Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

42
11
High Cost
aserper icon

RTFD

by aserper

Sec7

Provides AI coding agents with real-time access to up-to-date library and service documentation from various package ecosystems and cloud platforms to prevent LLM hallucinations and use of outdated APIs.

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️GitHub API rate limits are severely restricted (60 requests/hour) without a `GITHUB_TOKEN` environment variable. A token increases the limit to 5000 requests/hour.
  • ⚠️Inherent risk of indirect prompt injection and potential malicious code execution when processing external documentation from untrusted sources in autonomous agent modes. Mitigations (`RTFD_FETCH=false`, `VERIFIED_BY_PYPI=true`) are available but require explicit configuration.
Verified SafeView Analysis
This MCP server's core function is to fetch documentation and code from external, potentially untrusted sources (GitHub, PyPI, npm, etc.) for processing by an AI agent. This introduces significant risks, including indirect prompt injection and the potential for malicious code execution if the agent operates autonomously or processes unverified content without human oversight. The server itself avoids obvious direct vulnerabilities like arbitrary `eval()` on untrusted input or hardcoded API keys. It uses `subprocess.run` only for `gh auth token` which is a specific, generally safe operation. However, the inherent risk of its functionality means agents can be exposed to hostile content. Mitigation strategies like `RTFD_FETCH=false` (disables content fetching) and `VERIFIED_BY_PYPI=true` (restricts PyPI sources to verified ones) are provided but require explicit configuration.
Updated: 2026-01-16GitHub
42
32
Low Cost
Robotti-io icon
Sec6

This MCP server provides a toolkit to guide GitHub Copilot toward secure coding practices by offering customizable security-focused prompts and agents for integration into development workflows.

Setup Requirements

  • ⚠️Requires Node.js >=22.0.0.
  • ⚠️Requires manual `.env` configuration; critical to change default SSL passphrase and AMQP credentials for production.
  • ⚠️Requires VSCode configuration for MCP server URL to integrate with Copilot.
Verified SafeView Analysis
The server demonstrates a strong intent for security by focusing on secure coding practices and using `zod` for input schema validation (e.g., prompt names). However, there are critical security concerns regarding default configurations and logging practices: 1) The `reqInfo` middleware captures the entire `req.body` for all requests to `/mcp` POST endpoint, which is then logged by default via `logger.info`. If sensitive data is included in JSON-RPC requests, this could lead to information leakage. 2) The `.env.example` file specifies a default `server.ssl.pfx.passphrase` of 'PFX_PASSPHRASE' and default AMQP credentials ('guest'/'guest'). Using these defaults in a production environment would be a severe security vulnerability. While the documentation notes these need customization, they represent insecure-by-default settings.
Updated: 2026-01-14GitHub
42
14
Low Cost
vercel-labs icon
Sec8

This server acts as a Model Context Protocol (MCP) tool to assist developers in migrating projects from AI SDK 4.x to AI SDK 5.0, primarily designed for use with Cursor or other compatible MCP clients.

Setup Requirements

  • ⚠️Requires an MCP-compatible client like Cursor to utilize its tools effectively.
  • ⚠️Local development requires `pnpm` and a Node.js runtime environment.
Verified SafeView Analysis
The server's primary function involves generating markdown checklists and searching local documentation. It does not use `eval` or process untrusted code on the server side. The `create-checklist` tool instructs the *client* to run a `curl` command to download content, meaning the server itself is not executing arbitrary commands. The search tools construct regular expressions from user queries, which can introduce a minor ReDoS (Regular Expression Denial of Service) risk if not carefully handled, but the implementation appears to mitigate this by splitting queries into individual words before regex creation, reducing the likelihood of complex, exploitable patterns. No hardcoded secrets were found; environment variables are used for configuration.
Updated: 2025-12-12GitHub
42
14
Medium Cost
greenfieldlabs-inc icon

savecontext

by greenfieldlabs-inc

Sec8

Provides persistent memory, issue tracking, and project planning for AI coding assistants via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Bun runtime.
  • ⚠️Semantic search feature requires additional setup (Ollama with 'nomic-embed-text' model or a HuggingFace API token).
  • ⚠️Claude Code statusline integration requires Python 3.x to be installed and available.
Verified SafeView Analysis
The server operates locally using SQLite for data storage, enhancing privacy. It communicates via stdio (standard input/output), which is generally secure for inter-process communication. Optional features for semantic search involve network calls to Ollama (local server) or HuggingFace (cloud API), configurable via environment variables. CLI setup scripts modify local user configuration files and execute system commands (e.g., `git`, `python`, `bunx`). These operations are standard but require user trust, as they perform system-level changes. No hardcoded secrets or obvious malicious patterns were found. The local web UI (`dashboard`) is intended for single-user local access, implying local network security should be managed by the user if it's exposed.
Updated: 2026-01-12GitHub
42
19
High Cost
marcindulak icon

stt-mcp-server-linux

by marcindulak

Sec6

Local speech-to-text server for Linux, designed to integrate with Claude Code via the MCP protocol or run in standalone mode to inject transcribed text into a Tmux session.

Setup Requirements

  • ⚠️Requires Docker Engine or Docker Desktop for containerized operation.
  • ⚠️Requires Tmux for text injection into terminal sessions.
  • ⚠️Linux-only due to direct dependencies on `/dev/input` and `/dev/snd` device files.
  • ⚠️An initial download of the Whisper 'tiny' model (approx. 75 MB) to `~/.stt-mcp-server-linux/whisper` is required.
Review RequiredView Analysis
The `scripts/restart_mcp_server.sh` uses `eval` to execute the constructed `docker run` command, which is a shell anti-pattern that can lead to command injection vulnerabilities if any of the variables composing `$DOCKER_CMD` were ever sourced from untrusted input. The server requires the Docker container to have direct access to sensitive host devices (`/dev/input` for keyboard monitoring and `/dev/snd` for audio recording) and adds the container user to the `input` group. This grants the container high privileges to interact with the host's hardware, increasing the potential attack surface if the container were compromised. While `TmuxOutputHandler` implements robust input sanitization to prevent command injection when injecting transcribed text into Tmux, the underlying system setup involves elevated privileges and a potentially dangerous shell construct.
Updated: 2026-01-10GitHub
42
42
Medium Cost
buildkite icon
Sec9

An MCP server that exposes Buildkite CI/CD data (pipelines, builds, jobs, tests) to AI tooling and editors for enhanced context and automation.

Setup Requirements

  • ⚠️Buildkite API Token: Requires a `BUILDKITE_API_TOKEN` or `BUILDKITE_API_TOKEN_FROM_1PASSWORD` environment variable for authentication.
  • ⚠️Docker (recommended): The server is designed for containerized deployment, implying Docker or a compatible runtime is beneficial.
  • ⚠️1Password CLI (conditional): If `BUILDKITE_API_TOKEN_FROM_1PASSWORD` is used, the `op` (1Password CLI) binary must be installed and configured.
Verified SafeView Analysis
The server relies on a Buildkite API token for authentication, requiring careful management of this secret. The `op` (1Password CLI) execution for fetching secrets is controlled and not arbitrary code execution. The README actively recommends running the server in a container (from a Chainguard static image, as an unprivileged user), which are strong security practices for deployment. No direct `eval` or similar dangerous patterns for arbitrary code execution were found.
Updated: 2026-01-09GitHub
41
5
Low Cost
tairqaldy icon

codearchitect-mcp

by tairqaldy

Sec9

Automatically saves and retrieves AI conversation sessions from IDEs (Cursor, VS Code) to provide context continuity and build a searchable knowledge base for developers.

Setup Requirements

  • ⚠️Requires Node.js v18+.
  • ⚠️Requires manual export of chat from IDE to `~/.codearchitect/exports/` before `store_session` can auto-detect it.
  • ⚠️Requires `npx` to be executable and configured correctly within the IDE's MCP server settings.
Verified SafeView Analysis
The server uses `validatePath` to prevent directory traversal attacks by ensuring all file operations occur strictly within designated, fixed base directories (`~/.codearchitect/sessions/` and `~/.codearchitect/exports/`) or explicitly provided `projectDir` paths, which are also validated. No `eval` or obvious obfuscation was found. Communication is via the Model Context Protocol (likely IPC/stdio), reducing direct network attack surface. File system access is carefully managed within the user's home directory.
Updated: 2025-12-01GitHub
41
14
Low Cost
stacklok icon
Sec8

The central metadata hub for enterprise Model Context Protocol (MCP) server governance and discovery, implementing the official MCP Registry API specification.

Setup Requirements

  • ⚠️Requires PostgreSQL database setup, including specific user roles (`toolhive_registry_server`) which can be configured manually or via `prime-db` command.
  • ⚠️Database passwords are managed securely via PostgreSQL's `.pgpass` file, which requires specific file format and permissions setup.
  • ⚠️Authentication is OAuth 2.0/OIDC by default; requires an identity provider (e.g., Okta, Auth0, Kubernetes service accounts) unless explicitly configured for `anonymous` mode.
  • ⚠️For Docker Compose, `task docker-up` is recommended over `docker-compose up` directly to ensure a fresh state by rebuilding images and clearing volumes.
Verified SafeView Analysis
The project emphasizes security with clear guidelines (`SECURITY.md`), OAuth 2.0/OIDC authentication enabled by default, and recommendations for production (`sslMode: verify-full`, `pgpass`). However, default hardcoded passwords (`app_password`, `migration_password`) are present in `docker/postgres-init.sh` for initialization, which, while common in examples, is a minor concern if not replaced in production. Some example `permissions` configurations for MCP servers in the registry data allow `insecure_allow_all`, highlighting a potential for misconfiguration within the ecosystem the server manages, rather than the server itself.
Updated: 2026-01-19GitHub
41
22
Low Cost
dswbx icon

jsonv-ts

by dswbx

Sec9

Provides a type-safe JSON Schema builder and validator in TypeScript, with integrated Hono middleware for OpenAPI generation and request validation, and an MCP (Model Context Protocol) server/client for agent-based interactions.

Setup Requirements

  • ⚠️Requires Bun runtime for direct execution of provided examples and test suite.
  • ⚠️`hono` is used for HTTP transport and OpenAPI integration, and must be installed if these features are utilized.
  • ⚠️MCP Client's `fetch` method may require polyfilling or specific Node.js configuration if not running in Bun or a browser environment.
Verified SafeView Analysis
The library primarily enhances security through robust JSON schema validation and type-safety. No direct use of `eval` or obvious code injection vectors were found within the MCP-related source code. The `RegExp` constructor is used for pattern validation, which is a potential ReDoS vector if patterns are derived from unsanitized user input, but in typical usage, patterns are developer-defined in the schema. Logging mechanisms could potentially expose sensitive data if not configured appropriately at the application layer.
Updated: 2025-12-02GitHub
41
24
Medium Cost
portone-io icon

mcp-server

by portone-io

Sec8

Provides PortOne documentation and API access to Large Language Models (LLMs) to assist users with payment integration and queries.

Setup Requirements

  • ⚠️Requires Node.js 22.6.0 or higher.
  • ⚠️When using Claude Desktop with a DXT file, a known issue requires disabling 'Use built-in Node.js for MCP' in settings and restarting.
  • ⚠️Console features (e.g., channel listing, payment lookup) require browser-based login to the PortOne console via an OAuth flow initiated locally.
Verified SafeView Analysis
The server includes an OAuth flow for console features that opens a browser for user login and sets up a local HTTP server to receive the callback. This is a standard pattern, and the code uses `crypto.getRandomValues` for the code verifier, indicating good practices. API secrets are expected to be managed via environment variables. The README explicitly warns that third-party AI services might use API responses for model training, and the server attempts to identify and remove personal information, which is a positive security-enhancing measure.
Updated: 2026-01-15GitHub
41
26
High Cost
vgiri2015 icon
Sec2

Optimizes Apache Spark code for performance using an AI model (Claude) via a client-server architecture, including performance analysis and comparison.

Setup Requirements

  • ⚠️Requires a paid Anthropic API Key (`ANTHROPIC_API_KEY`).
  • ⚠️Requires a Python environment with PySpark, which typically means Java needs to be installed for Spark to run.
Review RequiredView Analysis
CRITICAL: The `run_optimized.py` script uses `exec(open(code_path).read())` to execute both original and AI-optimized Spark code files. This allows arbitrary code execution if `spark_code_input.py` or the AI-generated `optimized_spark_code.py` contain malicious code. This makes the system extremely unsafe to run with untrusted inputs or AI models without robust sandboxing. API keys are handled via environment variables, which is good practice.
Updated: 2025-12-05GitHub
41
27
Medium Cost
tan-yong-sheng icon

triliumnext-mcp

by tan-yong-sheng

Sec8

Provides AI assistants with tools to interact with TriliumNext Notes instances, enabling automated knowledge management and content manipulation.

Setup Requirements

  • ⚠️Requires a running TriliumNext Notes instance accessible via API.
  • ⚠️Requires a valid `TRILIUM_API_TOKEN` obtained from Trilium Notes settings.
  • ⚠️For some MCP clients (e.g., Claude Code), `MCP_TIMEOUT` and `MCP_TOOL_TIMEOUT` may need to be increased (e.g., to 60000ms and 300000ms respectively) to prevent timeouts.
  • ⚠️File and image note creation is currently temporarily disabled due to API implementation challenges with Trilium's ETAPI.
Verified SafeView Analysis
The server employs Zod for robust runtime input validation across all tool parameters, which is a strong security measure against common injection attacks. Permission checks are granular for READ/WRITE operations. Update operations require an `expectedHash` to prevent concurrent modification conflicts, enhancing data integrity. Past challenges with file/image uploads led to their temporary disablement, which mitigates potential path traversal or arbitrary file access risks associated with `fileUri` handling. Re-enabling file uploads would require extremely rigorous path validation. The primary remaining risk is the `TRILIUM_API_TOKEN`, which grants full access to the TriliumNext instance; it must be securely managed in the environment.
Updated: 2026-01-19GitHub
PreviousPage 80 of 713Next