Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

39
16
Medium Cost
wondeks icon

unity-mcp

by wondeks

Sec4

Facilitate AI client interaction with the Unity Editor to automate development actions and workflows.

Setup Requirements

  • ⚠️Requires Unity Editor (2022.3 or later).
  • ⚠️Requires Python 3.12 or later.
  • ⚠️Requires `mcp[cli]` Python library and other dependencies specified in `pyproject.toml`.
  • ⚠️The C# counterpart (Unity-MCP package) must be installed and active in the Unity Editor project to establish a connection.
Review RequiredView Analysis
The server connects to the Unity Editor locally via a socket and proxies commands from an MCP client (e.g., Claude Desktop, Cursor). While the default connection is to 'localhost', assuming a trusted environment, there are significant risks: 1. Script Execution: Tools like `create_script` and `update_script` directly pass arbitrary C# code content from the AI client to Unity for creation/modification. If the AI client (or its input) is compromised, this allows arbitrary code execution within the Unity Editor environment, which can lead to full system compromise upon compilation and execution. 2. Command Execution: The `execute_command` tool allows running various Unity Editor commands. While it can validate against available commands, a malicious command could still perform sensitive operations. 3. Asset Manipulation: `import_asset` and `create_prefab` can lead to injecting or modifying potentially harmful assets or configurations if a malicious source is provided. There is no sandboxing or robust content validation for AI-generated code or commands before they are sent to the Unity Editor. The system design inherently trusts the AI's output to be non-malicious.
Updated: 2026-01-19GitHub
39
15
Low Cost
ZizoTheDev icon

ffmpeg-mcp

by ZizoTheDev

Sec6

This server provides FFmpeg capabilities as tools, enabling automated media processing tasks like video speed manipulation and audio extraction via the Model Context Protocol.

Setup Requirements

  • ⚠️FFmpeg must be installed and accessible via system PATH or by setting the `FFMPEG_PATH` environment variable.
  • ⚠️Requires Node.js (v18+) or Bun runtime to execute.
Review RequiredView Analysis
The server uses `tinyexec` to execute FFmpeg commands, passing arguments as an array, which generally prevents classic shell injection vulnerabilities. However, the server does not perform input validation or sanitization on `input_file` or `output_file` paths. This could allow an attacker to specify arbitrary file paths (e.g., using `../` for directory traversal or absolute paths) for FFmpeg to read from or write to, leading to potential arbitrary file system access, data leakage, or overwriting sensitive files, depending on the server's permissions.
Updated: 2025-12-15GitHub
39
18
Medium Cost
leshchenko1979 icon

fast-mcp-telegram

by leshchenko1979

Sec9

Enables AI assistants to interact with Telegram for messaging, search, and contact management via a standardized MCP interface.

Setup Requirements

  • ⚠️Requires Telegram API_ID and API_HASH from my.telegram.org/apps.
  • ⚠️Requires a phone number (for user account) or bot token (for bot account) for initial authentication via an interactive CLI or web setup flow.
  • ⚠️Requires Python 3.10+.
  • ⚠️For HTTP_AUTH mode, securely managing the generated Bearer token is critical as it grants full access to the associated Telegram account. Session files (e.g., ~/.config/fast-mcp-telegram/) need to be persisted via Docker volume mounts in containerized deployments.
Verified SafeView Analysis
The project demonstrates a strong focus on security, especially for SSRF prevention, Bearer token authentication, session isolation, and dangerous Telegram API method blocking. File handling restricts local file access to stdio mode. While `invoke_mtproto` allows direct API access (inherently increasing surface area), it is protected by default by a denylist for dangerous operations and requires explicit opt-in. Proper management of Bearer tokens is critical as they grant full account access.
Updated: 2026-01-19GitHub
39
7
High Cost
KSAklfszf921 icon

Skolverket-MCP

by KSAklfszf921

Sec9

Provides AI assistants access to Skolverket's open APIs (Läroplan, Skolenhetsregistret, Planned Educations) for searching, comparing, and analyzing Swedish education data and statistics.

Setup Requirements

  • ⚠️The `SKOLVERKET_API_KEY` environment variable might become a mandatory requirement for Skolverket's APIs in the future, although it currently defaults to optional.
  • ⚠️Requires Node.js version 18.0.0 or higher to run.
  • ⚠️Local installation guides require users to provide an absolute file path to the `dist/index.js` file, which can be a common point of user error.
Verified SafeView Analysis
The server uses explicit allow-listing for tool execution, meaning only pre-defined functions can be called, significantly mitigating arbitrary code execution risks. Environment variables (`process.env`) are used for sensitive configurations like API keys, preventing hardcoding. Input validation is performed for tool parameters. The use of `execSync` is limited to a build script, not the runtime server. Cross-Origin Resource Sharing (CORS) is enabled with a wildcard origin (`*`) in the HTTP server, which is common for APIs but could be tightened if specific client origins are known.
Updated: 2025-12-08GitHub
39
17
High Cost
phil65 icon

LLMling

by phil65

Sec3

A declarative Python framework for building LLM applications, managing resources, prompts, and tools, serving as a backend for MCP servers and Pydantic-AI agents.

Setup Requirements

  • ⚠️Requires Python 3.13+ (as per pyproject.toml).
  • ⚠️Requires 'mcp-server-llmling' package to be installed to run as an MCP server.
  • ⚠️Optional dependencies like 'watchfiles' (for file watching), 'pygit2'/'GitPython' (for Git repository resources), and 'httpx' (for HTTP requests) may be needed for specific features, or third-party tool integrations (e.g., 'crewai', 'langchain_core', 'autogen_core').
Review RequiredView Analysis
The `register_code_tool` functionality in `src/llmling/config/runtime.py` uses `exec()` to dynamically execute Python code provided by the LLM. This is a critical security risk as a malicious or compromised LLM could execute arbitrary code. Additionally, resource loaders and toolsets (e.g., `PathResourceLoader`, `RepositoryResourceLoader`, `OpenAPITools`) allow access to arbitrary external URLs and Git repositories, posing risks like Server-Side Request Forgery (SSRF) and arbitrary file downloads. Proper sandboxing, strict input validation, and careful permission management are crucial if exposing these capabilities to an LLM, especially with untrusted input.
Updated: 2025-12-09GitHub
39
16
Medium Cost
yotsuda icon

PowerShell.MCP

by yotsuda

Sec6

Enables AI assistants to execute arbitrary PowerShell commands and CLI tools for system automation, development tasks, and data analysis in a persistent, shared console environment.

Setup Requirements

  • ⚠️Requires PowerShell 7.2+ installed.
  • ⚠️Requires a compatible MCP client like Claude Desktop, which needs manual JSON configuration (e.g., modifying `claude_desktop_config.json`).
  • ⚠️On Linux/macOS, manual execution permission (`chmod +x`) is required for the proxy executable.
  • ⚠️Potential PATH issues on macOS where Homebrew-installed PowerShell might not be found by the proxy without a symlink or explicit PATH modification in the proxy's launcher logic.
Verified SafeView Analysis
The server uses local-only named pipes for communication, significantly mitigating network exposure risks. However, its core functionality, particularly the `invoke_expression` tool, grants AI complete and unrestricted PowerShell access to the host system. This is a deliberate design choice for powerful system interaction but inherently carries a high risk if the MCP client or the AI itself is compromised or untrusted. The project's documentation explicitly warns users about this and recommends use only in trusted environments.
Updated: 2026-01-12GitHub
39
11
High Cost
vscarpenter icon

gsd-task-manager

by vscarpenter

Sec9

A local-first, privacy-focused task manager that integrates with AI assistants (like Claude Desktop) for natural language task creation, management, and analysis using the Eisenhower Matrix.

Setup Requirements

  • ⚠️This MCP server is designed to integrate with Claude Desktop, implying that Claude Desktop must be installed and configured to use this server.
  • ⚠️Requires creating a `claude-config.json` (or equivalent) with real JWT tokens and encryption passphrases, which must *never* be committed to version control and handled with extreme care.
  • ⚠️The MCP server connects to the GSD Sync Worker, which is a Cloudflare Worker backend and requires its own setup (D1, KV, R2 databases, and secrets management on Cloudflare).
Verified SafeView Analysis
The system employs robust end-to-end encryption (AES-256-GCM, PBKDF2), secure OAuth 2.0 with PKCE, JWT authentication with revocation, and comprehensive input validation (Zod schemas, prepared statements for D1). Rate limiting is implemented on sensitive endpoints. The architecture is explicitly designed for zero-knowledge on the server for task content. Sensitive data (JWT tokens, encryption passphrases) are explicitly marked as "NEVER COMMIT" and handled through secure configurations (IndexedDB on client, Cloudflare secrets for worker, `claude-config.json` for MCP). While JWTs are stored in IndexedDB on the client, this is a documented trade-off for PWA offline functionality, with all task data E2E encrypted. The security review found no critical or high vulnerabilities.
Updated: 2026-01-18GitHub
39
12
Medium Cost
Qiskit icon

mcp-servers

by Qiskit

Sec8

A collection of Model Context Protocol (MCP) servers enabling AI agents to interact with Qiskit libraries and IBM Quantum services for quantum computing development, including code generation, runtime execution, and circuit transpilation.

Setup Requirements

  • ⚠️Requires Python 3.10+ (some parts specify <3.14 or <3.15).
  • ⚠️Requires an IBM Quantum account and API token (`QISKIT_IBM_TOKEN`) for most functionalities interacting with IBM Quantum services.
  • ⚠️Using `qiskit-ibm-runtime-mcp-server` can be slow (10-30+ seconds) to initialize if `QISKIT_IBM_RUNTIME_MCP_INSTANCE` environment variable is not set, as it performs an instance lookup.
  • ⚠️If utilizing the `qiskit-code-assistant-mcp-server`, access to the Qiskit Code Assistant service is required.
  • ⚠️Using local Ollama as an LLM provider requires Ollama to be running locally with the desired model pulled.
Verified SafeView Analysis
The project follows good practices for credential management, primarily using environment variables (`QISKIT_IBM_TOKEN`, `OPENAI_API_KEY`, etc.) or saved user configuration files (`~/.qiskit/qiskit-ibm.json`), with explicit checks to reject common placeholder tokens. Input validation for various parameters (e.g., prompt length, shots, optimization levels) is implemented. Network requests to external IBM APIs are handled with retries and comprehensive error reporting. The use of `nest_asyncio.apply()` is noted but not considered a direct security risk in this context. No direct use of `eval` or `exec` on untrusted input was observed; quantum circuit parsing relies on established Qiskit library functions. Overall, the project appears designed with a focus on reliability and security.
Updated: 2026-01-19GitHub
39
14
Medium Cost
GoPlausible icon

algorand-remote-mcp

by GoPlausible

Sec3

Provides tools and resources for AI agents to interact with the Algorand blockchain ecosystem through a standardized interface, handling wallet management, transaction creation/submission, and API integrations.

Setup Requirements

  • ⚠️Requires a complex setup involving multiple Cloudflare Workers (one for the MCP server, another for HashiCorp Vault integration) and numerous Cloudflare KV/R2 bindings.
  • ⚠️Extensive environment variables are required, including multiple OAuth client IDs/secrets, Algorand API endpoints, and HashiCorp Vault configuration details.
  • ⚠️Initial OAuth authentication requires a Google account and setting up client credentials for at least one provider (e.g., Google, GitHub, Twitter, LinkedIn).
Review RequiredView Analysis
CRITICAL VULNERABILITIES: The `sdk_sign_bytes` and `sdk_sign_transaction` tools directly accept raw secret keys (`sk`) or mnemonic phrases as input from the AI agent. This completely bypasses the intended secure key management provided by HashiCorp Vault, allowing a malicious or compromised AI agent to sign arbitrary transactions or data if it is provided with or can infer these secrets. This contradicts the stated goal of secure key management and exposes user funds. MODERATE RISK: The `buildHTMLPage` functions (used by `arc26Manager.ts` and `receiptManager.ts`) do not sanitize all potential inputs (e.g., `from`, `label`, `sender`, `receiver`, `note`) that could originate from the AI agent. If a malicious AI controls these inputs, it could inject Cross-Site Scripting (XSS) attacks into the generated HTML pages, which are then shared with users. HIGH CONFIGURATION RISK: The security relies heavily on the `HCV_WORKER_URL` environment variable pointing to a trusted and securely configured HashiCorp Vault worker. A misconfiguration or compromise of this endpoint could lead to the exfiltration of private keys managed by the Vault worker.
Updated: 2026-01-19GitHub
39
41
Medium Cost
TocharianOU icon

mcp-server-kibana

by TocharianOU

Sec7

This server provides a Model Context Protocol (MCP) interface to Kibana, enabling natural language or programmatic access for managing saved objects, executing API requests, and querying server status, with multi-space and dual transport support.

Setup Requirements

  • ⚠️Requires `KIBANA_URL` environment variable to connect to a Kibana instance.
  • ⚠️Requires one of `KIBANA_API_KEY`, or both `KIBANA_USERNAME` and `KIBANA_PASSWORD`, or `KIBANA_COOKIES` for authentication.
  • ⚠️Using `NODE_TLS_REJECT_UNAUTHORIZED=0` disables SSL certificate validation, which is a security risk and should be used with extreme caution.
Verified SafeView Analysis
The server uses environment variables for all sensitive credentials (API Key, username/password, cookies), which is a good practice. However, it explicitly supports the `NODE_TLS_REJECT_UNAUTHORIZED=0` environment variable, which disables SSL certificate validation. This is a significant security risk if used in production or un-trusted environments without careful consideration. The new HTTP transport mode introduces an additional network attack surface, requiring proper firewall and TLS (via proxy) configuration for secure remote access.
Updated: 2025-11-19GitHub
39
14
Medium Cost
whitneyland icon

riffmcp

by whitneyland

Sec9

An MCP server that allows LLMs to play, compose, and render music.

Setup Requirements

  • ⚠️macOS only: This application is a native macOS app and will not run on other operating systems.
  • ⚠️Requires manual JSON configuration for LLM integration (e.g., Claude Desktop, Gemini CLI) to specify the application's executable path and `--stdio` argument.
Verified SafeView Analysis
The HTTP server is hardcoded to listen only on localhost (127.0.0.1), significantly reducing external attack surface. Path traversal attempts for image resources served via `/images/` are explicitly checked and prevented using `fileURL.path.hasPrefix(tempDirectory.path)`. Input JSON for music sequences and tool calls are decoded using Swift's `JSONDecoder`, which helps prevent injection vulnerabilities if the models are defined correctly. The implementation of the HTTP server is hand-rolled, which can carry inherent risks compared to battle-tested frameworks, but the current implementation appears robust for its intended local scope.
Updated: 2025-11-29GitHub
39
17
Medium Cost
stanfrbd icon

mcp-cyberbro

by stanfrbd

Sec8

A Model Context Protocol (MCP) server for Cyberbro that extracts and analyzes Indicators of Compromise (IoCs) from unstructured input, checking their reputation using multiple threat intelligence services.

Setup Requirements

  • ⚠️Requires a separate, running Cyberbro instance which this server connects to.
  • ⚠️The underlying Cyberbro instance will likely require API keys for its various threat intelligence engines (e.g., VirusTotal, Shodan, CrowdStrike, MDE) to provide full functionality.
  • ⚠️Requires Docker or a Python 3.11+ environment with `uv` or `pip` for local installation.
Verified SafeView Analysis
The server's source code is straightforward and does not contain obvious malicious patterns, 'eval' statements, or hardcoded secrets. It acts as a client to a user-configured Cyberbro instance. A potential security consideration is the `SSL_VERIFY` option, which can be disabled. While useful for local testing or self-signed certificates, setting `SSL_VERIFY` to `false` in a production environment with an untrusted `CYBERBRO_URL` could expose the connection to Man-in-the-Middle attacks. The `CYBERBRO_URL` itself is an external dependency provided by the user, so its security relies on correct deployment and configuration.
Updated: 2026-01-13GitHub
PreviousPage 98 of 713Next