Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

39
7
Low Cost
marconae icon

spec-oxide

by marconae

Sec1

A simple and lightweight Micro-Container Platform (MCP) designed for spec-driven development workflows.

Review RequiredView Analysis
Security audit is severely limited as only the `README.md` file was provided. No source code was available to analyze for 'eval', obfuscation, network risks, hardcoded secrets, or malicious patterns. Based solely on the README, no immediate risks are apparent, but this does not imply safety without the actual code.
Updated: 2026-01-17GitHub
39
6
High Cost
kessler-frost icon

imprint

by kessler-frost

Sec6

Enables AI agents to programmatically control a terminal, capture screenshots, and extract text for TUI testing and interaction.

Setup Requirements

  • ⚠️Requires `ttyd` and `tmux` to be installed on the system (installation script attempts to install them, possibly requiring `sudo` on Linux).
  • ⚠️`go-rod` will auto-download a headless Chrome/Chromium browser (~100-200MB) on first run, requiring significant disk space and bandwidth.
  • ⚠️Requires Go installed for building from source or running examples.
Review RequiredView Analysis
The `imprint` server executes shell commands via `exec.Command` in its `internal/terminal/terminal.go` component, specifically using `sh -c {shell}` for the `t.shell` variable. This `t.shell` originates from the `--shell` command-line argument and the `command` parameter of the `restart_terminal` MCP tool. If a malicious AI agent or a compromised orchestrator provides a crafted `command` (e.g., containing `; rm -rf /`), it can lead to arbitrary command injection on the host system. The `install.sh` script also requires `sudo` privileges for package manager installations, which is a point of privilege escalation during installation. Network exposure for `ttyd` is limited as it binds to `127.0.0.1`, reducing direct remote attack vectors. Use of `page.Eval` is contained within a sandboxed headless browser context for known `xterm.js` APIs, posing a lower risk.
Updated: 2026-01-18GitHub
39
7
Low Cost
javiarmesto icon
Sec9

This server integrates with Microsoft Dynamics 365 Business Central to expose its data and functionality as MCP tools for Claude Desktop, enabling AI-powered interactions with ERP data.

Setup Requirements

  • ⚠️Requires Python 3.12 or higher.
  • ⚠️Full Business Central integration requires Azure AD App Registration (Client ID, Client Secret, Tenant ID) and Business Central Company ID/Environment name, which can be complex to configure. Mock data mode is available as a fallback but offers limited functionality.
  • ⚠️Requires Claude Desktop application to be installed for client interaction.
Verified SafeView Analysis
The server uses STDIO transport, which inherently limits network exposure to local communication. Authentication with Business Central relies on standard OAuth2 Client Credentials flow via Azure AD. Credentials are loaded from environment variables (.env file) and are not hardcoded. The client implements robust error handling and token refresh mechanisms. No 'eval' or malicious patterns were detected. Logging of full API responses at debug level could potentially expose sensitive data if debug logs are mishandled, but this is a standard configuration point.
Updated: 2025-11-23GitHub
39
18
Low Cost
kakaxi3019 icon

wechat_oa_mcp

by kakaxi3019

Sec7

This server acts as a Model Control Protocol (MCP) wrapper for WeChat Official Account APIs, enabling AI systems or automation workflows to manage WeChat content.

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️Requires a WeChat Public Platform AppID and AppSecret to function.
  • ⚠️The hardcoded external IP `106.15.125.133` must be added to your WeChat Public Platform's IP whitelist.
  • ⚠️Explicitly states '此 MCP 服务器仅限研究用途,禁止用于商业目的。'
Verified SafeView Analysis
The server relies on a hardcoded external IP address (106.15.125.133) for its backend services. While this is an intentional architectural choice to solve WeChat's IP whitelist requirement and the project includes a disclaimer for research use only, it introduces a critical dependency on the security and availability of that specific external server. If the external server were compromised or its IP repurposed, sensitive `AppID`, `AppSecret`, and `access_token` could be exposed. No 'eval', 'exec', or direct OS command injection vulnerabilities were found in the provided source code, and JSON payloads are handled by the `requests` library which typically provides serialization safety. Input parameters are obtained using `.get()` methods, which is safer than direct dictionary access.
Updated: 2025-11-22GitHub
39
6
Medium Cost
a2anet icon

a2a-mcp

by a2anet

Sec9

This server acts as a Model Context Protocol (MCP) gateway to facilitate interactions between an LLM client and external A2A (Agent2Agent) protocol agents, enabling message exchange, conversation management, and structured viewing of artifacts.

Setup Requirements

  • ⚠️Requires Python 3.13 or newer.
  • ⚠️Requires `uv` (a Python package manager and executor) installed to run using the quick start method.
  • ⚠️Requires the `A2A_AGENT_CARDS` environment variable to be set, containing a JSON stringified list of agent card URLs and optional custom headers.
Verified SafeView Analysis
The server demonstrates robust security practices. It avoids direct use of dangerous functions like `eval()` or `exec()`. Input validation is performed for artifact viewing parameters (line ranges, row/column selections, JSON paths) to prevent unexpected data access or errors. Network requests are handled by the well-established `httpx` library and the `a2a-sdk`. Configuration is loaded from environment variables and parsed with Pydantic, ensuring schema validation and type safety. File system operations for conversation persistence utilize platform-specific, securely managed directories, mitigating path traversal vulnerabilities.
Updated: 2026-01-15GitHub
39
16
Medium Cost
Alation icon
Sec9

The MCP server enables AI agents and models to retrieve and leverage metadata from the Alation Data Catalog during inference, supporting use cases like data curation, search, and intelligent query generation.

Setup Requirements

  • ⚠️Requires access to an Alation Data Catalog instance and specific Alation credentials (Service Account recommended, which usually requires admin privileges).
  • ⚠️Requires API keys for integrated LLM providers (e.g., OpenAI, Anthropic, Google Bedrock), which are typically paid services.
  • ⚠️Local testing with tools like MCP Inspector may encounter SSL certificate issues when used behind corporate VPNs (e.g., Zscaler), requiring specific Node.js configuration to trust corporate root certificates.
Verified SafeView Analysis
The SDK and MCP server are designed with a strong focus on security, utilizing environment variables for sensitive Alation credentials (client ID, client secret) rather than hardcoding. Authentication is primarily handled through OAuth 2.0 (service account) or bearer tokens, with active token validation. Network communication to the Alation instance is over HTTPS, and the `fastMCP` dependency was upgraded specifically to address a security vulnerability, indicating proactive security management. The system supports streaming, which enhances efficiency but does not introduce significant new security risks. No 'eval', obfuscation, or overtly malicious patterns were identified in the truncated source code. Telemetry data is sent to Alation's own endpoint. The documentation also provides clear guidance on OAuth configuration for external integrations like custom GPTs.
Updated: 2026-01-15GitHub
39
11
Low Cost
IBM icon
Sec9

Integrates IBM Data Intelligence services with Model Context Protocol (MCP) clients, enabling LLM agents to access and manage data assets, lineage, data protection rules, metadata imports, and data products.

Setup Requirements

  • ⚠️Requires Python 3.11 or higher.
  • ⚠️Requires access to an IBM Data Intelligence SaaS or Cloud Pak for Data (CPD) 5.2.1+ instance, with `DI_SERVICE_URL` and authentication (`DI_APIKEY` or `DI_AUTH_TOKEN`) configured.
  • ⚠️For HTTPS mode, SSL certificate (`--ssl-cert`) and private key (`--ssl-key`) files are mandatory and must be properly managed.
  • ⚠️The `uvx` tool is recommended for installation and running; users might need to install `uv` first.
Verified SafeView Analysis
The server demonstrates strong security practices including: explicit handling of sensitive configuration via environment variables/headers (no hardcoded secrets found); robust SSL/TLS configuration options for HTTPX client; comprehensive redaction of sensitive data (URLs, credentials, API keys, UUIDs, PII, file paths) from error messages to prevent information leakage; structured logging with traceability IDs; and internal concurrency limits for external API calls to prevent overload. The use of standard Python libraries and a clear architecture also contributes to its high security posture.
Updated: 2026-01-13GitHub
39
12
Medium Cost
ikcode-dev icon

copilot-kit

by ikcode-dev

Sec9

Provides a curated collection of GitHub Copilot prompts, instructions, and configurations to enhance developer productivity and streamline AI-assisted programming workflows in VS Code.

Setup Requirements

  • ⚠️Requires an active GitHub Copilot Chat subscription for full functionality.
  • ⚠️Requires VS Code with GitHub Copilot Chat extension (version 1.106 or later for Custom Agents) and Model Context Protocol (MCP) enabled in settings.
  • ⚠️Some external MCP servers referenced by this kit (e.g., Sequential Thinking, Context7) may require additional prerequisites like Node.js or specific API keys, which are configured outside of this repository's direct source code.
Verified SafeView Analysis
The repository itself consists primarily of Markdown files (prompts, instructions, documentation) and configuration templates. There is no executable server code within the provided source that could introduce traditional security vulnerabilities like 'eval' or direct network exploits. Contribution guidelines explicitly warn against hardcoding secrets. Security considerations are mostly related to the proper configuration and use of GitHub Copilot and external Model Context Protocol (MCP) servers, which this kit facilitates but does not directly implement. Users are advised not to commit sensitive memory files (.mcp/memory.json) and to use VS Code 'inputs' for secure environment variable storage.
Updated: 2026-01-09GitHub
39
8
High Cost
isakskogstad icon

Kolada-MCP

by isakskogstad

Sec4

Facilitates LLM access to comprehensive Swedish municipal and regional statistics from the Kolada API for key performance indicator (KPI) data retrieval and analysis.

Setup Requirements

  • ⚠️By default, the server runs with 'Open Access' and no authentication (e.g., via `MCP_AUTH_TOKEN`) is enforced for HTTP/SSE endpoints. This creates an unauthenticated proxy to the Kolada API and is a significant security risk for public deployments.
  • ⚠️The server acts as a proxy to the external Kolada API (https://api.kolada.se/v3); its availability and data quality are dependent on that external service.
  • ⚠️Most tool descriptions, prompt templates, and general documentation within the source code are primarily in Swedish, which may pose a barrier for non-Swedish speaking developers or AI models.
Review RequiredView Analysis
CRITICAL: The server is explicitly configured for 'Open Access' (no authentication) by default, as stated in its startup logs and `http-server.ts`. While the data it proxies from Kolada API is open, running a publicly accessible proxy without authentication poses a significant security risk. It could lead to abuse, resource exhaustion, or denial-of-service attacks against the deployed instance. Although an `MCP_AUTH_TOKEN` environment variable is defined in `render.yaml`, it is not active or enforced by default in the server's core logic. Commendable security practices include robust input validation via Zod, explicit `readOnlyHint` and `destructiveHint: false` for all tools, client-side rate limiting and retry logic for the upstream API, and the use of static analysis tools (CodeQL, GitGuardian, TruffleHog, Bearer SAST, Dependabot, npm audit) as indicated in `SECURITY.md`.
Updated: 2026-01-19GitHub
39
16
Medium Cost
jonaolden icon

mcpbi

by jonaolden

Sec8

Provides a Model Context Protocol (MCP) server for local Power BI Tabular Models, enabling LLM clients to interact for debugging, analysis, and DAX query composition.

Setup Requirements

  • ⚠️Requires Power BI Desktop running with a PBIX file open.
  • ⚠️Windows OS is required.
  • ⚠️.NET 8.0 SDK or Runtime is required.
  • ⚠️Initial setup requires running a discovery CLI tool to configure Power BI connection details (port, database ID).
Verified SafeView Analysis
The server explicitly states it only accepts connections from localhost, significantly reducing network attack surface. It performs DAX query validation to prevent malicious queries. Encryption keys (for obfuscation/decryption) are handled via environment variables or command-line parameters, not hardcoded. The project utilizes strong cryptographic algorithms (AES-256, PBKDF2) for its decryption tool. Connection to the Power BI model is read-only. Overall, good security practices are highlighted and seem to be implemented for its intended use case.
Updated: 2025-12-02GitHub
39
16
Medium Cost
Async-IO icon
Sec9

Conversational AI fitness coaching and data analysis platform with provider integrations and user management.

Setup Requirements

  • ⚠️Requires `PIERRE_MASTER_ENCRYPTION_KEY` environment variable, which is critical for encryption and must be consistent across deployments.
  • ⚠️Requires a database (SQLite or PostgreSQL) to be set up and configured via the `DATABASE_URL` environment variable.
  • ⚠️Requires configuration for at least one LLM provider (e.g., `GEMINI_API_KEY` or `GROQ_API_KEY`) for AI conversational features to work.
Verified SafeView Analysis
The server is built with Rust, leveraging its memory safety features. It implements robust authentication (JWT, API Keys with constant-time comparison) and authorization. A two-tier key management system protects sensitive data at rest using AES256-GCM encryption with Additional Authenticated Data (AAD) for tenant/user isolation. OAuth2 flows include PKCE with S256 method enforced and atomic consumption of authorization codes/states to prevent replay and CSRF attacks. PII redaction is built into the logging middleware. Redirect URIs are strictly validated (HTTPS, no wildcards, no fragments). Client secrets are hashed using Argon2. No 'eval' or obvious malicious patterns found.
Updated: 2026-01-19GitHub
39
8
Medium Cost
KSAklfszf921 icon

KOLADA-MCP

by KSAklfszf921

Sec8

Provides LLMs and AI chatbots with direct access to over 5,000 Key Performance Indicators and statistical data for all 290 Swedish municipalities and 21 regions from the Kolada API.

Setup Requirements

  • ⚠️Requires Node.js version 18 or higher to run (specified in `package.json`).
  • ⚠️Requires an active internet connection to fetch data from the external Kolada API (`https://api.kolada.se/v3`).
  • ⚠️When running locally to expose HTTP/SSE endpoints, the `MCP_MODE` environment variable must be set to 'http' (e.g., `MCP_MODE=http npx kolada-mcp-http`) to prevent it from defaulting to STDIN/STDOUT mode.
Verified SafeView Analysis
All tools are explicitly marked as read-only and idempotent, indicating no destructive operations or external side effects, which is a strong security positive. The project includes comprehensive automated security scanning tools (CodeQL, GitGuardian, TruffleHog, Bearer SAST, Dependabot, npm audit) and a detailed `SECURITY.md` policy for vulnerability reporting. It also adheres to best practices like using environment variables for sensitive configurations and implementing rate limiting with retries for the upstream API. However, the HTTP/SSE endpoints (`/mcp`, `/sse`) are configured for 'Open Access (No authentication)' in the provided source code, meaning any client can call the tools without authentication. While this may be an intentional design choice for publicly available data, it relies on external mechanisms (e.g., API Gateway) for access control if required, and may expose the service to unmanaged consumption and potential DoS if not protected externally. The `render.yaml` mentions an `MCP_AUTH_TOKEN` but it is not enforced by the application for these endpoints in the analyzed code.
Updated: 2026-01-19GitHub
PreviousPage 102 of 760Next