Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

39
7
Medium Cost
isakskogstad icon

Skolverket-MCP

by isakskogstad

Sec9

Provides AI assistants access to Skolverket's open APIs (Curriculum, School Units, Planned Educations) to search, find, compare, and analyze educational data and statistics.

Setup Requirements

  • ⚠️Requires Node.js version 18.0.0 or higher.
  • ⚠️For local installation with clients like Claude Desktop or OpenAI Codex, an absolute path to the 'dist/index.js' file is required in client configurations.
  • ⚠️While Skolverket APIs are generally open, the server supports an optional SKOLVERKET_API_KEY environment variable. If the upstream APIs were to require authentication, this would become a critical setup step.
Verified SafeView Analysis
The server correctly uses environment variables for API keys and redacts sensitive headers in logs. It employs robust error handling, request tracing, and configurable retries/timeouts for external API calls using Axios. CORS is enabled for all origins, which is standard for public APIs but allows access from any domain. No 'eval' or obvious malicious patterns were found. Logging is structured and directed to stderr for console output, which is crucial for MCP servers to prevent mixing logs with tool output.
Updated: 2025-12-08GitHub
39
8
High Cost
Pantheon-Security icon

notebooklm-mcp-secure

by Pantheon-Security

Sec9

Provides programmatic access and management of NotebookLM and Google Gemini for AI agents, offering deep research capabilities, document analysis, and comprehensive compliance and security features.

Setup Requirements

  • ⚠️Requires manual Google Account login via a browser window ('setup_auth') for NotebookLM access, which can be a point of friction.
  • ⚠️Requires a 'GEMINI_API_KEY' environment variable to enable Gemini Deep Research and Document API features, and these premium features may incur costs.
  • ⚠️NotebookLM has strict daily query quotas (e.g., 50 queries/day for free accounts), leading to potential 'RateLimitError' unless a Google AI Pro/Ultra account is used.
Verified SafeView Analysis
The server demonstrates an exceptionally strong focus on security and compliance, implementing a wide array of features including post-quantum encryption, certificate pinning, input/output validation (e.g., prompt injection, suspicious URLs), secure session management, tamper-evident audit logging, secrets scanning, breach detection, incident management, data retention, and secure data erasure with wiping. Input validation for URLs and session IDs helps mitigate common injection risks. The extensive compliance framework for GDPR, SOC2, and CSSF is well-integrated. The main security consideration is the reliance on browser automation (Patchright/Chromium) for NotebookLM interactions, which, while handled with robust isolation and stealth measures, introduces an inherent attack surface compared to pure API-based interactions. No 'eval' or obfuscation was found, and no hardcoded secrets were identified.
Updated: 2026-01-15GitHub
39
9
Low Cost
kdpa-llc icon

local-skills-mcp

by kdpa-llc

Sec9

Enables LLMs and AI agents to access expert skills stored locally on the filesystem, utilizing lazy loading for context-efficient interaction via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Node.js version 18+ to run.
  • ⚠️When installed locally (not globally), the MCP client configuration requires an absolute path to the `dist/index.js` binary.
  • ⚠️Requires a separate MCP-compatible client (e.g., Claude Code, Claude Desktop, Cline) to interact with the server.
Verified SafeView Analysis
The server primarily operates on local files via stdio, minimizing network attack surface. It does not use `eval` or obvious obfuscation. Skill content (`SKILL.md`) is read and relayed, not executed by the server itself; the AI client interprets the content. Path traversal attempts during skill loading are handled by reporting a 'skill not found' error. The primary security consideration is trusting the source of the `SKILL.md` files, as malicious text content could theoretically influence an AI. The project includes a `SECURITY.md` and `CODE_OF_CONDUCT.md`.
Updated: 2026-01-19GitHub
39
2
Medium Cost
doITmagic icon

rag-code-mcp

by doITmagic

Sec9

Provides AI-ready semantic code search and RAG capabilities for various programming languages to AI assistants, running entirely locally.

Setup Requirements

  • ⚠️Requires Docker for Qdrant and Ollama (by default), or pre-installed local Ollama and a remote/local Qdrant instance.
  • ⚠️Minimum 16GB RAM and 4 CPU cores are required for smooth operation, with more recommended for larger codebases or better performance.
  • ⚠️AI assistants like GitHub Copilot require VS Code 1.95+ for integration.
Verified SafeView Analysis
The server is designed for 100% local operation, significantly reducing external network attack surfaces. It primarily interacts with local Ollama and Qdrant instances. File system access for code analysis is expected for its functionality, but no dynamic code execution (`eval`-like mechanisms) from user input are observed. The installer requires broad system permissions for Docker setup and binary installation, which is a standard pattern for such tools. Input validation is performed for tool arguments, mitigating some injection risks.
Updated: 2025-11-26GitHub
39
15
Low Cost
jakub-k-slys icon

n8n-operator

by jakub-k-slys

Sec7

Automates the deployment and management of n8n workflow automation instances on Kubernetes clusters.

Setup Requirements

  • ⚠️Requires access to a Kubernetes cluster and `kubectl` with sufficient permissions (e.g., cluster-admin for installation).
  • ⚠️Requires an external PostgreSQL database; the operator does not provision the database for n8n instances.
  • ⚠️Building from source requires building and pushing the operator's Docker image to a registry accessible by the Kubernetes cluster.
Verified SafeView Analysis
The operator's own container (`controller-manager`) is configured with strong security contexts (`runAsNonRoot: true`, `allowPrivilegeEscalation: false`, `capabilities: drop: ALL`). However, the `ServiceMonitor` configuration for Prometheus metrics (used by the operator to monitor n8n instances) defaults to `insecureSkipVerify: true` in its TLS configuration. This poses a significant security risk for metrics communication, making it vulnerable to Man-in-the-Middle attacks. Users should configure proper TLS certificate verification for production monitoring setups.
Updated: 2026-01-17GitHub
39
11
Medium Cost
desplega-ai icon

qa-use

by desplega-ai

Sec8

Provides comprehensive browser automation and QA testing capabilities, integrating with a backend platform for automated tests, interactive debugging, and batch test execution.

Setup Requirements

  • ⚠️Requires `QA_USE_API_KEY` to be set as an environment variable or in `~/.qa-use.json` for most functionalities.
  • ⚠️Playwright's Chromium browser is required and automatically installed by the `ensure_installed` tool.
  • ⚠️Node.js version 20 or newer is required.
  • ⚠️Running in `tunnel` mode exposes a local browser instance to the public internet via localtunnel, requiring caution.
  • ⚠️Vercel deployments have a 60-second execution limit, which may prematurely terminate long-running sessions in HTTP/SSE mode.
Verified SafeView Analysis
The HTTP server enables CORS with `Access-Control-Allow-Origin: *`, which can be a risk for non-public deployments, though it's common for client-server protocols. The `tunnel` mode exposes a local browser instance publicly, an inherent risk that requires user awareness. The server executes commands from an external API (`desplega.ai`), which could lead to RCE if the API or commands are compromised. No `eval` or obvious hardcoded secrets found; API keys are expected from environment variables or a config file. Strong bearer token authentication is implemented for HTTP mode.
Updated: 2026-01-15GitHub
39
99
Medium Cost
cyberbuff icon
Sec8

An MCP server providing tools to search, validate, refresh, and optionally execute Atomic Red Team security tests for threat emulation and security development.

Setup Requirements

  • ⚠️Requires `uv` or Docker for easy installation; otherwise, manual Python environment setup is needed.
  • ⚠️The `execute_atomic` tool is disabled by default; enabling it (`ART_EXECUTION_ENABLED=true`) allows potentially dangerous security tests to run on the host system.
  • ⚠️The remote server option (e.g., on Railway) is on a free tier and may go offline due to usage limits.
Verified SafeView Analysis
The server's core functionality involves accessing and optionally executing security tests. By default, the `execute_atomic` tool is disabled, which significantly reduces the immediate security risk. When `ART_EXECUTION_ENABLED` is set to `true`, the server can execute commands on the host system via `atomic-operator`. This capability is inherently dangerous and, if exposed to untrusted environments, could lead to system compromise. However, the project explicitly warns users about this risk in the README and logs, advising use only in controlled, isolated environments. Authentication (`ART_AUTH_TOKEN`) is supported for remote deployments, and input validation is implemented for resource paths (`file://documents/{technique_id}`) to prevent path traversal. No hardcoded secrets or obvious malicious patterns were found. The primary security risk arises from user misconfiguration by enabling execution without proper isolation or authentication.
Updated: 2025-12-26GitHub
39
9
Medium Cost
angoran icon

git-netai

by angoran

Sec8

Provides a unified, asynchronous Model Context Protocol (MCP) server for managing multi-platform network infrastructure (routers, firewalls, WiFi, monitoring, data centers) via a single AI-accessible API.

Setup Requirements

  • ⚠️Requires Python 3.12 or higher.
  • ⚠️Requires UV package manager for dependency management.
  • ⚠️Requires an MCP-compatible client (e.g., Claude Desktop, Warp AI) to interact with the server's exposed tools.
Verified SafeView Analysis
The project uses `.env` files for local credential management and provides clear guidelines for production secret management using tools like 1Password CLI. However, it defaults to `known_hosts=None` for SSH connections and `VERIFY_SSL=false` for some API connectors (APIC, NDFC, Aruba) in development, explicitly stating these are not suitable for production and require strict validation. This clear documentation mitigates the risk, but the default insecure options for development lower the score slightly. No 'eval' or obvious code injection vulnerabilities were found.
Updated: 2026-01-19GitHub
39
10
High Cost

mcp-ssh-manager

by bvisible

Sec8

Manages remote SSH servers via the Model Context Protocol (MCP), enabling AI assistants like Claude Code and OpenAI Codex to execute commands, transfer files, monitor health, and automate DevOps tasks.

Setup Requirements

  • ⚠️Requires Node.js v18+, npm, Bash 4.0+, and rsync to be installed locally.
  • ⚠️Specific CLI tools (Claude Code CLI or Codex CLI) must be installed and configured for AI integration.
  • ⚠️For Claude Code, `claude mcp add` requires absolute paths for the server's main script. Users should carefully configure `autoApprove` to balance convenience with security, as it bypasses command confirmations.
Verified SafeView Analysis
The server's core functionality grants AI agents significant control over remote SSH servers, which is inherently powerful and requires careful usage. The project includes features like SQL injection prevention for database tools and recommends SSH key authentication for enhanced security. The optional `sshpass` for rsync with password authentication should be used with caution. The `autoApprove` feature in Claude Code can bypass user confirmation for commands, necessitating diligent configuration by the user to prevent unintended actions. No explicit `eval` or obfuscation is indicated in the provided information, suggesting standard Node.js security practices are followed.
Updated: 2025-11-17GitHub
39
38
Medium Cost
krzyzanowskim icon

XcodeDocsMCP

by krzyzanowskim

Sec8

This MCP server provides tools for querying Apple developer documentation and SDK symbols directly from a local Xcode installation on macOS.

Setup Requirements

  • ⚠️Requires macOS 14.0+
  • ⚠️Requires Xcode with command line tools installed
  • ⚠️Requires Swift 6.0+
Verified SafeView Analysis
The server executes external commands (mdfind, grep, xcrun, sh) based on user input, which inherently carries risk. However, it implements input sanitization (escaping single quotes) for queries passed to 'mdfind' and 'grep' commands to mitigate shell injection vulnerabilities. Temporary directories used for symbol graph extraction are created with UUIDs and promptly cleaned up. The server operates locally, reading from stdin and writing to stdout, with no explicit network listeners or outgoing connections, limiting network-based attack vectors.
Updated: 2025-12-15GitHub
39
10
Medium Cost
ragieai icon

mcp-gateway

by ragieai

Sec9

A multi-tenant secure proxy for AI clients to Ragie Model Context Protocol (MCP) services with WorkOS authentication and role-based access control.

Setup Requirements

  • ⚠️Requires Node.js 18+ runtime environment.
  • ⚠️Requires a PostgreSQL database with a 'collections' table (schema provided, needs initialization).
  • ⚠️Requires a WorkOS account and application setup, including API keys, client ID, and authorization server URL.
  • ⚠️Ragie API keys for each organization/collection must be provisioned and securely stored (encrypted in the database).
Verified SafeView Analysis
The server uses strong cryptographic practices for API key encryption (AES-256-GCM, PBKDF2, SHA-256) with a randomly generated IV for each encryption and environment variables for secrets. Authentication is robust, involving JWT verification via WorkOS JWKS and an explicit WorkOS API call to validate user organization membership and roles, addressing a potential JWT limitation. Server-side filters prevent data access bypasses. No 'eval' or similar dangerous patterns were found in the provided code. The fixed salt for PBKDF2 is acceptable as it's used for deterministic key derivation from a strong master key, not for individual data encryption.
Updated: 2026-01-11GitHub
39
2
Low Cost
ignaciohermosillacornejo icon

copilot-money-mcp

by ignaciohermosillacornejo

Sec9

The Copilot Money MCP Server enables AI-powered queries of personal financial data by reading locally cached Copilot Money data.

Setup Requirements

  • ⚠️Requires Copilot Money (macOS App Store version) to be installed and to have synced data locally.
  • ⚠️Only runs on macOS as the database path is platform-specific.
  • ⚠️Data is read from the local cache, which may not contain a user's full transaction history; users need to open the Copilot Money app and scroll through older transactions to populate the cache.
Verified SafeView Analysis
The server explicitly states it is 100% local, read-only, and performs zero network requests, aligning with strong privacy commitments. All tools are marked with `readOnlyHint: true`. Data is accessed from the local Copilot Money LevelDB cache. It copies the database to a temporary directory for read access, ensuring no conflicts with the running app. Zod is used for data validation, contributing to robustness. No hardcoded external secrets or malicious patterns were identified. A score of 9 is given due to its strong privacy and local-only guarantees, with a slight deduction as any local file access has inherent, albeit minor, system interaction risks.
Updated: 2026-01-19GitHub
PreviousPage 101 of 760Next