Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

39
11
Low Cost
taiga-family icon

taiga-ui-mcp

by taiga-family

Sec9

Provides AI assistants with comprehensive access to Taiga UI components and documentation, enabling AI-powered development workflows through a Model Context Protocol (MCP) server.

Setup Requirements

  • ⚠️Requires Node.js 18 or newer.
  • ⚠️Requires an MCP client (e.g., VS Code, Cursor, Claude Desktop).
  • ⚠️A `--source-url` argument or `SOURCE_URL` environment variable is mandatory for the server to fetch documentation content; without it, the server will error during startup.
Verified SafeView Analysis
The server fetches documentation content from a user-provided URL (via `--source-url` argument or `SOURCE_URL` environment variable). While the server itself does not execute code from this source, an untrusted or malicious source could potentially supply extremely large or malformed data, which could lead to resource exhaustion or unexpected parsing behavior. However, the parsing logic (in `parseContent`) is simple, primarily extracting markdown headers and basic metadata, minimizing the risk of code injection. The server communicates via standard I/O (stdio), reducing external network attack surfaces. No `eval` or `child_process` usage was found.
Updated: 2026-01-19GitHub
39
22
Medium Cost
timescale icon
Sec9

Provides LLMs with tools to semantically search Salesforce case summaries and retrieve detailed case information from a TimescaleDB database.

Setup Requirements

  • ⚠️Requires an OpenAI API Key (Paid) for semantic embedding generation.
  • ⚠️Requires TimescaleDB database credentials (PGHOST, PGDATABASE, PGPORT, PGUSER, PGPASSWORD) for data access.
  • ⚠️Relies on a pre-existing data pipeline (Salesforce via Fivetran to TimescaleDB) for its operational data.
Verified SafeView Analysis
The server uses environment variables for sensitive credentials (database, OpenAI API key) and Kubernetes secrets for deployment, which are good practices. There are no obvious hardcoded secrets or malicious patterns in the provided source code snippets. Standard database and network security best practices should be followed for the TimescaleDB and Salesforce connections.
Updated: 2026-01-07GitHub
39
16
Medium Cost
Adyen icon

adyen-mcp

by Adyen

Sec8

Integrates with Adyen APIs for payment processing, terminal management, account management, and legal entity onboarding, accessible via LLM function calling.

Setup Requirements

  • ⚠️Requires a valid Adyen API Key associated with a webservice user that has specific, limited roles matching the desired tools (e.g., 'Management API - Accounts Read', 'Checkout Webservice Role').
  • ⚠️When using the 'LIVE' environment, a '--livePrefix' URL is mandatory and must be provided.
  • ⚠️Requires Node.js version 18 or higher.
Verified SafeView Analysis
The server uses Zod for input argument validation, which is a strong measure against injection vulnerabilities. API keys are expected to be provided via command-line arguments or securely injected environment variables (as shown in Codespaces examples), preventing hardcoding. The `StdioServerTransport` limits its network attack surface to local process communication. Error handling by stringifying exceptions might expose some internal error details, but this is a low information leakage risk, not a critical execution vulnerability.
Updated: 2026-01-19GitHub
39
6
Low Cost
tmonk icon
Sec8

A VS Code compatible extension that enables running Stata code directly from the editor, displaying output and graphs, and allowing AI agents to interact with Stata through an MCP server backend.

Setup Requirements

  • ⚠️Requires Stata 17+ installed locally (Mac OS, Windows, or Linux).
  • ⚠️Requires 'uv' (uvx) CLI tool on PATH; the extension attempts to automatically install it locally if missing.
  • ⚠️Relies on 'mcp-stata' backend, which is automatically installed/refreshed by the extension using 'uvx'.
Verified SafeView Analysis
The extension's core functionality involves executing user-provided Stata code via a local backend (mcp-stata) that wraps the Stata executable. This is an inherent risk of a code execution tool but is handled in a controlled environment. The extension uses `child_process.spawnSync` for `uvx` installation/verification and `fs.writeFileSync`/`fs.readFileSync` for managing MCP configuration files and temporary scripts in expected locations. Network communication is primarily with a local MCP server (localhost). Content Security Policy (CSP) is used in webviews. No obvious hardcoded secrets were found.
Updated: 2026-01-19GitHub
39
7
High Cost
leandrogavidia icon

solx402-mcp-server

by leandrogavidia

Sec3

The SOLx402 MCP Server enables AI assistants to interact with the x402 payment protocol on Solana, providing tools for service discovery, consumption, USDC payments, and access to Solana development resources.

Setup Requirements

  • ⚠️Requires MCP client to be configured with a minimum request timeout of 60,000ms (60 seconds) to prevent payment issues and service consumption failures.
  • ⚠️Requires a Base58-encoded Solana wallet private key (`privateKey`) as a mandatory configuration parameter.
  • ⚠️Requires a Solana mainnet RPC URL (`mainnetRpcUrl`) as a mandatory configuration parameter.
Review RequiredView Analysis
The server design requires passing the Solana wallet's private key (Base58-encoded) via URL query parameters. While the `smithery.yaml` marks this as `x-secret: true`, passing sensitive credentials like a private key directly in a URL query parameter is a significant security risk. Query parameters can be logged by proxies, web servers, and appear in browser history or referrer headers, potentially exposing the private key. A more secure method would involve environment variables or a secure secret management system where the key is never transmitted directly in the URL.
Updated: 2025-12-10GitHub
39
8
Medium Cost
ssdeanx icon

AgentStack

by ssdeanx

Sec4

A versatile backend for hosting and orchestrating multiple specialized AI agents and workflows within the Mastra framework, facilitating agent-to-agent (A2A) coordination, code-centric development tasks, knowledge management (notes), and integration with various external services. It supports evaluation of agent performance and policy-driven access control.

Setup Requirements

  • ⚠️Requires multiple API keys for external services (Google AI, GitHub, Alpha Vantage, Finnhub, Polygon, Serpapi).
  • ⚠️Relies on external E2B sandboxing for isolated code execution, typically requiring an E2B account and API key (`E2B_API_KEY`).
  • ⚠️Requires a PostgreSQL database with `pgVector` extension for memory and RAG, implying `PGHOST`, `PGUSER`, `PGDATABASE`, `PGPASSWORD`, `PGPORT` environment variables.
  • ⚠️Local `git` and `pnpm` commands are executed, meaning a compatible local environment is necessary.
  • ⚠️`Playwright-core` for browser automation in some tools implies a Chromium installation.
Review RequiredView Analysis
The `calculatorTool` (src/mastra/tools/calculator.tool.ts) uses `mathjs.evaluate()` directly with user-provided `expression` and `variables`. This is a critical code execution vulnerability if inputs are not strictly sanitized by upstream agents or components, as `mathjs.evaluate` is designed to execute arbitrary code. While other tools implement input validation (Zod) and external code execution is sandboxed (E2B), this specific tool poses a severe risk. Other tools using `execa` (for Git, pnpm) and `crawlee` (for web scraping) require careful input handling and configured allowed domains to prevent command injection or SSRF/content abuse.
Updated: 2026-01-16GitHub
39
7
High Cost
strato-space icon

media-gen-mcp

by strato-space

Sec9

Centralized Model Context Protocol (MCP) server for generating and editing images and videos via OpenAI (DALL-E, Sora) and Google GenAI (Veo), with local media fetching and processing.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid API) for OpenAI image and video generation tools.
  • ⚠️Requires Google API Key (Paid API) or Google Cloud Vertex AI configuration for Google GenAI video tools.
  • ⚠️File system access for reading and writing media is strictly limited to directories configured via `MEDIA_GEN_DIRS`. This must be properly set up for local file operations and storage.
  • ⚠️Image processing features like resizing and format conversion rely on the optional 'sharp' dependency. If 'sharp' is not installed, these features will be unavailable, and the server will fall back to basic image handling.
Verified SafeView Analysis
The server employs robust local file system access controls via `MEDIA_GEN_DIRS` and URL filtering via `MEDIA_GEN_URLS`, preventing arbitrary file reads/writes and unrestricted external network requests. API keys are loaded securely from `secrets.yaml` or environment variables, with logging sanitization to prevent accidental exposure in logs. No `eval` or code obfuscation patterns were found. Proper environment sandboxing is recommended for production deployment.
Updated: 2026-01-10GitHub
39
15
Medium Cost
tosin2013 icon
Sec7

Facilitates architectural decision record (ADR) analysis, content security, deployment and environment analysis, and architectural governance using advanced prompting techniques (GKP, APE, Reflexion) and knowledge graph management to automate and improve development workflows.

Setup Requirements

  • ⚠️Requires a Node.js environment (v18+ recommended).
  • ⚠️Requires Python 3.11 for Ansible-based testing components.
  • ⚠️Requires building the server executable via `npm run build` before running.
  • ⚠️Requires an `OPENROUTER_API_KEY` (or equivalent for OpenAI/Anthropic) for AI execution, which is a paid service.
  • ⚠️Advanced ADR Aggregator features may require a paid subscription.
  • ⚠️Execution of AI-generated deployment scripts via `bootstrapValidationLoop` requires explicit human approval for each plan.
  • ⚠️Potential for high token costs if not using CE-MCP (token-optimized) mode for AI interactions.
Verified SafeView Analysis
The server includes LLM-Managed Cloud/Database Management tools (`llmCloudManagement`, `llmDatabaseManagement`) that generate and execute commands. Currently, command execution is explicitly *simulated*, which acts as a critical safety measure. Direct execution of LLM-generated commands (if enabled in the future) poses a high risk of Remote Code Execution (RCE) if not rigorously sandboxed and audited. The `bootstrapValidationLoop` tool executes AI-generated shell scripts, but this is mitigated by a mandatory human review and approval step for the generated deployment plan (ADR). Sensitive information detection and masking are core security features of the `content-masking-tool`, enhancing data privacy. Hardcoded secrets are actively detected and flagged by `TreeSitterAnalyzer` and `gitleaks-detector` utilities, indicating a proactive approach to security.
Updated: 2026-01-19GitHub
39
12
Low Cost
keithrbennett icon

cov-loupe

by keithrbennett

Sec7

Provides an MCP server, CLI, and Ruby library for analyzing SimpleCov test coverage data, primarily to enable AI assistants to query and report on codebase coverage.

Setup Requirements

  • ⚠️Requires Ruby >= 3.2 (due to `mcp` gem dependency).
  • ⚠️Requires a SimpleCov-generated `.resultset.json` file.
  • ⚠️Requires `simplecov` gem >= 0.21 for multi-suite merging.
  • ⚠️The `validate` tool/command executes arbitrary Ruby code; only use with trusted input.
Verified SafeView Analysis
The `validate` tool/command, utilizing `PredicateEvaluator`, executes arbitrary Ruby code via `instance_eval` from either a code string or a file. This is a significant security risk if untrusted input is provided to this specific tool/command, as it grants full system privileges. The source code and documentation explicitly highlight this danger. Other tools do not present such a direct code execution risk. No hardcoded secrets or apparent obfuscation were found. Network risks from the core MCP server are minimal as it uses stdio transport, but external commands executed by malicious predicates could pose network threats.
Updated: 2026-01-19GitHub
39
16
Medium Cost
maquina-app icon

nvim-mcp-server

by maquina-app

Sec8

Enables LLMs to interact with Neovim instances to query open files and modify buffer content via the Model Context Protocol.

Setup Requirements

  • ⚠️Requires a running Neovim instance configured to listen on a Unix socket (e.g., `/tmp/nvim-{project_name}.sock`).
  • ⚠️Users of Ruby version managers (like rbenv or RVM) integrating with clients like Claude Desktop may need to create a symbolic link for the Ruby executable.
  • ⚠️The `project_name` parameter for tools must accurately match the name used when configuring the Neovim socket.
Verified SafeView Analysis
The server primarily communicates with Neovim instances via Unix sockets, an IPC mechanism that requires local access. It grants LLMs the capability to read buffer lists and replace buffer content, which are powerful operations but are within the explicit scope of an editor agent. The `update_buffer` tool can write arbitrary content to files open in Neovim, but this is the intended functionality and not a vulnerability in the server itself. HTTP mode with `--bind-all` allows network access, but the README explicitly mentions built-in security features (origin validation, IP filtering) and warns about use on trusted networks. No `eval` or direct shell execution of untrusted input is observed in the provided code snippets. The server appears to correctly contain its actions within the Neovim API.
Updated: 2025-12-01GitHub
39
18
High Cost
jalpp icon
Sec7

Provides advanced chess analysis, game review, and interactive training capabilities to large language models via the Model Context Protocol.

Setup Requirements

  • ⚠️Requires Node.js 22+.
  • ⚠️LICHESS_API_KEY (optional, but required for Lichess study tools) must be a Personal Access Token (PAT) with `study:read` permission from Lichess.
  • ⚠️CHESSBOARD_MAGIC_PAT (optional, but required for Chessboard Magic tools) must be obtained from chessboardmagic.com.
  • ⚠️Relies on external APIs for Stockfish, neural network, and database queries; availability and performance of these third-party services are external factors.
Verified SafeView Analysis
The server relies on multiple external APIs for core functionality, including Stockfish, Leela Chess Zero (LC0), Maia2, ChessDB, and Chessboard Magic. These external dependencies introduce risks related to service availability, performance, and trust in third-party infrastructure. While authentication tokens (LICHESS_API_KEY, CHESSBOARD_MAGIC_PAT) are handled via environment variables/user config (good practice), the integrity and uptime of these external services are beyond the control of the local server instance. No 'eval' or obvious malicious code patterns were found in the provided source.
Updated: 2026-01-08GitHub
39
8
Medium Cost
KSAklfszf921 icon

kolada-mcp-server

by KSAklfszf921

Sec9

Connects LLMs to a comprehensive database of 5,000+ Key Performance Indicators (KPIs) and statistics for all Swedish municipalities and regions.

Setup Requirements

  • ⚠️LLM client must support Model Context Protocol (MCP).
  • ⚠️Data provided is specific to Swedish municipalities and regions.
  • ⚠️The upstream Kolada API has rate limits (5 requests/second), and while the server implements retry logic and rate limiting, very high concurrent usage might still experience delays or errors.
Verified SafeView Analysis
The server implements robust security practices including automatic security scanning (CodeQL, GitGuardian, TruffleHog, Bearer SAST, Dependabot, npm audit), strict dependency management, API rate limiting, and explicit handling of sensitive values via environment variables. All exposed tools are designed to be read-only, fetching public data from the Kolada API, which inherently reduces the attack surface. While the remote server endpoints are explicitly open access without authentication, this aligns with its public data provision purpose and the read-only nature of its tools. No 'eval' or similar dangerous patterns are used without clear justification. The `SECURITY.md` provides clear guidelines for reporting vulnerabilities and internal security measures.
Updated: 2026-01-19GitHub
PreviousPage 99 of 713Next