Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

41
23
Low Cost
joehaddad2000 icon

claude-todo-emulator

by joehaddad2000

Sec8

Provides persistent task management for AI coding assistants within IDEs like Cursor and Windsurf by emulating Claude Code's todo system.

Setup Requirements

  • ⚠️Requires Python 3.11 or higher.
  • ⚠️Relies on 'uvx' (uv install) to be available in the environment for easy execution.
  • ⚠️Automatically modifies project files like `.gitignore`, `.cursor/rules/`, and `AGENTS.MD` in the workspace directory.
Verified SafeView Analysis
The server primarily operates on local files within the detected workspace. It writes to a specific JSON file (.mcp-todos.json), updates .gitignore, and copies/prepends content to .cursor/rules/ and AGENTS.MD. Content written is static from package resources, not user-controlled input, reducing injection risks. While modifying project files automatically could be seen as a risk by some, it is explicitly documented and core to its functionality. No 'eval' or other highly dangerous functions are used.
Updated: 2025-11-21GitHub
41
25
Medium Cost
PradeepaRW icon

project-nova

by PradeepaRW

Sec8

Manages Paperless-NGX documents by providing an MCP server that exposes an SSE endpoint for integration with n8n, enabling AI agents to search, upload, and manage documents, tags, correspondents, and document types.

Setup Requirements

  • ⚠️Requires a running Paperless-NGX instance with API access enabled.
  • ⚠️Requires a valid Paperless-NGX API token for authentication.
  • ⚠️Requires Docker and Docker Compose to run the containerized solution.
  • ⚠️Requires Node.js runtime for the underlying MCP server package (@nloui/paperless-mcp) and the `supergateway` utility.
Verified SafeView Analysis
The `PAPERLESS_TOKEN` is a sensitive API key configured via an environment variable. While this prevents hardcoding, for production environments, Docker secrets or a dedicated secret management solution are recommended. The server exposes an SSE endpoint, and network access controls (e.g., firewalls, internal Docker networks) should be properly configured by the user to restrict access. No explicit 'eval' or malicious patterns were found in the provided (truncated/summarized) source code. The underlying `@nloui/paperless-mcp` is an npm package, and its security depends on its maintainer.
Updated: 2026-01-19GitHub
41
21
Medium Cost
Ashif4354 icon

StreamStorm

by Ashif4354

Sec6

Automate mass messaging (spamming) in YouTube live stream chats.

Setup Requirements

  • ⚠️Requires an AI Provider API Key (e.g., OpenAI, Anthropic, Google) for AI features (message/channel name generation).
  • ⚠️Requires Google Account Login (via browser or cookie files) for YouTube interaction.
  • ⚠️For Linux, requires manual installation of Python, PyQt5, QtWebEngine, and other dependencies (e.g., `python3-pyqt5 python3-pyqt5.qtwebengine libqt5webkit5 python3-xlib scrot python3-tk python3-dev`). For other OS, `uv` dependency manager handles most Python dependencies.
Review RequiredView Analysis
The application is explicitly designed for abuse and states 'No terms respected. No ethics included.' This poses significant legal and ethical risks to the user, not necessarily technical vulnerabilities in the code itself. It utilizes anonymous analytics and telemetry services (Firebase Analytics, Atatus) which transmit user activity and error data to third parties, although described as anonymous. API keys for AI providers are configured and stored locally via the UI, not hardcoded. The frontend connects to a configurable backend host, defaulting to localhost. Browser automation with `undetected_chromedriver` or `playwright` is used, which can bypass bot detection, further enabling its abusive purpose.
Updated: 2026-01-19GitHub
41
14
High Cost
Dwsy icon
Sec8

Provides a Model Context Protocol (MCP) server to enhance Magic-API development workflows, enabling advanced interactions for script writing, API management, debugging, and deployment.

Setup Requirements

  • ⚠️Requires an existing Magic-API backend server to connect to.
  • ⚠️Python 3.10+ is required (3.11/3.12 recommended).
  • ⚠️The 'uv' tool is recommended for dependency management and execution.
  • ⚠️Network access from the MCP server to the Magic-API server is essential for functionality.
Verified SafeView Analysis
The server handles sensitive information like usernames, passwords, and tokens via environment variables, which is a good practice. It interacts with a backend Magic-API that executes scripts, but the MCP server itself does not directly execute arbitrary user-provided scripts in its own process. Default URLs are localhost, limiting direct network exposure without explicit configuration. The graceful shutdown mechanism also contributes to stability.
Updated: 2025-12-15GitHub
41
23
Medium Cost
nunyabiznessyoubeezy icon

mcp-server-macos-use

by nunyabiznessyoubeezy

Sec8

An AI agent designed to control a macOS computer using OS-level tools, compatible with the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires macOS (v13 or newer) and a Swift development environment (Xcode) if building from source.
  • ⚠️Requires the `MacosUseSDK` package to be located in a sibling directory (`../MacosUseSDK`) if building from source.
  • ⚠️Requires granting Accessibility permissions for the server application to control the OS.
Verified SafeView Analysis
The server communicates via standard I/O (StdioTransport), which reduces direct network attack surface. No 'eval' or explicit hardcoded secrets are visible in the provided code. However, the server is designed to perform inherently high-privilege OS-level operations (opening applications, clicking, typing, pressing keys). If the AI agent is compromised or misused, it could lead to unauthorized system control. The security of the underlying `MacosUseSDK` is assumed.
Updated: 2025-12-15GitHub
41
13
Low Cost
marianfoo icon
Sec9

This is a Middleman Control Plane (MCP) server for SAP consultants, designed to integrate various SAP-related functionalities (e.g., SAP Notes, ABAP ADT, S4/HANA OData) as conversational agents or tools within the LibreChat platform, including authentication via OpenID Connect and managing permissions.

Setup Requirements

  • ⚠️Requires complex Docker setup including a Playwright-enabled container for certain SAP services, which involves installing Git, Node.js, npm dependencies, and Chromium browser within the container.
  • ⚠️Extensive environment variable configuration is necessary for various SAP connections (URL, username, password, client, language, certificates) and OpenID Connect settings (client ID, secret, issuer).
  • ⚠️Database interaction uses Mongoose, implying a MongoDB instance is required for persistent storage of data schemas, models, and types.
Verified SafeView Analysis
The server employs robust security measures including JWT-based authentication, OpenID Connect for federated logins, comprehensive middleware for input validation, moderation, rate limiting, and access control (ACLs based on roles and resource types). Sensitive configurations like PFX passphrases and API keys are expected to be environment variables, not hardcoded. Image handling, including avatars and content, includes validation and JWT-protected access paths to prevent traversal. The overall architecture demonstrates a strong focus on secure practices for an open-source project. Potential risks typically stem from misconfiguration or reliance on external dependencies (e.g., Playwright container setup, external OAuth providers), rather than inherent code vulnerabilities.
Updated: 2026-01-19GitHub
41
23
Medium Cost
shuizhengqi1 icon

futu-stock-mcp-server

by shuizhengqi1

Sec9

A Model Context Protocol (MCP) server for accessing Futu OpenAPI functionality, providing standardized MCP protocol to AI models for market data subscription and querying, including trading capabilities.

Setup Requirements

  • ⚠️Requires a Futu Securities account with OpenAPI permissions.
  • ⚠️Requires Futu OpenD gateway installed and running on a specified host/port.
  • ⚠️Requires Python 3.10+.
Verified SafeView Analysis
No obvious hardcoded secrets. Employs robust stdout/stderr protection for MCP communication. Uses process locking and cleanup for self-management, which is generally safe but relies on `psutil`. Relies on a local `Futu OpenD` gateway for actual market data and trading, so the security of that external dependency is critical.
Updated: 2025-11-28GitHub
41
19
Medium Cost
aws-samples icon

sample-cfm-tips-mcp

by aws-samples

Sec9

A comprehensive Model Context Protocol (MCP) server for AWS cost analysis and optimization recommendations, designed to integrate with Kiro CLI and other MCP-compatible clients.

Setup Requirements

  • ⚠️Requires Python 3.8 or higher (3.11+ recommended for best performance).
  • ⚠️Requires specific AWS services to be enabled/subscribed for full functionality (e.g., Cost Optimization Hub enrollment, Trusted Advisor Business/Enterprise support plan, Performance Insights enabled on RDS instances).
  • ⚠️Requires comprehensive read-only IAM permissions across multiple AWS services for complete analysis.
Verified SafeView Analysis
The server demonstrates a strong commitment to security best practices. It explicitly enforces 'Read-Only Access' and 'Least Privilege' principles, providing detailed IAM policies for auditing. There are no indications of hardcoded production secrets (test credentials are used in examples). Network exposure is minimal, requiring only outbound HTTPS to AWS APIs. No 'eval' or other directly exploitable patterns were observed in the provided code snippets. The architecture relies on standard AWS SDK practices for credential management.
Updated: 2026-01-16GitHub
41
45
Medium Cost
aashari icon
Sec9

Connects AI assistants to Atlassian Confluence knowledge bases, enabling natural language interaction to query, search, and manage Confluence content.

Setup Requirements

  • ⚠️Requires an Atlassian API Token with appropriate permissions.
  • ⚠️Credentials (ATLASSIAN_SITE_NAME, ATLASSIAN_USER_EMAIL, ATLASSIAN_API_TOKEN) must be set as environment variables or in `~/.mcp/configs.json`.
  • ⚠️Only supports Confluence Cloud (on-premise/Data Center not supported).
Verified SafeView Analysis
The server follows good security practices by loading sensitive credentials (Atlassian API Token, email, site name) from environment variables or a local configuration file, avoiding hardcoded secrets. It performs authenticated API calls to Atlassian Cloud. There are no obvious signs of 'eval', code obfuscation, or malicious patterns. Raw API responses are saved to the `/tmp/mcp/` directory when responses are truncated, which is standard for temporary debug/context data but could lead to excessive disk usage if not managed externally in high-volume, debug-enabled scenarios.
Updated: 2026-01-07GitHub
41
2
Medium Cost
gitabozaid icon
Sec8

Provides semantic code search capabilities to AI coding assistants (like Claude Code) by indexing entire codebases into a vector database for deep contextual understanding, enhancing AI agents with relevant code context.

Setup Requirements

  • ⚠️Requires Node.js >= 20.0.0 and < 24.0.0 (incompatible with Node.js 24+)
  • ⚠️Requires an API key for an embedding provider (OpenAI, VoyageAI, Gemini are paid services) and a vector database (Zilliz Cloud API Key or local Milvus setup).
  • ⚠️Uses pnpm for dependency management, requiring its installation.
Verified SafeView Analysis
The primary MCP server (Node.js/TypeScript) uses standard file system and network operations essential for its code indexing and search functions. It handles API keys via environment variables. While Python evaluation scripts demonstrate `subprocess.run` for system commands (`grep`, `git`), this is within a controlled testing framework, not the deployed MCP server. The `ts_executor.py` is a test utility and not part of the deployed MCP server. No obvious vulnerabilities like arbitrary `eval` from user input were found in the main server logic. Requires typical file system and network permissions for its intended function.
Updated: 2025-11-26GitHub
41
26
Medium Cost
angrysky56 icon

ast-mcp-server

by angrysky56

Sec8

Provides an MCP (Model Context Protocol) server for code structure and semantic analysis using ASTs and ASGs, integrated with external AI clients like Claude Desktop.

Setup Requirements

  • ⚠️Requires Python 3.12 or higher.
  • ⚠️Requires manual building of Tree-sitter language parsers (`uv run build-parsers`).
  • ⚠️An OpenAI/OpenRouter API key (`OPENROUTER_API_KEY`) is required for LLM-powered features (USS Agent, AI summaries), incurring external costs.
  • ⚠️Optional Neo4j database setup and credentials are required for graph storage and advanced querying features.
  • ⚠️The `ast-grep-cli` tool needs to be available in the system's PATH for code transformation features, potentially requiring a separate installation.
Verified SafeView Analysis
The project uses `subprocess.run` to execute the `ast-grep` CLI tool for code transformation. This is handled by passing arguments as a list (not `shell=True`), which mitigates direct shell injection risks. However, executing external binaries with user-provided patterns/replacements inherently carries a risk, which depends on the trustworthiness of the `ast-grep` tool itself and the sanitization of user input by the client. Neo4j and OpenRouter API keys are correctly managed via environment variables. Multiple development-related scripts utilize `sys.path.insert(0, os.getcwd())`, a practice that can introduce path-based vulnerabilities if the current working directory is untrusted, though in a local development context, this is less critical.
Updated: 2026-01-19GitHub
41
19
Low Cost
biocontext-ai icon

registry

by biocontext-ai

Sec2

Registry for discovering Model Context Protocol (MCP) servers relevant to biomedical research, facilitating tool discovery and integration for AI assistants.

Setup Requirements

  • ⚠️Requires `uv` (a Python package installer/executor) and `pre-commit` for local development and validation setup.
  • ⚠️The registry's validation process can trigger local execution of arbitrary external commands (including downloading and running remote scripts) specified within the `mcp.json` configuration files of submitted MCP servers. Running the validation requires a highly isolated and secure environment.
  • ⚠️`yq` (a YAML processor) is required for the `build.sh` script to generate the `registry.json` file.
Review RequiredView Analysis
The core validation scripts (`src/schema_validation/get_mcp_tools.py` called by `check_remote_urls.py` and `filter_remote_urls.py`) are designed to interact with and list tools from user-provided MCP server configurations. If an `mcp.json` file specifies a `command` and `args` (e.g., using `uvx` or `npx` to download and execute remote Python/Node.js scripts, as seen in `servers/vrtejus-pymol-mcp/mcp.json`), the registry's automated validation pipeline will attempt to execute these arbitrary commands locally. This constitutes a severe remote code execution vulnerability for anyone running the registry's validation system against untrusted or malicious `meta.yaml` and `mcp.json` submissions.
Updated: 2026-01-12GitHub
PreviousPage 83 of 713Next