Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(2689)

100
1461
Medium Cost
MCPJam icon

inspector

by MCPJam

Sec7

MCPJam Inspector is a desktop and web application designed for testing, debugging, and managing Model Context Protocol (MCP) servers, serving as a 'Postman for MCP'. It allows users to connect to MCP servers, explore their tools, resources, and prompts, perform API calls, manage OAuth authentication flows, run AI model evaluations, and monitor server-side RPC traffic.

Setup Requirements

  • ⚠️Requires API keys for cloud AI providers (e.g., OpenAI, Anthropic, Google) if using their models for chat or evaluations.
  • ⚠️A local Ollama instance must be running if using Ollama models.
  • ⚠️Requires a WorkOS Client ID and Convex URL for user authentication and backend services (e.g., storing evaluation results, managing tunnels).
Verified SafeView Analysis
The Electron application implements good security practices, such as context isolation and disabling Node.js integration in renderer processes. It carefully manages new window creation, restricting external URLs to the system's default browser and explicitly allowing only internal OAuth authorization popups. The backend Hono server acts as a proxy for external OAuth and widget content. While OAuth proxying is common for desktop applications to bypass CORS, it's critical that the underlying MCP SDK and client-side logic rigorously validate target URLs to prevent Server-Side Request Forgery (SSRF) vulnerabilities. The inclusion of an ngrok-based tunnel feature, while providing functionality to expose local services, inherently increases the attack surface, though it integrates with WorkOS authentication to manage access.
Updated: 2025-12-06GitHub
100
2930
Low Cost
IBM icon
Sec9

A comprehensive Model Context Protocol (MCP) gateway and proxy that unifies REST, MCP, and A2A services, providing features like federation, virtual servers, rate-limiting, security, and an optional admin UI for managing web content and file conversions to markdown.

Setup Requirements

  • ⚠️Requires Python 3.11+ (or 3.10 minimum)
  • ⚠️OCI images (Docker/Podman) do not support ARM64 platforms (e.g., Apple Silicon)
  • ⚠️Building Rust plugins requires Rust toolchain and maturin
  • ⚠️Database migration required for v0.7.0+ (with backup recommended)
  • ⚠️SQLite `disk I/O error` common on macOS without specific configuration
Verified SafeView Analysis
The project demonstrates strong security practices, including extensive input validation (SQL, XSS, URI patterns) via `SecurityValidator` and Pydantic schemas, robust authentication (JWT, OAuth 2.0 DCR, SSO, RBAC), encrypted credential storage (using Argon2id and Fernet), configurable security headers (CSP, HSTS, X-Frame-Options), and a secure Python sandbox for code execution. Rust-accelerated plugins offer memory safety guarantees. Hardcoded secrets are generally default placeholders in `.env.example` or `docker-compose.yml` with clear guidance to change them, and validation enforces strong secrets in production.
Updated: 2025-12-05GitHub
100
5990
Low Cost
modelcontextprotocol icon

registry

by modelcontextprotocol

Sec9

The MCP registry provides MCP clients with a list of MCP servers, acting as an app store for MCP servers by cataloging their metadata.

Setup Requirements

  • ⚠️Requires Docker for local development (via docker-compose) or Kubernetes (via Pulumi for deployment)
  • ⚠️Go 1.24.x, ko, and golangci-lint v2.4.0 are prerequisites for local development
  • ⚠️Deployment to cloud (GCP) requires Pulumi CLI, a GCP account, and a GCP Service Account with specific IAM roles configured
Verified SafeView Analysis
The project demonstrates strong security awareness. Hardcoded secrets are explicitly confined to local development configurations (docker-compose.yml defaults), with production deployments leveraging Pulumi's secure secret management (e.g., secure: v1:...). Authentication relies on robust methods like GitHub OAuth/OIDC and cryptographically verified DNS/HTTP challenges, with cloud KMS/Key Vault integration available for key signing. The `mcp-publisher` CLI includes explicit warnings about potential command injection risks if users are not careful with input, showing good transparency. Network communications for external API calls are standard. The server's API itself is a metadata registry, reducing direct execution risks, and includes input validation and size limits for publisher-provided data.
Updated: 2025-12-05GitHub
100
32300
Medium Cost
1Panel-dev icon

1Panel

by 1Panel-dev

Sec7

1Panel is a web-based Linux server management tool providing host monitoring, file/database/container/LLM management, rapid website deployment, application store, and backup/restore functionalities.

Setup Requirements

  • ⚠️Requires a Linux server with `curl` and `bash` for installation, often requiring `sudo` privileges.
  • ⚠️Heavily integrates with Docker for container management and application deployment, so Docker must be installed and running.
  • ⚠️A 'Pro Edition' is available with enhanced features like WAF, website tamper protection, and GPU monitoring, implying certain advanced functionalities are not open-source.
  • ⚠️Different installation scripts exist for Chinese and international users, potentially leading to varied feature sets.
Verified SafeView Analysis
As a server management panel, 1Panel inherently requires broad system access and can be a high-value target for attackers. The code demonstrates an understanding of security, implementing features like firewall management, log auditing, and containerization to isolate applications. However, certain operations, such as executing shell commands via `eval` (as seen in `agent/utils/terminal/local_cmd.go`), are fundamental to a server management tool's functionality but also present potential risks if user input is not meticulously sanitized. The project includes a `SECURITY.md` for vulnerability reporting, which is a good practice. Overall, while built with security features, the security posture largely depends on proper user configuration (e.g., strong passwords, MFA, network access control) and vigilance against new vulnerabilities.
Updated: 2025-12-06GitHub
100
1983
Low Cost
cyberagiinc icon

DevDocs

by cyberagiinc

Sec6

Provides intelligent web crawling and documentation extraction, storing content in a Model Context Protocol server for LLM querying and accelerating developer research.

Setup Requirements

  • ⚠️Docker required
  • ⚠️Requires internet for web crawling
  • ⚠️Crawl4AI API Token needed (demo key provided, but production use would require a real one)
  • ⚠️Python 3.10+ and Node.js 18+ environments needed (managed by Docker)
Verified SafeView Analysis
The `app/api/debug/route.ts` endpoint executes a local shell script (`debug_crawl4ai.sh`) via `child_process.exec`. While intended for debugging and the script doesn't take user input to form commands, direct execution of local scripts via web endpoints is a significant risk. The `debug_crawl4ai.sh` script also logs `CRAWL4AI_API_TOKEN` (defaulting to a "devdocs-demo-key") in its output, which could be exposed via the `/api/debug` endpoint. Additionally, the `docker-start.sh` script sets overly permissive `chmod -R 777` permissions on `logs`, `storage`, and `crawl_results` directories, which is acceptable for local development but highly insecure for production. Path traversal vulnerabilities in file storage and download endpoints appear well-mitigated. The MCP server itself uses stdio, reducing network attack surface, but its `search_files` tool (if `use_regex` is enabled and user input isn't validated) could be vulnerable to ReDoS without further inspection of `MarkdownStore` (which is summarized).
Updated: 2025-12-03GitHub
100
8274
Low Cost
D4Vinci icon

Scrapling

by D4Vinci

Sec7

Enables AI chatbots and agents to perform adaptive web scraping, extract targeted data, and bypass anti-bot protections conversationally.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Requires installation of browser dependencies (`scrapling install`), which downloads Chromium/Firefox and may require system-level dependencies.
  • ⚠️MCP server setup involves manual configuration in AI chatbot settings (e.g., Claude Desktop config file, Claude Code CLI).
Verified SafeView Analysis
The tool is designed for web scraping, which inherently involves interacting with external websites and potentially bypassing anti-bot measures. The `page_action` argument in browser fetchers allows arbitrary Python functions to be executed on the browser page object, which could be misused if not carefully controlled by the user providing the function. However, the library does not use dangerous patterns like `eval` on unsanitized input or hardcoded secrets in the provided snippets. It explicitly advises users on ethical scraping practices (robots.txt, rate limits, terms of service, privacy, copyright) in its documentation.
Updated: 2025-12-05GitHub
100
3683
Medium Cost
sooperset icon

mcp-atlassian

by sooperset

Sec9

Provides an MCP server for integrating with Atlassian Jira and Confluence, enabling an agent to interact with these services for tasks like searching, creating, updating, and managing content and issues.

Setup Requirements

  • ⚠️Requires active Jira and/or Confluence accounts with API access (Cloud or Server/Data Center).
  • ⚠️Authentication requires configuration of API tokens (JIRA_API_TOKEN, CONFLUENCE_API_TOKEN, JIRA_PERSONAL_TOKEN, CONFLUENCE_PERSONAL_TOKEN) or OAuth 2.0 (ATLASSIAN_OAUTH_CLIENT_ID, etc.).
  • ⚠️For 'Real API Tests', dedicated test projects/spaces in Jira/Confluence must be created, and corresponding API tokens generated and configured.
  • ⚠️A Python environment with 'uv' (or `pip install` and then `python -m mcp_atlassian`) is expected for running the server and tests.
Verified SafeView Analysis
The project adheres to good security practices by using environment variables for sensitive credentials and integrating 'keyring' for OAuth token storage. It also includes logging mechanisms with sensitive data masking. The default host binding to '0.0.0.0' is standard for servers but requires proper network isolation (e.g., firewall, proxy) in production environments to prevent unintended exposure. No direct hardcoded secrets, `eval`, or obfuscation found in the truncated code.
Updated: 2025-11-26GitHub
100
3246
Medium Cost
Pimzino icon
Sec8

Model Context Protocol (MCP) server for structured, spec-driven software development with real-time dashboard and VSCode extension integration.

Setup Requirements

  • ⚠️Requires Node.js and npm/npx to run the server or dashboard.
  • ⚠️Needs an explicit project path as an argument (or uses current working directory).
  • ⚠️For a graphical interface, a separate, single dashboard instance must be started and kept running (e.g., `spec-workflow-mcp --dashboard`).
  • ⚠️Specific setup required for Windows (`cmd.exe /c "npx ..."`) or isolated environments (using `SPEC_WORKFLOW_HOME` environment variable).
Verified SafeView Analysis
The server is primarily designed for local/controlled environments. It performs file system operations (creating/modifying spec documents, logs, approvals) within a designated project workflow directory. Input validation for paths is crucial. Default binding to localhost limits external network exposure. No 'eval' or obvious code obfuscation found. Cleanup automation jobs interact with file system, requiring careful configuration.
Updated: 2025-12-05GitHub
100
1942
Low Cost
AmoyLab icon

Unla

by AmoyLab

Sec9

A lightweight and highly available gateway service that converts existing MCP Servers and APIs into services compliant with the MCP Protocol through configuration.

Setup Requirements

  • ⚠️Requires Docker for quick setup; alternative deployments like Kubernetes/Helm are also supported.
  • ⚠️Critical environment variables (e.g., APISERVER_JWT_SECRET_KEY, SUPER_ADMIN_PASSWORD) must be set with secure, random values, as the default values are placeholders.
  • ⚠️Router prefixes must start with the configured tenant prefix, ensuring logical access control within the multi-tenant architecture.
Verified SafeView Analysis
The project uses environment variables for sensitive data like JWT secrets and admin passwords, which is good practice. Authentication (JWT, OAuth) and authorization are implemented. Templating for requests/responses (e.g., `{{args.xxx}}`) is handled by Go's `text/template`, which is generally safe against code injection. The ability to import OpenAPI specifications is powerful but relies on the integrity of the imported spec; the gateway's parsing and routing logic needs to be robust to prevent exploits from malformed specs. CORS configuration is explicitly handled.
Updated: 2025-12-04GitHub
100
2879
High Cost
browserbase icon
Sec7

Provides cloud browser automation capabilities, enabling LLMs to interact with web pages, take screenshots, extract information, and perform automated actions.

Setup Requirements

  • ⚠️Requires Browserbase API Key and Project ID (Browserbase is a paid service).
  • ⚠️Requires a Gemini API Key (or other LLM API Key if a custom model is configured).
  • ⚠️Certain features like '--advancedStealth' require specific Browserbase pricing plans.
Review RequiredView Analysis
The server avoids direct 'eval' or hardcoded secrets, relying on environment variables for sensitive API keys. However, its core functionality involves giving LLMs autonomous control over a browser session based on user prompts. This inherently carries security risks such as potential for prompt injection, navigating to malicious sites, or performing unintended actions if the LLM or user input is not fully trusted. While the implementation itself appears robust for its intended purpose, the powerful nature of web automation via AI agents necessitates careful oversight of LLM behavior and input sanitization by the client application.
Updated: 2025-12-06GitHub
100
11161
Low Cost
tadata-org icon

fastapi_mcp

by tadata-org

Sec9

Automatically converts FastAPI endpoints into Model Context Protocol (MCP) tools for seamless integration with LLM agents.

Setup Requirements

  • ⚠️Requires Python 3.10+ (Python 3.12+ recommended).
  • ⚠️FastAPI routes should ideally define explicit `operation_id` for clearer MCP tool names.
  • ⚠️OAuth authentication (if configured with `AuthConfig`) requires providing client IDs/secrets and potentially proxying external OAuth provider URLs, with security depending on the trustworthiness of the external OAuth service.
Verified SafeView Analysis
The library primarily uses secure practices, including ASGI transport for internal FastAPI communication and `httpx` for external HTTP requests. OAuth proxying features rely on user-provided URLs (e.g., `metadata_url`, `authorize_url`), which places the responsibility for trusting external services on the developer. No 'eval' or direct malicious patterns were identified in the source code.
Updated: 2025-11-24GitHub
100
24021
Medium Cost
microsoft icon

playwright-mcp

by microsoft

Sec4

A Model Context Protocol (MCP) server enabling LLMs to automate browser interactions through structured accessibility snapshots, bypassing traditional vision models.

Setup Requirements

  • ⚠️Requires Node.js 18 or newer.
  • ⚠️The Chrome Extension for `--extension` mode requires manual download and 'Load unpacked' installation, as it's not from a store.
  • ⚠️Bypassing the extension's connection dialog requires configuring the `PLAYWRIGHT_MCP_EXTENSION_TOKEN` environment variable, which must be kept secret and only used with trusted MCP clients.
Review RequiredView Analysis
The server itself, when running in its default mode, leverages Playwright's sandboxed browser environments. However, the browser extension component, especially when combined with the `--extension` flag and `PLAYWRIGHT_MCP_EXTENSION_TOKEN`, grants an external Model Context Protocol (MCP) client full debugger access to the user's active browser profile. This allows the client to inject arbitrary Chrome DevTools Protocol (CDP) commands, posing a critical risk of full browser compromise, including access to all logged-in sessions and sensitive data. While there's an interactive approval dialog, the token mechanism bypasses this. The explicit configuration options (`allowedOrigins`, `blockedOrigins`) for network requests are noted as *not* a security boundary. Running this tool requires extreme caution and absolute trust in the MCP client and relay server.
Updated: 2025-12-05GitHub
PreviousPage 2 of 225Next