Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

41
10
Low Cost
missdeer icon

codex-mcp-rs

by missdeer

Sec9

This server acts as an MCP (Model Context Protocol) wrapper for the Codex CLI, enabling AI-assisted coding tasks through compatible clients like Claude Code.

Setup Requirements

  • ⚠️Requires Codex CLI to be installed and configured on the system.
  • ⚠️Requires an MCP client (e.g., Claude Code) for interaction.
  • ⚠️Rust 1.70+ required for building from source.
  • ⚠️The `npm` installation process relies on `tar` (Linux/macOS) or `PowerShell` (Windows) for binary extraction, and optionally uses `GITHUB_TOKEN` to prevent GitHub API rate limits during download.
Verified SafeView Analysis
The server implements strong security practices including explicit sandbox policies ('read-only' by default, 'workspace-write', 'danger-full-access'), environment variable controls for dangerous features, and input validation for paths. It uses `std::process::Command` with `Command::arg()` for subprocess execution which handles argument escaping securely. The `npm/run.js` script uses `spawn` with path escaping for archive extraction, and GitHub downloads are performed over HTTPS. Output line limits are in place to prevent memory exhaustion. The primary security consideration is the use of 'danger-full-access' mode by the underlying Codex CLI, which is explicitly opt-in via an environment variable `CODEX_ALLOW_DANGEROUS` and defaults to disabled.
Updated: 2026-01-18GitHub
41
26
High Cost
OHNLP icon

omop_mcp

by OHNLP

Sec8

Maps clinical terminology to OMOP (Observational Medical Outcomes Partnership) concepts using Large Language Models (LLMs) via the Model Context Protocol (MCP) server.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid) or Azure OpenAI credentials.
  • ⚠️Requires 'uv' (https://docs.astral.sh/uv/getting-started/installation/) to be installed.
  • ⚠️Requires Python 3.12 or higher.
Verified SafeView Analysis
The server makes external HTTP requests to known OMOP resources (Athena OHDSI) which is appropriate. API keys are managed through environment variables via `dotenv`. The `batch_map_concepts_from_csv` tool takes a `csv_path` as an argument; if the server were exposed publicly to untrusted users without input validation, this could potentially be leveraged for arbitrary local file access (e.g., path traversal). However, the intended use case (e.g., Claude Desktop integration) implies a local or controlled environment where this risk is mitigated.
Updated: 2026-01-17GitHub
41
135
High Cost
ilanbenb icon

wa_llm

by ilanbenb

Sec8

An AI-powered WhatsApp bot that joins groups, summarizes conversations, and answers questions using a knowledge base.

Setup Requirements

  • ⚠️Requires PostgreSQL with `pgvector` extension installed.
  • ⚠️Requires Python 3.12+.
  • ⚠️Requires API keys for Voyage AI (for embeddings) and Anthropic (for LLM interactions), both are paid services.
  • ⚠️Docker and Docker Compose are required for the easiest setup.
  • ⚠️Requires manual database update (`UPDATE public."group" SET managed = true WHERE group_name = 'Your Group Name';`) to activate the bot for a specific group.
  • ⚠️Requires restarting the `web-server` service after connecting the WhatsApp device or activating a group.
Verified SafeView Analysis
The application handles secrets via environment variables, which is a good practice. Database interactions using SQLAlchemy's `text()` method with parameterized queries are correctly implemented to prevent SQL injection. Webhook endpoint `/webhook` is exposed, typical for such applications. The `WhatsAppClient` communicates with an external WhatsApp API, requiring trust in that external service. Some `docker-compose.base.yml` configurations use default credentials (`admin:admin` for WhatsApp API basic auth, `user:password` for Postgres) which are primarily for local development and are intended to be overridden by `.env` files in production/deployment, but could be a minor risk if deployed without proper `.env` configuration. `eval` or similar dangerous functions were not found.
Updated: 2025-12-30GitHub
41
12
Medium Cost
YosefHayim icon

ebay-mcp

by YosefHayim

Sec8

Enables AI assistants to manage eBay selling operations, including inventory, orders, marketing, and analytics, through a Model Context Protocol (MCP) server.

Setup Requirements

  • ⚠️Requires an eBay Developer Account and API credentials (Client ID, Client Secret, Redirect URI/RuName).
  • ⚠️Requires a multi-step OAuth 2.0 Authorization Code Flow for user tokens, involving browser interaction to grant permissions.
  • ⚠️Requires Node.js (version 18 or higher).
  • ⚠️Environment variables must be securely configured (e.g., in a `.env` file).
Verified SafeView Analysis
The server acts as a proxy for eBay APIs, relying heavily on environment variables for sensitive credentials (eBay Client ID/Secret, OAuth Refresh Token). These are appropriately excluded from version control via `.gitignore`. The application uses `helmet` for basic Express security and `cors` with `origin: '*'` in development, which is explicitly noted as a potential production issue in comments. OAuth 2.1 is implemented with token introspection/JWT validation and automatic token refreshing. No direct `eval` or obvious malicious patterns were found. Interactive setup scripts handle sensitive data entry and `.env` file updates responsibly. The general security posture is good for an open-source project of this nature, but the inherent risk of handling API credentials and the `cors` setting warrant caution for production deployment.
Updated: 2026-01-18GitHub
41
25
Low Cost
stagsz icon
Sec9

Facilitates context-efficient generation, branching, and searching of unconventional thoughts for AI problem-solving.

Setup Requirements

  • ⚠️Requires Node.js & npm for building and execution.
  • ⚠️Requires manual configuration of Claude Desktop's `claude_desktop_config.json` with an absolute path to the compiled server binary.
  • ⚠️Server uses `process.cwd()` for data storage, so its behavior depends on the directory from which it is launched by Claude Desktop.
Verified SafeView Analysis
The server communicates via standard I/O (stdio) instead of network ports, significantly reducing direct network attack surface. It primarily performs local file operations within a dedicated '.thoughts' directory relative to its working directory. No 'eval' or similar dangerous functions are present. No hardcoded secrets or sensitive API keys are found in the source. The file system access is constrained and transparent, posing minimal risk when run as intended by a trusted parent process like Claude Desktop.
Updated: 2025-11-24GitHub
41
2
Low Cost
AnandChowdhary icon
Sec8

An MCP server that allows AI assistants to manage GitHub Stars contributions and profile links through natural language interaction.

Setup Requirements

  • ⚠️Requires Node.js v18 or later
  • ⚠️Requires a GitHub Stars API token, obtained from stars.github.com/profile
Verified SafeView Analysis
No direct source code for the main application logic (`github-stars-contributions-mcp.mjs`) was provided, limiting a full deep dive. However, analysis of `package.json` and `package-lock.json` reveals standard, reputable dependencies, including `express-rate-limit` for API protection. Secrets (GitHub Stars Token) are configured via environment variables, which is a good security practice. No obvious malicious patterns, obfuscation, or hardcoded secrets were found in the provided files.
Updated: 2025-12-02GitHub
41
49
Low Cost
AterDev icon

ater.dry.cli

by AterDev

Sec8

A .NET-based development assistance tool that streamlines front-end and back-end service creation through code generation, LLM integration, and provides command-line, Web UI, and MCP server interfaces.

Setup Requirements

  • ⚠️Requires .NET SDK 10 (specifically 10.0.100-rc.2.25502.107 or later feature/prerelease version)
  • ⚠️Requires PowerShell 7.0 or higher for running development scripts
  • ⚠️Requires installation as a dotnet global tool via 'dotnet tool install --global perigon.cli' before running
Verified SafeView Analysis
The server runs locally, exposing ports 19160 (or 9160) for its Web UI and MCP Server. This limits direct external network exposure. No hardcoded secrets or obvious malicious patterns are visible in the provided code snippets. The mention of LLM technology could introduce prompt injection risks if not properly implemented, and user-defined Razor templates could be a vector for malicious code if a user intentionally uses them. However, for a local development tool, it appears reasonably secure.
Updated: 2026-01-19GitHub
41
2
Medium Cost
Shin-sibainu icon
Sec9

Analyze iOS/macOS app performance, sales, reviews, and TestFlight data via App Store Connect API.

Setup Requirements

  • ⚠️Requires manual setup of an App Store Connect API Key (Issuer ID, Key ID, .p8 file download - a one-time process).
  • ⚠️Requires Node.js version 18.0.0 or higher.
  • ⚠️Requires specific environment variables for authentication: APP_STORE_CONNECT_ISSUER_ID, APP_STORE_CONNECT_KEY_ID, and either APP_STORE_CONNECT_PRIVATE_KEY_PATH (path to .p8 file) or APP_STORE_CONNECT_PRIVATE_KEY (content of .p8 file).
  • ⚠️The APP_STORE_CONNECT_VENDOR_NUMBER environment variable is required for sales and finance reports.
Verified SafeView Analysis
The server uses environment variables for sensitive API keys, employs Zod for robust input validation, and correctly handles API authentication including special cases like S3 signed URLs for analytics data without sending unnecessary headers. It utilizes standard and well-audited libraries for JWT generation and HTTP requests. No critical vulnerabilities like 'eval' or hardcoded secrets were identified.
Updated: 2025-11-30GitHub
41
24
Medium Cost
blockscout icon

mcp-server

by blockscout

Sec9

Provides AI agents and development tools with contextual, curated access to blockchain data (balances, tokens, NFTs, contract metadata, transactions, logs) across multiple EVM-compatible chains via Blockscout APIs.

Setup Requirements

  • ⚠️Requires Python 3.11+.
  • ⚠️Requires Docker for containerized deployment, or a local Python environment for direct installation.
  • ⚠️Requires network connectivity to Blockscout (and related Chainscout, BENS, Metadata) APIs.
  • ⚠️Client-side configuration is needed for AI platforms (e.g., ~/.gemini/settings.json for Gemini CLI, or Connector installation for Claude).
  • ⚠️Claude Connector integration requires a paid Claude plan.
Verified SafeView Analysis
The server is designed as a wrapper for external Blockscout APIs. It implements several safety measures: no direct 'eval()' or obfuscation found; external API calls include timeouts and retries; API keys are expected via environment variables ('BLOCKSCOUT_BS_API_KEY'), preventing hardcoding. The 'direct_api_call' tool provides access to a curated list of Blockscout endpoints, not arbitrary URLs, mitigating SSRF risks, and enforces a response size limit for AI clients (with an explicit bypass header for REST clients). 'read_contract' uses web3.py for read-only 'eth_call' operations with input validation. Anonymous telemetry data (tool name, args, client info, IP for geolocation) is collected by default but offers an opt-out. No personal data, secrets, or private keys are collected. Overall, the design shows a proactive approach to security in an external API integration context.
Updated: 2026-01-17GitHub
41
26
Medium Cost
vectara icon

vectara-mcp

by vectara

Sec9

Vectara MCP Server enables AI systems to interact seamlessly with Vectara's RAG platform for reduced hallucination, functioning as an open standard Model Context Protocol server.

Setup Requirements

  • ⚠️Requires `VECTARA_API_KEY` environment variable for Vectara API access.
  • ⚠️Requires `VECTARA_CORPUS_KEYS` environment variable (comma-separated) for RAG queries.
  • ⚠️Requires Python 3.11 or higher.
  • ⚠️For local development with Claude Desktop, `STDIO` transport must be explicitly enabled and configured in Claude's `mcpServers` settings.
Verified SafeView Analysis
The server demonstrates a strong 'secure by default' approach. It includes comprehensive documentation on security best practices (`SECURITY.md`), enforces bearer token authentication by default for HTTP/SSE transports, and warns explicitly against disabling authentication or using STDIO transport in production. It utilizes secure SSL contexts for API calls, runs as a non-root user in Docker, and supports CORS configuration and rate limiting. No direct 'eval' or obvious malicious patterns were found.
Updated: 2025-12-05GitHub
41
16
Low Cost
SAP icon
Sec8

Provides AI agents with comprehensive SAP Mobile Development Kit (MDK) knowledge and tools to assist in MDK application development, including project creation, artifact generation (pages, actions, i18n, rules), project management (build, deploy, validate, migrate), and documentation access.

Setup Requirements

  • ⚠️Requires Yeoman (`yo@4.3.1`) to be installed globally for MDK project or entity generation.
  • ⚠️Manual creation of an `AGENTS.md` file is highly recommended for proper AI agent guidance and to ensure optimal project interaction.
  • ⚠️Integration with SAP Mobile Services (including installing the VS Code MDK extension, Cloud Foundry CLI, and generating a `.service.metadata` file via the Mobile App Editor) is required for OData-related project creation and generation tools to function.
Verified SafeView Analysis
The server employs robust security measures, particularly for executing external commands and parsing user-provided data. It uses Zod for input validation, sanitizes file paths (`validateAndSanitizePath`), and whitelists executable commands and their arguments (`validateCommandArgs`) to prevent command injection and directory traversal. XML and JSON parsing include protections against XXE, entity expansion, and size/nesting depth limits (`safeXmlParse`, `safeJsonParse`). However, the inherent use of `execSync` to run external system commands, while heavily fortified, still presents an elevated risk surface that prevents a perfect score.
Updated: 2026-01-19GitHub
41
26
Medium Cost
martin-papy icon

qdrant-loader

by martin-papy

Sec8

A Model Context Protocol (MCP) server that provides advanced Retrieval-Augmented Generation (RAG) capabilities to AI development tools by bridging a QDrant knowledge base for intelligent, context-aware search.

Setup Requirements

  • ⚠️Requires a QDrant instance (local or cloud) running and accessible.
  • ⚠️Requires an LLM API Key (e.g., OpenAI, Azure OpenAI, Ollama) which incurs usage costs for embeddings and advanced AI features.
  • ⚠️Requires Python 3.12+ for installation.
Verified SafeView Analysis
The server follows good security practices for credential management by exclusively using environment variables and implementing redaction of sensitive information in logs. By default, it binds to localhost for stdio transport, minimizing network exposure. For HTTP transport, origin validation and CORS middleware are configured. No direct dynamic code execution from user input ('eval' or similar) was identified, reducing RCE risks. The system relies on external LLM APIs and QDrant, requiring secure configuration of these external services. While input validation is present via Pydantic schemas for arguments, robust sanitization within each search tool's logic for all user-provided string arguments is always a critical consideration, though the RAG nature of the server inherently limits execution of arbitrary code.
Updated: 2026-01-13GitHub
PreviousPage 82 of 713Next