Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

41
23
Medium Cost
harness icon

mcp-server

by harness

Sec8

Provides an MCP (Model Context Protocol) interface for AI assistants and tools to interact with Harness APIs for advanced automation and development operations.

Setup Requirements

  • ⚠️Requires a Harness API Key (Personal Access Token) for authentication to interact with Harness APIs, implying dependency on a Harness account.
  • ⚠️Go 1.23 or later is required if building from source.
  • ⚠️Requires an MCP-compatible AI assistant or client (e.g., Gemini, Claude, Cursor) to be functional, as it acts as a tool provider for these systems.
Verified SafeView Analysis
The project uses standard API key authentication (HARNESS_API_KEY) passed in headers. There's a SECURITY.md file outlining the vulnerability reporting process, indicating good security practices. Request and response logging is performed, which should be configured carefully to avoid leaking sensitive data, but no direct 'eval' or other high-risk code execution patterns are observed. The `ioutil.ReadAll` in client code, while common, could be a vector for large, malicious responses if interacting with untrusted endpoints, but in this context, it interacts with trusted Harness APIs.
Updated: 2026-01-19GitHub
41
15
Low Cost
tuannvm icon

oauth-mcp-proxy

by tuannvm

Sec9

OAuth 2.1 authentication library for Go MCP servers, supporting both mark3labs and official SDKs for token validation and caching.

Setup Requirements

  • ⚠️Requires an external OAuth provider (e.g., Okta, Google, Azure AD) account and configuration (API, Authorization Server, Client ID, Redirect URIs).
  • ⚠️Environment variables are critical for configuration, including secrets like JWT_SECRET and OAUTH_CLIENT_SECRET.
  • ⚠️HTTPS is strongly recommended and enforced for non-localhost environments in production for OAuth endpoints.
Verified SafeView Analysis
The project demonstrates a strong focus on security, including PKCE support, HMAC-signed state parameters to prevent tampering, explicit redirect URI validation (allowlist and localhost-only for fixed redirect mode), and secure TLS configurations. It logs truncated token hashes instead of full tokens. Extensive security tests are present. A minor area for improvement is a logged warning about an 'insecure-fallback-key' if JWT_SECRET is not configured for state signing, although it correctly prompts for a strong secret.
Updated: 2026-01-16GitHub
41
24
Medium Cost
clay-inc icon

clay-mcp

by clay-inc

Sec9

Integrates AI assistants with the Clay relationship management platform, allowing natural language queries for contact, interaction, group, note, and event management.

Setup Requirements

  • ⚠️Requires a Clay API Key for authentication and functionality.
  • ⚠️Requires Node.js version 18.0.0 or higher.
  • ⚠️Primarily designed for integration with specific AI clients (e.g., Claude, ChatGPT) via their developer settings or Smithery.ai, requiring client-side configuration.
Verified SafeView Analysis
API keys are handled securely via environment variables or URL query parameters, preventing hardcoding. Input validation for all exposed tools is enforced using Zod schemas, significantly mitigating common injection risks. External API calls are directed to a known Clay endpoint (`nexum.clay.earth`), and there is no apparent use of `eval` or direct command execution with user-controlled input.
Updated: 2026-01-14GitHub
41
23
Medium Cost
allsmog icon

mcp-pentest

by allsmog

Sec2

An AI-driven middleware to orchestrate and manage penetration testing tools and engagements.

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️Requires Nmap and Gobuster (and other integrated tools like Hydra, John, Nikto, Metasploit for full functionality) binaries to be installed and in the system's PATH.
  • ⚠️Metasploit RPC daemon (msfrpcd) must be running with hardcoded default credentials ('msf'/'password') for Metasploit functionality, which is a significant security risk.
  • ⚠️Assumes existence of common wordlists (e.g., /usr/share/wordlists/dirb/common.txt) for tools like Gobuster and Hydra.
Review RequiredView Analysis
CRITICAL security risks identified. The server is highly vulnerable to command injection in its tool plugins (Nmap, Gobuster, Hydra, John, Nikto). The 'options' parameters in `execute_task` methods directly append user/LLM-supplied input to shell commands without sanitization, allowing arbitrary command execution on the host running the MCP server. Additionally, the Metasploit plugin uses hardcoded default credentials ('msf'/'password') for its RPC connection, posing a significant risk if Metasploit is active and exposed. There is also a general lack of robust input validation for parameters passed to external tools.
Updated: 2025-12-05GitHub
41
31
Medium Cost
timescale icon
Sec9

Provides a set of focused tools to Large Language Models (LLMs) for interacting with the GitHub API, enabling capabilities like fetching issues, pull requests, commits, releases, and searching code within a specified organization.

Setup Requirements

  • ⚠️Requires a GitHub API token (`GITHUB_TOKEN`) with `repo`, `read:org`, `read:user`, and `user:email` scopes.
  • ⚠️Requires a specific GitHub organization (`GITHUB_ORG`) to be configured.
  • ⚠️Node.js and npm must be installed to build and run the server (requires `npm i` then `npm run build`).
Verified SafeView Analysis
The server uses standard practices for handling sensitive information, requiring `GITHUB_TOKEN` and `GITHUB_ORG` to be set as environment variables. It leverages the `@octokit/rest` library for GitHub API interactions, which is a well-maintained and widely used client. Input sanitization for GitHub API calls is implicitly handled by the Octokit library. No direct `eval` or command injection vulnerabilities were observed.
Updated: 2026-01-07GitHub
41
25
Medium Cost
pratikjadhav2726 icon

Unified-MCP-Tool-Graph

by pratikjadhav2726

Sec4

The Unified MCP Tool Graph aggregates and structures tool APIs from diverse Model Context Protocol (MCP) servers into a centralized Neo4j graph database, enabling LLMs and agentic AI systems to dynamically retrieve the most relevant tools for any task.

Setup Requirements

  • ⚠️Requires Neo4j database (Docker recommended) for full dynamic tool retrieval capabilities; otherwise, it runs in fallback mode.
  • ⚠️Requires `uv` (modern Python package manager) for easy dependency installation and running scripts.
  • ⚠️Requires `mcp-proxy` for exposing stdio-based MCP servers as HTTP endpoints.
  • ⚠️Requires `GROQ_API_KEY` for agent examples utilizing Groq models (paid API usage).
  • ⚠️Requires Python 3.12+.
Review RequiredView Analysis
The system dynamically fetches and executes server configurations from potentially arbitrary GitHub repositories for new tools. The `MCPServerManager` uses `subprocess.Popen` with commands and arguments derived from these configurations. While `extract_config_from_github_async` attempts to filter commands (to 'npx' or 'python'), these can still execute arbitrary code if a malicious configuration is provided (e.g., from a compromised GitHub repository or a crafted JSON in a README). This introduces a significant supply chain and remote code execution risk, as the integrity of external configurations cannot be fully guaranteed. No direct `eval()` or `os.system()` with unsanitized user input was found, but the dynamic execution of external commands is a high-risk pattern.
Updated: 2025-12-02GitHub
41
22
Medium Cost
jentic icon

jentic-sdks

by jentic

Sec7

The Jentic MCP Plugin enables AI-agent builders to discover, load, and execute external APIs and workflows via the Model Configuration Protocol (MCP), generating LLM-compatible tool definitions.

Setup Requirements

  • ⚠️Requires `JENTIC_AGENT_API_KEY` (obtained from Jentic dashboard).
  • ⚠️Requires `uv` installed (`brew install uv` or `pip install uv`).
  • ⚠️Requires Python 3.11+.
Verified SafeView Analysis
The server explicitly handles `JENTIC_AGENT_API_KEY` from environment variables, which is good practice. However, the `submit_feedback` tool, while attempting to remove sensitive data, also explicitly includes the `JENTIC_AGENT_API_KEY` in the feedback payload if present. This is a potential security risk as the agent API key is sensitive and its inclusion in feedback could lead to compromise if the feedback endpoint or its handling is insecure. The server relies on the security of the remote Jentic API Knowledge Hub for its core functionality. No 'eval' or obvious malicious code patterns were found.
Updated: 2025-11-26GitHub
41
49
Medium Cost
AterDev icon

Perigon.CLI

by AterDev

Sec8

A development assistance tool for quickly building front-end and back-end services with code generation and LLM technology, providing CLI, WebUI, and MCP Server modes.

Setup Requirements

  • ⚠️Requires .NET SDK 10 (or 9.0 for contribution/dev builds) to be installed.
  • ⚠️PowerShell 7.0 or higher is needed to run included scripts.
  • ⚠️Likely requires an external LLM API Key (e.g., OpenAI) for LLM-assisted features, which may incur costs.
Verified SafeView Analysis
Based on the truncated source code provided, there are no immediate glaring security vulnerabilities like hardcoded secrets or direct 'eval' usage. Configuration files use standard practices. However, the tool relies on 'code generation' and 'LLM technology,' which inherently carry risks (e.g., prompt injection, insecure code generation from LLM output, or code injection if user input isn't sanitized during generation). The actual implementation of these critical generation and LLM integration components is not visible in the provided snippets, preventing a full assessment of those specific risks. Running locally via HTTP is standard for development but HTTPS should be enforced if deployed publicly.
Updated: 2026-01-19GitHub
41
13
Medium Cost
GravityKit icon

GravityMCP

by GravityKit

Sec9

Manage Gravity Forms data (forms, entries, feeds, fields) via Model Context Protocol, enabling programmatic interaction with WordPress forms.

Setup Requirements

  • ⚠️Requires Node.js 18+ (though `scripts/check-env.js` recommends 20+).
  • ⚠️Requires an active WordPress installation with Gravity Forms 2.5+.
  • ⚠️Requires an HTTPS-enabled WordPress site if using Basic Authentication (OAuth 1.0a is a fallback for HTTP).
  • ⚠️Requires Gravity Forms REST API Consumer Key and Secret, generated in WordPress settings.
  • ⚠️For local development with self-signed SSL certificates, `MCP_ALLOW_SELF_SIGNED_CERTS=true` must be set in your `.env` file.
Verified SafeView Analysis
The server enforces HTTPS for Basic Authentication, falling back to OAuth 1.0a for HTTP connections. Sensitive data (keys, secrets, passwords) is obfuscated in logs using a dedicated sanitization utility (`sanitize.js`). Destructive operations (delete) are disabled by default and require explicit `GRAVITY_FORMS_ALLOW_DELETE=true` configuration. A `MCP_ALLOW_SELF_SIGNED_CERTS=true` option is available for local development with self-signed certificates, which carries an explicit security warning against its use in production.
Updated: 2025-12-05GitHub
41
15
Low Cost
ethanolivertroy icon

fedramp-docs-mcp

by ethanolivertroy

Sec8

A Model Context Protocol (MCP) server for querying FedRAMP compliance documentation and NIST controls, designed to be used by AI agents and developers.

Setup Requirements

  • ⚠️Requires Node.js 18+ and npm 9+.
  • ⚠️Requires 'git' command-line tool to be installed and available in PATH.
  • ⚠️Requires network access for initial cloning of the FedRAMP/docs repository (~50MB) and for automatic updates.
  • ⚠️Requires an MCP-compatible client (e.g., Claude Desktop, Cursor, LM Studio) to interact with its tools.
Verified SafeView Analysis
The server uses 'simple-git' to clone and update the official 'FedRAMP/docs' GitHub repository. While 'simple-git' is a well-established library for Git operations, any execution of external commands ('git') inherently introduces a potential attack surface. However, the repository source and branch are configurable via environment variables, not directly by user input to tools, which mitigates command injection risks. The Docker setup provides strong security hardening (e.g., non-root user, read-only filesystem, dropped capabilities, no-new-privileges, network isolation) which significantly enhances security in containerized deployments. No direct 'eval' or intentional obfuscation is observed.
Updated: 2026-01-14GitHub
41
5
Low Cost
andrewmat32 icon
Sec8

An AI-powered code generator for Apostrophe CMS modules, operating as a local Model Context Protocol (MCP) server that can be integrated with Claude Code.

Setup Requirements

  • ⚠️Requires Node.js v18 or higher.
  • ⚠️Requires Claude Code CLI (@anthropic-ai/claude-code) installed globally.
  • ⚠️Requires an Anthropic API key configured via `claude configure` (this is a paid service, token usage applies).
  • ⚠️Apostrophe CMS projects must be located in the parent directory of this tool and configured for ES Modules (`"type": "module"` in their `package.json`).
Verified SafeView Analysis
The server runs locally and explicitly states no API keys are required for its own operation, relying on the `claude` CLI for AI interaction. It executes the `claude` CLI via `child_process.spawn` and passes prompts securely via `stdin`, mitigating direct command injection through prompts. File system operations (read, write, delete) are confined to discovered Apostrophe projects (which must be in the parent directory and meet specific `app.js` criteria) and a local `history/` folder. A specific safety measure is appending to `modules/asset/ui/src/index.js` rather than overwriting. The primary risks involve trusting the security of the `claude` CLI itself and potential (though mitigated) malicious manipulation of discovered project paths.
Updated: 2025-12-11GitHub
41
43
Medium Cost
groq icon
Sec9

Provides a Model Context Protocol (MCP) server for interacting with Groq models, including compound/meta models, exposing tools for real-time information and code execution capabilities from the Groq AI.

Setup Requirements

  • ⚠️Requires Node.js >= 18.0.0.
  • ⚠️Requires a Groq API key set in the `GROQ_API_KEY` environment variable (this is a paid service).
  • ⚠️For Vercel deployments and SSE transport, a Redis instance URL (`REDIS_URL` environment variable) is recommended.
Verified SafeView Analysis
The server correctly handles sensitive information (Groq API key, Redis URL) via environment variables. Input validation is performed using Zod schemas for tool arguments, mitigating common injection risks. There is no direct `eval` or arbitrary code execution exposed by the server itself; the 'code execution' capability is a feature of the underlying Groq AI models this server interfaces with. The use of `@vercel/mcp-adapter` and `express-rate-limit` (via `@modelcontextprotocol/sdk` dependency) suggests good practices for web endpoint security and abuse prevention.
Updated: 2026-01-07GitHub
PreviousPage 85 of 713Next