCP servers from a specified URL (`mcpUrl`). This presents a significant supply chain risk; if an attacker could coerce an LLM to call `mdb_push_tools` with a malicious or compromised `mcpUrl`, it could lead to the execution of arbitrary code within the Node.js process running this server, potentially compromising the host system. This is a critical vulnerability if the LLM's access to this tool is not severely restricted and monitored. Other network connection capabilities like `remoteEndpoint` and `cdpEndpoint` could also introduce risks if connected to untrusted sources, though these are configuration-dependent.
Updated: 2026-01-14GitHub
42
48
Medium Cost
1xn-labs icon

1xn-vmcp

by 1xn-labs

Sec4

An open-source platform for composing, customizing, and extending multiple Model Context Protocol (MCP) servers into a single logical, virtual MCP server, enabling fine-grained context engineering for AI workflows and agents.

Setup Requirements

  • ⚠️Requires Python 3.10 to 3.13.
  • ⚠️Requires `uv` (recommended) or `pip` for package installation.
  • ⚠️For full functionality (e.g., running integration tests or interacting with external MCPs), external MCP servers are required.
Review RequiredView Analysis
The server includes functionality for 'custom Python tools' which executes user-provided Python code using the `exec` function. While there are explicit efforts to sandbox this execution (`secure_exec` function attempts to restrict imports and system calls), arbitrary code execution inherently carries significant security risks. A sophisticated attacker might find ways to bypass these sandbox limitations, potentially leading to remote code execution. This feature, while intended for customization, requires careful consideration regarding trust in the users providing the Python code and the environment where the server is deployed. The system also acts as a proxy for external MCP servers, necessitating trust in those upstream services.
Updated: 2025-12-24GitHub
PreviousPage 79 of 713Next