Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(2689)

100
3711
Low Cost
open-webui icon

mcpo

by open-webui

Sec8

Exposes Model Context Protocol (MCP) tools as OpenAPI-compatible HTTP servers for integration with LLM agents and other applications.

Setup Requirements

  • ⚠️Requires Python 3.11+.
  • ⚠️Requires a Model Context Protocol (MCP) server command or a configuration file defining MCP servers.
  • ⚠️For OAuth 2.1 protected servers, an interactive browser authorization flow is required on the first connection.
Verified SafeView Analysis
The server's core functionality involves executing a user-provided MCP server command. While this is its intended purpose, it means that the security of the overall system is highly dependent on the trustworthiness of the `your_mcp_server_command` argument. The proxy itself implements API key authentication, configurable CORS, and OAuth 2.1 support for streamable HTTP servers. OAuth tokens are stored in plaintext on disk by default (`~/.mcpo/tokens/`), which is a common practice for local applications but could be a concern in highly sensitive environments. There are no clear indications of `eval` or other arbitrary code execution vulnerabilities within mcpo's own codebase, beyond its primary function of launching the specified MCP server.
Updated: 2025-11-25GitHub
99
829
Low Cost
tuananh icon

hyper-mcp

by tuananh

Sec9

A fast, secure Model Context Protocol (MCP) server that extends its capabilities through WebAssembly plugins, enabling AI features in applications like Cursor IDE.

Setup Requirements

  • ⚠️Requires Docker for building and distributing plugins (if developing your own).
  • ⚠️AWS credentials must be configured in the environment for S3 plugins.
  • ⚠️Relies on system keyring services for credential storage (macOS Keychain, Linux Secret Service, Windows Credential Manager).
Verified SafeView Analysis
The server leverages Extism for plugin sandboxing with configurable `allowed_hosts`, `allowed_paths`, and `memory_limit`. OCI-based plugin distribution supports Sigstore verification, crucial for supply chain security. The `insecure_skip_signature` option allows bypassing signature verification, but it is explicitly named as insecure. Authentication for registries uses system keyrings or direct credentials, preventing hardcoded secrets. Environment variable references (`${ENVVARKEY}`) in `runtime_config` are resolved by the host, which is generally acceptable for admin-controlled configurations. No `eval` or direct code injection vulnerabilities were found in the core server logic.
Updated: 2025-12-04GitHub
99
774
Low Cost
microsoft icon

wassette

by microsoft

Sec9

A secure runtime for AI agents to execute WebAssembly Components as tools via the Model Context Protocol.

Setup Requirements

  • ⚠️Requires Rust toolchain (1.90+) and `wasm32-wasip2` target for developing Rust components.
  • ⚠️Specific Node.js (18+), Python (3.10+), or Go (1.19-1.23) versions/toolchains required for developing components in those languages.
  • ⚠️Requires `wit-docs-inject` (a custom Rust tool) for embedding documentation into Wasm binaries for AI agent discovery.
  • ⚠️Many components will require external API keys (e.g., `OPENWEATHER_API_KEY`, `GITHUB_TOKEN`, `BRAVE_API_KEY`) for full functionality.
Verified SafeView Analysis
The server is built with a strong focus on security, leveraging WebAssembly's sandboxing (Wasmtime) and a deny-by-default permission model. It enforces fine-grained access control for file system, network, and environment variables via explicit policies. Detailed threat models (confused deputy, supply chain, tool poisoning) and their mitigations are documented. While some cookbook examples mention `eval()` in Python, they also include warnings about its unsafe nature for untrusted input, demonstrating awareness. No obvious hardcoded secrets or malicious patterns were found in the provided snippets.
Updated: 2025-12-01GitHub
99
1011
Medium Cost
joey-zhou icon
Sec3

Java backend for smart hardware (ESP32) devices, providing powerful backend support, an intuitive management interface, and acting as a voice-controlled intelligent assistant.

Setup Requirements

  • ⚠️Requires LLM API Keys (e.g., OpenAI, Coze, Dify, ZhiPu, Ollama) which typically incur costs.
  • ⚠️Requires Java 21+ due to its use of Project Loom's virtual threads (`Thread.startVirtualThread`).
  • ⚠️Requires external databases: MySQL for primary data storage and Redis for caching.
Review RequiredView Analysis
The WebSocketHandler currently bypasses token-based authentication in `afterConnectionEstablished` (the relevant code is commented out), relying solely on the `device-id` header/URI parameter. This is a critical vulnerability as `device-id` can be easily spoofed for public-facing deployments. The `setAllowedOrigins("*")` for WebSockets further exacerbates this risk by allowing connections from any origin. The auto-binding logic for 'user_chat_' prefixed devices and the verification code generation process in `handleUnboundDevice` also present potential attack surfaces if not rigorously secured.
Updated: 2025-12-04GitHub
99
843
Medium Cost
mongodb-js icon

mongodb-mcp-server

by mongodb-js

Sec9

The MongoDB MCP Server enables AI assistants to interact with MongoDB and MongoDB Atlas resources through natural language using the Model Context Protocol.

Setup Requirements

  • ⚠️Requires Node.js version ^20.19.0 || ^22.12.0 || >= 23.0.0.
  • ⚠️Docker Desktop must be running for Atlas Local tools to function.
  • ⚠️MongoDB Atlas API client ID and secret (`MDB_MCP_API_CLIENT_ID`, `MDB_MCP_API_CLIENT_SECRET`) are required for MongoDB Atlas tools.
  • ⚠️Voyage AI API Key (`MDB_MCP_VOYAGE_API_KEY`) is required for vector search operations with text-to-embedding conversion if the 'search' preview feature is enabled.
Verified SafeView Analysis
The server implements robust security measures including `zod` for input validation, a `Keychain` for secret management and redaction in logs, FIPS mode support, and explicit user confirmation for destructive actions. It uses `formatUntrustedData` to mitigate LLM prompt injection risks from tool outputs. Configuration overrides via HTTP headers and query parameters are possible but heavily restricted to prevent tampering with critical settings. Network exposure warnings are provided when binding the HTTP server to non-localhost addresses, highlighting a potential misconfiguration risk if not properly secured at the network level.
Updated: 2025-12-05GitHub
99
923
High Cost
jae-jae icon

fetcher-mcp

by jae-jae

Sec9

Fetch web page content using a Playwright headless browser, capable of handling dynamic JavaScript, intelligent content extraction, and parallel URL processing.

Setup Requirements

  • ⚠️Requires Playwright Chromium browser binary installation (`npx playwright install chromium`) when not using Docker, or if not pre-installed by the Docker image.
  • ⚠️Requires Node.js and npm for local execution.
  • ⚠️Playwright requires specific system dependencies for browsers on some operating systems (e.g., Linux), which can be installed using the `browser_install` tool with the `withDeps` parameter.
Verified SafeView Analysis
The server implements strong URL protocol validation (`http:` and `https:` only) to prevent Server-Side Request Forgery (SSRF) attacks. Execution of `playwright install` is via `child_process.spawn` with controlled arguments, mitigating command injection risks. The core functionality involves browsing arbitrary external URLs, which inherently carries a risk of encountering malicious web content (e.g., browser exploits), but Playwright operates in a sandboxed environment to mitigate this.
Updated: 2025-11-24GitHub
99
826
Low Cost
pathintegral-institute icon

mcpm.sh

by pathintegral-institute

Sec9

This server provides a command-line interface to manage Model Context Protocol (MCP) servers, allowing users to discover, install, configure, run, share, and monitor them.

Setup Requirements

  • ⚠️Requires Python 3.12+ (as per README)
  • ⚠️Node.js and npx are required for managing npx-based MCP servers (checked by `mcpm doctor`)
  • ⚠️Interactive prompts for configuration and client editing require a TTY-enabled terminal
Verified SafeView Analysis
The project uses `subprocess.run` and `subprocess.call` to execute external commands (`npx`, `node`, `npm`, `frpc`). This is expected for a CLI tool that orchestrates other applications. `shlex.split` is used to safely parse arguments. Network exposure via `mcpm share` is explicitly warned if authentication is disabled, and authentication (API key) is enabled by default. The `frpc` binary for tunneling is downloaded from a CDN with checksum verification. No 'eval', obfuscation, or hardcoded secrets were detected.
Updated: 2025-12-05GitHub
99
870
Low Cost
antfu icon

nuxt-mcp-dev

by antfu

Sec3

Provides a Model Context Protocol (MCP) server for Vite/Nuxt applications, offering AI models insights into the app's setup and module graphs.

Setup Requirements

  • ⚠️Explicitly marked as 'Experimental. Not ready for production.'
  • ⚠️Requires a Vite or Nuxt.js project environment.
  • ⚠️Automatically modifies editor/IDE configuration files (.cursor/mcp.json, .vscode/mcp.json, ~/.codeium/windsurf/mcp_config.json, .mcp.json) which might be unexpected.
Review RequiredView Analysis
The project is explicitly marked as 'Experimental. Not ready for production.' The server exposes an SSE endpoint and a message POST endpoint, which, if not handled carefully, could be a vector for attacks. Automatic updates to config files (`.cursor/mcp.json`, `.vscode/mcp.json`, `~/.codeium/windsurf/mcp_config.json`, `.mcp.json`) could be risky if the plugin itself is compromised or if arbitrary remote URLs are added via `updateConfigAdditionalServers`. The `toolsScaffold` function executes `nuxi` commands, and while `zod` schemas are used for input, potential command injection vulnerabilities could arise if parameters are not sufficiently sanitized before execution.
Updated: 2025-12-02GitHub
98
586
Medium Cost
laravel icon

mcp

by laravel

Sec7

Build and expose AI-compatible servers for Laravel applications using the Model Context Protocol, enabling AI clients to interact with application logic.

Setup Requirements

  • ⚠️Requires an existing Laravel application for integration.
  • ⚠️Requires `composer` for dependency management.
  • ⚠️Full OAuth features require `laravel/passport` to be installed.
  • ⚠️The `mcp:inspector` command requires Node.js and `npx` to be available in the environment.
  • ⚠️The default `mcp.redirect_domains` in `config/mcp.php` is `*`, which is insecure for OAuth in production and must be configured with specific domains.
Verified SafeView Analysis
The `InspectorCommand` executes external processes (`npx` and `php artisan`). While the `mcp:start` command validates the `handle` against registered servers, care should be taken to prevent arbitrary command injection if `handle` validation is bypassed or if non-whitelisted external commands are introduced. Additionally, the default `mcp.redirect_domains` configuration (`*`) allows arbitrary OAuth redirect URIs, which poses a significant security risk for OAuth clients in production if not explicitly narrowed down to trusted domains.
Updated: 2025-12-05GitHub
98
1575
High Cost
glidea icon

zenfeed

by glidea

Sec7

An AI-powered information hub that acts as an intelligent RSS reader, real-time news knowledge base, and personal assistant for monitoring events and delivering analysis reports.

Setup Requirements

  • ⚠️Docker and Docker Compose are required for deployment.
  • ⚠️Requires API keys for Large Language Models (LLMs), such as SiliconFlow or Google Gemini. These are not free.
  • ⚠️Lack of authentication means strict firewall/security group rules are CRITICAL to prevent API_KEY leakage if exposed to public networks.
  • ⚠️Relies on an RSSHub instance (provided in docker-compose, but needs to be functional).
  • ⚠️Content processing using LLMs can incur significant token costs.
Verified SafeView Analysis
The server lacks built-in authentication, which means exposing it directly to public networks could lead to unauthorized access and API_KEY leakage. Users are explicitly warned in the README to configure strict firewall/security group rules and are responsible for safeguarding API keys and credentials. The default `docker-compose.yml` exposes several ports (1400, 1300, 1301, 9090) that need careful management.
Updated: 2025-11-22GitHub
98
562
Low Cost
IvanMurzak icon

Unity-MCP

by IvanMurzak

Sec8

AI-powered game development assistant that bridges Large Language Models (LLMs) with Unity Editor and runtime game builds, enabling AI to control Unity via the Model Context Protocol.

Setup Requirements

  • ⚠️Unity project path cannot contain spaces.
  • ⚠️Requires installation of the separate Unity MCP Plugin into your Unity project.
  • ⚠️Requires a compatible MCP Client (e.g., Claude Code, Cursor) configured to communicate with the server.
Verified SafeView Analysis
The server's core functionality involves AI-driven C# code compilation and execution within Unity using Roslyn. This presents inherent security considerations if the AI's output is not adequately validated or sandboxed. The default HTTP port (8080) requires proper network security if exposed publicly. No hardcoded secrets were identified in the provided source code snippets.
Updated: 2025-12-06GitHub
97
505
Low Cost
YuzeHao2023 icon

Awesome-MCP-Servers

by YuzeHao2023

Sec10

A curated, community-driven list of Model Context Protocol (MCP) servers, tools, frameworks, clients, and utilities, enabling AI models to securely interact with local and remote resources.

Verified SafeView Analysis
The provided source code is a documentation repository (README files) and is inherently safe to read. It contains a critical and comprehensive security warning section for *other MCP servers* listed within the ecosystem, advising users on best practices for safe deployment and interaction, including running servers in isolated environments and limiting permissions.
Updated: 2025-12-06GitHub
PreviousPage 3 of 225Next