Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

41
4
Medium Cost
jtalk22 icon
Sec7

Integrate an AI assistant (like Claude) with full Slack workspace access, including DMs, channels, search, and history, without requiring admin approval.

Setup Requirements

  • ⚠️Automatic token refresh from Chrome is only available on macOS; Linux/Windows users must manually extract and update tokens.
  • ⚠️Requires Chrome browser to be running with app.slack.com logged in for automatic token extraction/refresh.
  • ⚠️Session tokens expire every 1-2 weeks, requiring periodic refresh (manual or automatic).
  • ⚠️Uses unofficial Slack APIs, which may break or lead to account issues if Slack changes its policies or internal mechanisms.
Verified SafeView Analysis
The server's core functionality relies on extracting highly privileged 'xoxc-' (token) and 'xoxd-' (cookie) browser session tokens from Chrome (macOS only) via AppleScript executing JavaScript within the browser. This grants the server the same access you have in your web browser. While powerful, this is a high-privilege operation and requires significant trust in the application. The project implements several good security practices: - Tokens are stored locally (file, macOS Keychain) with strict 'chmod 600' permissions. - Atomic writes prevent file corruption during token/cache updates. - The REST API server (`slack-mcp-web`) generates a secure, random API key and binds exclusively to localhost (`127.0.0.1`), preventing external network access by default. CORS is also restricted to localhost origins. - Filename sanitization is implemented for exports to prevent path traversal vulnerabilities. - No obvious hardcoded secrets or malicious 'eval' patterns (the JavaScript execution is explicit and part of the core design).
Updated: 2026-01-17GitHub
41
24
Medium Cost
goern icon

forgejo-mcp

by goern

Sec9

Connects AI assistants to Forgejo repositories, enabling natural language management of issues, pull requests, files, and more.

Setup Requirements

  • ⚠️Requires a Forgejo instance URL and a personal access token with appropriate permissions.
  • ⚠️Requires Go 1.24+ for installation and execution.
  • ⚠️Requires an MCP-compatible AI assistant to interact with the server's tools.
Verified SafeView Analysis
The server's Go source code shows good security practices, including handling sensitive data (access tokens) via environment variables or CLI flags, and sanitizing URLs and redacting tokens in logs. It primarily acts as a proxy to the Forgejo API via a standard SDK, limiting its attack surface. No 'eval', obfuscation, or direct malicious patterns were identified. The primary security consideration for users is to ensure the Forgejo access token is granted only the necessary permissions.
Updated: 2026-01-19GitHub
41
26
Medium Cost
olaservo icon

mcp-advisor

by olaservo

Sec8

Provides LLMs and humans with structured access to the Model Context Protocol (MCP) specification and documentation for understanding and compliance evaluation.

Setup Requirements

  • ⚠️The server currently depends on the official `LLMS.txt` file which no longer matches the format expected by this server, potentially leading to functional issues or incorrect link fetching.
  • ⚠️Requires outbound network access to `https://modelcontextprotocol.io` and `https://raw.githubusercontent.com` to fetch specifications and documentation; without this, it will rely on (potentially expired) cache or fail.
Verified SafeView Analysis
The server acts as a documentation provider, fetching content from external URLs (`modelcontextprotocol.io`, `raw.githubusercontent.com`). No direct code execution vulnerabilities (like 'eval' on untrusted input) were found. The `evaluate_server_compliance` prompt takes a 'path' argument, but the server only passes this string to the LLM for evaluation, without attempting to read or execute code from that path on its host system. The primary security considerations are the integrity of the external content sources and how the consuming LLM client handles the provided documentation. The README's warning about `LLMS.txt` format is a functional issue, not a direct security flaw in the server's execution.
Updated: 2026-01-16GitHub
41
15
Medium Cost
codescene-oss icon

codescene-mcp-server

by codescene-oss

Sec9

The CodeScene MCP Server exposes CodeScene's Code Health analysis as local AI-friendly tools to augment AI prompts with code quality insights.

Setup Requirements

  • ⚠️Requires a CodeScene instance and 'CS_ACCESS_TOKEN' for API authentication.
  • ⚠️Requires 'CS_ACE_ACCESS_TOKEN' for the 'code_health_auto_refactor' tool (CodeScene ACE add-on).
  • ⚠️Requires 'git' to be installed and the server to be run within a Git repository for file path resolution.
  • ⚠️If running in Docker, requires a volume mount and 'CS_MOUNT_PATH' environment variable to correctly map host file paths to paths inside the container.
Verified SafeView Analysis
The server primarily acts as an intermediary, executing the local CodeScene CLI and calling CodeScene APIs. It uses `subprocess.run` to execute external commands, which is inherent to its functionality but generally well-controlled by the application logic. API tokens are expected from environment variables, and no hardcoded secrets were found. Path adaptation for Docker environments is implemented with checks to prevent unintended access. No obvious malicious patterns or obfuscation were observed. The primary security risk involves proper configuration of access tokens and host path mounts in Docker environments.
Updated: 2026-01-19GitHub
41
2
High Cost
eamonnfaherty icon

oh-no-mcp-server

by eamonnfaherty

Sec9

Provides a Model Context Protocol (MCP) server for deep analysis of code performance, identifying bottlenecks, memory issues, algorithm complexity, and suggesting optimizations across code snippets, single files, or entire directories.

Setup Requirements

  • ⚠️Requires a compatible MCP client (e.g., Claude Desktop) to operate as intended, as it's an MCP server, not a standalone application.
  • ⚠️Python 3.10 or newer is required to run the server.
Verified SafeView Analysis
The server's core functionality involves read-only access to the file system to gather code content based on paths provided by an MCP client. It does not contain `eval()` or similar dangerous functions in its runtime logic (an `exec` call is present in the test suite for module execution testing only). No hardcoded secrets were found. During directory scans, it explicitly excludes common sensitive directories like `.git` and `node_modules`. The primary security consideration is the potential for an untrusted client or LLM to request the reading of arbitrary local files if the MCP client environment (e.g., Claude Desktop) does not adequately sandbox or validate paths. The server itself does not perform file writing; it only prepares prompts that may instruct the LLM to write reports to a specified `output_path`, placing the responsibility for the actual write operation and its security implications on the LLM's client environment.
Updated: 2025-11-25GitHub
41
24
High Cost
walksoda icon

crawl-mcp

by walksoda

Sec7

A comprehensive Model Context Protocol (MCP) server that wraps the crawl4ai library for advanced web crawling, content extraction, and AI-powered summarization from various sources including web pages, PDFs, Office documents, and YouTube videos.

Setup Requirements

  • ⚠️Requires Python 3.11 or later.
  • ⚠️Requires installation of system-level Playwright dependencies (e.g., libnss3, libgbm1, libgtk-3-0t64 on Ubuntu), often requiring root privileges (`sudo`).
  • ⚠️AI-powered features (summarization, intelligent extraction) require API keys for LLM providers (e.g., OPENAI_API_KEY, ANTHROPIC_API_KEY), which are typically paid services.
Verified SafeView Analysis
The project demonstrates awareness of security, including safeguards against ReDoS attacks using `_safe_regex_findall` with process-level timeouts, and secure file permissions (`0600`) for session/cache data. Environment variables are used for sensitive data like API keys. The `execute_js` parameter for crawling tools is powerful and, if misused by the client, could potentially execute arbitrary JavaScript within the browser context (though contained by Playwright/Chromium sandbox). The use of `--no-sandbox` in Docker Compose is a common practice for Playwright in containers but means reliance on Docker's isolation for browser sandboxing. Session data is stored in plaintext locally, albeit with restricted file permissions, posing a minor risk if the host system is compromised.
Updated: 2026-01-18GitHub
41
8
Medium Cost
nihalxkumar icon

arch-mcp

by nihalxkumar

Sec9

An MCP server that bridges AI assistants with the Arch Linux ecosystem, providing intelligent, safe, and efficient access to the Arch Wiki, AUR, and official repositories for AI-assisted Arch Linux usage.

Setup Requirements

  • ⚠️Most core functionality requires the server to run on an Arch Linux system.
  • ⚠️Write operations and some diagnostic tools require `sudo` access.
  • ⚠️AUR installation tools require an AUR helper (paru or yay) to be installed on the host system.
  • ⚠️Checking for updates (`check_updates_dry_run`) requires the `pacman-contrib` package.
Verified SafeView Analysis
The server features robust, built-in security analysis for AUR packages, actively scanning PKGBUILDs for over 50 critical and suspicious patterns (e.g., `rm -rf /`, fork bombs, reverse shells, crypto miners, obfuscated code, dangerous network activity). It will block installations if critical security issues are detected. `sudo` commands for system operations are handled carefully with checks for password requirements. No apparent hardcoded secrets or direct vulnerabilities in the server's own codebase; its primary function is to provide a safe interface for interacting with potentially unsafe external content.
Updated: 2025-11-30GitHub
41
38
Low Cost
aliyun icon
Sec9

Provides AI assistants with the ability to interact with Alibaba Cloud DevOps (Yunxiao) platform for tasks like code review, task management, pipeline execution, and deployment, to assist enterprise development teams.

Setup Requirements

  • ⚠️Requires Node.js version 18.0.0 or higher.
  • ⚠️Requires an Alibaba Cloud DevOps Personal Access Token with extensive read/write permissions across organization management, project collaboration, code management, pipeline management, artifact repository management, application delivery, and testing management.
  • ⚠️The `YUNXIAO_ACCESS_TOKEN` must be set as an environment variable (`YUNXIAO_ACCESS_TOKEN`) or passed as a query parameter (`yunxiao_access_token`) in SSE mode.
Verified SafeView Analysis
The server uses `YUNXIAO_ACCESS_TOKEN` for authentication, which is expected via environment variables or URL query parameters in SSE mode, a standard and recommended practice. Input validation is thoroughly implemented using Zod schemas, mitigating risks like injection attacks. API calls target official Alibaba Cloud domains. No use of `eval` or other obvious malicious code patterns were found in the provided source.
Updated: 2026-01-07GitHub
41
2
Low Cost
Litash icon
Sec9

Allows AI agents to access Moomoo trading platform's market data, account information, and execute trades.

Setup Requirements

  • ⚠️Requires Moomoo OpenD gateway application to be installed and running locally on port 11111.
  • ⚠️REAL account access requires MOOMOO_TRADE_PASSWORD (or MOOMOO_TRADE_PASSWORD_MD5) and MOOMOO_SECURITY_FIRM environment variables.
  • ⚠️Requires Python 3.10 or newer.
Verified SafeView Analysis
The server uses environment variables for sensitive trading passwords (MOOMOO_TRADE_PASSWORD, MOOMOO_TRADE_PASSWORD_MD5), which is a good practice. It connects to the local Moomoo OpenD gateway (127.0.0.1:11111) by default, limiting direct external network exposure. Critical trading tools (place_order, modify_order, cancel_order) include explicit warnings in their docstrings, instructing AI agents to ask for user confirmation before executing actions, especially in 'REAL' trading environments. No 'eval' or direct execution of arbitrary code from user input was found. The main security risk comes from the AI agent's interpretation of instructions and the default 'REAL' environment for account tools, which is mitigated by strong AI agent guidance in the README and tool docstrings.
Updated: 2026-01-19GitHub
41
23
High Cost
teaguesterling icon

duckdb_mcp

by teaguesterling

Sec4

Integrate SQL databases with AI assistants (e.g., Claude) using the Model Context Protocol (MCP) for data querying, tool execution, and resource management.

Setup Requirements

  • ⚠️Requires C++ build environment (compiler, DuckDB development headers) for compilation.
  • ⚠️Running example MCP servers (e.g., for pagination tests or web-api) requires Python.
  • ⚠️Requires manual configuration in Claude Desktop's `mcp.json` to register the DuckDB server.
  • ⚠️The `allowed_mcp_commands` security setting is critical for client usage; if not set, no commands are allowed by default, leading to errors.
Verified SafeView Analysis
The server-side functionality, if exposed over a network (e.g., TCP, HTTP, WebSocket - though not fully implemented in provided source), defaults to *no authentication*, posing a critical security risk. Custom tools built with `mcp_publish_tool` use naive string substitution for parameters, which is a **SQL injection vulnerability** if the SQL template is not carefully constructed with proper quoting (e.g., `WHERE col = ''$param''` for strings). The `execute` tool, allowing DDL/DML, is safely disabled by default. Client-side `ATTACH` commands are secured by a robust command allowlisting mechanism (`allowed_mcp_commands`) which prevents arbitrary executable paths and unsafe arguments, and becomes immutable after initial configuration, making client usage generally safer.
Updated: 2026-01-17GitHub
40
18
High Cost
hrrrsn icon

mcp-vnc

by hrrrsn

Sec7

An MCP server for AI agents to remotely control VNC-enabled desktops (Windows, Linux, macOS) through mouse, keyboard, text input, and screen capture commands.

Setup Requirements

  • ⚠️Requires an external VNC server to be running and accessible at the specified host and port.
  • ⚠️Requires Node.js version 22.0.0 or higher.
  • ⚠️VNC_HOST, VNC_PORT, and optionally VNC_PASSWORD environment variables must be configured.
Verified SafeView Analysis
The server uses environment variables for VNC connection details (host, port, password), which is good practice. Coordinate validation is present for mouse actions. However, the `typeCharacter` function logs the exact characters being typed to `console.error` in plain text. If `stderr` is captured and logged, this could lead to the exposure of sensitive information (e.g., passwords, private messages) typed by the AI agent on the remote VNC desktop. The core security risk is inherent in giving an AI agent remote control capabilities, rather than a flaw in the server's implementation, but the logging of typed characters presents a minor information leak risk.
Updated: 2026-01-18GitHub
40
21
Low Cost
chenyeju295 icon

mcp_generate_images

by chenyeju295

Sec9

Generate images using Volcengine Doubao model, integrated with Cursor IDE.

Setup Requirements

  • ⚠️Requires a paid Volcengine API Key (ARK_API_KEY).
  • ⚠️Requires 'uv' package manager installed.
  • ⚠️Requires 'volcengine-python-sdk[ark]' dependency.
  • ⚠️Save folder path must be absolute and have write permissions.
Verified SafeView Analysis
API key (ARK_API_KEY) is correctly handled via environment variables, not hardcoded. Robust path validation (`validate_save_path`) is implemented to prevent path traversal and ensure write permissions. Image downloads from external Volcengine URLs are handled with appropriate error checking and timeouts. No 'eval' or other direct code execution vulnerabilities were found.
Updated: 2025-12-02GitHub
PreviousPage 86 of 713Next