Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

39
11
High Cost
vscarpenter icon

gsd-task-manager

by vscarpenter

Sec9

A local-first, privacy-focused task manager that integrates with AI assistants (like Claude Desktop) for natural language task creation, management, and analysis using the Eisenhower Matrix.

Setup Requirements

  • ⚠️This MCP server is designed to integrate with Claude Desktop, implying that Claude Desktop must be installed and configured to use this server.
  • ⚠️Requires creating a `claude-config.json` (or equivalent) with real JWT tokens and encryption passphrases, which must *never* be committed to version control and handled with extreme care.
  • ⚠️The MCP server connects to the GSD Sync Worker, which is a Cloudflare Worker backend and requires its own setup (D1, KV, R2 databases, and secrets management on Cloudflare).
Verified SafeView Analysis
The system employs robust end-to-end encryption (AES-256-GCM, PBKDF2), secure OAuth 2.0 with PKCE, JWT authentication with revocation, and comprehensive input validation (Zod schemas, prepared statements for D1). Rate limiting is implemented on sensitive endpoints. The architecture is explicitly designed for zero-knowledge on the server for task content. Sensitive data (JWT tokens, encryption passphrases) are explicitly marked as "NEVER COMMIT" and handled through secure configurations (IndexedDB on client, Cloudflare secrets for worker, `claude-config.json` for MCP). While JWTs are stored in IndexedDB on the client, this is a documented trade-off for PWA offline functionality, with all task data E2E encrypted. The security review found no critical or high vulnerabilities.
Updated: 2026-01-18GitHub
39
12
Medium Cost
Qiskit icon

mcp-servers

by Qiskit

Sec8

A collection of Model Context Protocol (MCP) servers enabling AI agents to interact with Qiskit libraries and IBM Quantum services for quantum computing development, including code generation, runtime execution, and circuit transpilation.

Setup Requirements

  • ⚠️Requires Python 3.10+ (some parts specify <3.14 or <3.15).
  • ⚠️Requires an IBM Quantum account and API token (`QISKIT_IBM_TOKEN`) for most functionalities interacting with IBM Quantum services.
  • ⚠️Using `qiskit-ibm-runtime-mcp-server` can be slow (10-30+ seconds) to initialize if `QISKIT_IBM_RUNTIME_MCP_INSTANCE` environment variable is not set, as it performs an instance lookup.
  • ⚠️If utilizing the `qiskit-code-assistant-mcp-server`, access to the Qiskit Code Assistant service is required.
  • ⚠️Using local Ollama as an LLM provider requires Ollama to be running locally with the desired model pulled.
Verified SafeView Analysis
The project follows good practices for credential management, primarily using environment variables (`QISKIT_IBM_TOKEN`, `OPENAI_API_KEY`, etc.) or saved user configuration files (`~/.qiskit/qiskit-ibm.json`), with explicit checks to reject common placeholder tokens. Input validation for various parameters (e.g., prompt length, shots, optimization levels) is implemented. Network requests to external IBM APIs are handled with retries and comprehensive error reporting. The use of `nest_asyncio.apply()` is noted but not considered a direct security risk in this context. No direct use of `eval` or `exec` on untrusted input was observed; quantum circuit parsing relies on established Qiskit library functions. Overall, the project appears designed with a focus on reliability and security.
Updated: 2026-01-19GitHub
39
14
Medium Cost
GoPlausible icon

algorand-remote-mcp

by GoPlausible

Sec3

Provides tools and resources for AI agents to interact with the Algorand blockchain ecosystem through a standardized interface, handling wallet management, transaction creation/submission, and API integrations.

Setup Requirements

  • ⚠️Requires a complex setup involving multiple Cloudflare Workers (one for the MCP server, another for HashiCorp Vault integration) and numerous Cloudflare KV/R2 bindings.
  • ⚠️Extensive environment variables are required, including multiple OAuth client IDs/secrets, Algorand API endpoints, and HashiCorp Vault configuration details.
  • ⚠️Initial OAuth authentication requires a Google account and setting up client credentials for at least one provider (e.g., Google, GitHub, Twitter, LinkedIn).
Review RequiredView Analysis
CRITICAL VULNERABILITIES: The `sdk_sign_bytes` and `sdk_sign_transaction` tools directly accept raw secret keys (`sk`) or mnemonic phrases as input from the AI agent. This completely bypasses the intended secure key management provided by HashiCorp Vault, allowing a malicious or compromised AI agent to sign arbitrary transactions or data if it is provided with or can infer these secrets. This contradicts the stated goal of secure key management and exposes user funds. MODERATE RISK: The `buildHTMLPage` functions (used by `arc26Manager.ts` and `receiptManager.ts`) do not sanitize all potential inputs (e.g., `from`, `label`, `sender`, `receiver`, `note`) that could originate from the AI agent. If a malicious AI controls these inputs, it could inject Cross-Site Scripting (XSS) attacks into the generated HTML pages, which are then shared with users. HIGH CONFIGURATION RISK: The security relies heavily on the `HCV_WORKER_URL` environment variable pointing to a trusted and securely configured HashiCorp Vault worker. A misconfiguration or compromise of this endpoint could lead to the exfiltration of private keys managed by the Vault worker.
Updated: 2026-01-19GitHub
39
41
Medium Cost
TocharianOU icon

mcp-server-kibana

by TocharianOU

Sec7

This server provides a Model Context Protocol (MCP) interface to Kibana, enabling natural language or programmatic access for managing saved objects, executing API requests, and querying server status, with multi-space and dual transport support.

Setup Requirements

  • ⚠️Requires `KIBANA_URL` environment variable to connect to a Kibana instance.
  • ⚠️Requires one of `KIBANA_API_KEY`, or both `KIBANA_USERNAME` and `KIBANA_PASSWORD`, or `KIBANA_COOKIES` for authentication.
  • ⚠️Using `NODE_TLS_REJECT_UNAUTHORIZED=0` disables SSL certificate validation, which is a security risk and should be used with extreme caution.
Verified SafeView Analysis
The server uses environment variables for all sensitive credentials (API Key, username/password, cookies), which is a good practice. However, it explicitly supports the `NODE_TLS_REJECT_UNAUTHORIZED=0` environment variable, which disables SSL certificate validation. This is a significant security risk if used in production or un-trusted environments without careful consideration. The new HTTP transport mode introduces an additional network attack surface, requiring proper firewall and TLS (via proxy) configuration for secure remote access.
Updated: 2025-11-19GitHub
39
14
Medium Cost
whitneyland icon

riffmcp

by whitneyland

Sec9

An MCP server that allows LLMs to play, compose, and render music.

Setup Requirements

  • ⚠️macOS only: This application is a native macOS app and will not run on other operating systems.
  • ⚠️Requires manual JSON configuration for LLM integration (e.g., Claude Desktop, Gemini CLI) to specify the application's executable path and `--stdio` argument.
Verified SafeView Analysis
The HTTP server is hardcoded to listen only on localhost (127.0.0.1), significantly reducing external attack surface. Path traversal attempts for image resources served via `/images/` are explicitly checked and prevented using `fileURL.path.hasPrefix(tempDirectory.path)`. Input JSON for music sequences and tool calls are decoded using Swift's `JSONDecoder`, which helps prevent injection vulnerabilities if the models are defined correctly. The implementation of the HTTP server is hand-rolled, which can carry inherent risks compared to battle-tested frameworks, but the current implementation appears robust for its intended local scope.
Updated: 2025-11-29GitHub
39
17
Medium Cost
stanfrbd icon

mcp-cyberbro

by stanfrbd

Sec8

A Model Context Protocol (MCP) server for Cyberbro that extracts and analyzes Indicators of Compromise (IoCs) from unstructured input, checking their reputation using multiple threat intelligence services.

Setup Requirements

  • ⚠️Requires a separate, running Cyberbro instance which this server connects to.
  • ⚠️The underlying Cyberbro instance will likely require API keys for its various threat intelligence engines (e.g., VirusTotal, Shodan, CrowdStrike, MDE) to provide full functionality.
  • ⚠️Requires Docker or a Python 3.11+ environment with `uv` or `pip` for local installation.
Verified SafeView Analysis
The server's source code is straightforward and does not contain obvious malicious patterns, 'eval' statements, or hardcoded secrets. It acts as a client to a user-configured Cyberbro instance. A potential security consideration is the `SSL_VERIFY` option, which can be disabled. While useful for local testing or self-signed certificates, setting `SSL_VERIFY` to `false` in a production environment with an untrusted `CYBERBRO_URL` could expose the connection to Man-in-the-Middle attacks. The `CYBERBRO_URL` itself is an external dependency provided by the user, so its security relies on correct deployment and configuration.
Updated: 2026-01-13GitHub
39
11
Low Cost
taiga-family icon

taiga-ui-mcp

by taiga-family

Sec9

Provides AI assistants with comprehensive access to Taiga UI components and documentation, enabling AI-powered development workflows through a Model Context Protocol (MCP) server.

Setup Requirements

  • ⚠️Requires Node.js 18 or newer.
  • ⚠️Requires an MCP client (e.g., VS Code, Cursor, Claude Desktop).
  • ⚠️A `--source-url` argument or `SOURCE_URL` environment variable is mandatory for the server to fetch documentation content; without it, the server will error during startup.
Verified SafeView Analysis
The server fetches documentation content from a user-provided URL (via `--source-url` argument or `SOURCE_URL` environment variable). While the server itself does not execute code from this source, an untrusted or malicious source could potentially supply extremely large or malformed data, which could lead to resource exhaustion or unexpected parsing behavior. However, the parsing logic (in `parseContent`) is simple, primarily extracting markdown headers and basic metadata, minimizing the risk of code injection. The server communicates via standard I/O (stdio), reducing external network attack surfaces. No `eval` or `child_process` usage was found.
Updated: 2026-01-19GitHub
39
22
Medium Cost
timescale icon
Sec9

Provides LLMs with tools to semantically search Salesforce case summaries and retrieve detailed case information from a TimescaleDB database.

Setup Requirements

  • ⚠️Requires an OpenAI API Key (Paid) for semantic embedding generation.
  • ⚠️Requires TimescaleDB database credentials (PGHOST, PGDATABASE, PGPORT, PGUSER, PGPASSWORD) for data access.
  • ⚠️Relies on a pre-existing data pipeline (Salesforce via Fivetran to TimescaleDB) for its operational data.
Verified SafeView Analysis
The server uses environment variables for sensitive credentials (database, OpenAI API key) and Kubernetes secrets for deployment, which are good practices. There are no obvious hardcoded secrets or malicious patterns in the provided source code snippets. Standard database and network security best practices should be followed for the TimescaleDB and Salesforce connections.
Updated: 2026-01-07GitHub
39
16
Medium Cost
Adyen icon

adyen-mcp

by Adyen

Sec8

Integrates with Adyen APIs for payment processing, terminal management, account management, and legal entity onboarding, accessible via LLM function calling.

Setup Requirements

  • ⚠️Requires a valid Adyen API Key associated with a webservice user that has specific, limited roles matching the desired tools (e.g., 'Management API - Accounts Read', 'Checkout Webservice Role').
  • ⚠️When using the 'LIVE' environment, a '--livePrefix' URL is mandatory and must be provided.
  • ⚠️Requires Node.js version 18 or higher.
Verified SafeView Analysis
The server uses Zod for input argument validation, which is a strong measure against injection vulnerabilities. API keys are expected to be provided via command-line arguments or securely injected environment variables (as shown in Codespaces examples), preventing hardcoding. The `StdioServerTransport` limits its network attack surface to local process communication. Error handling by stringifying exceptions might expose some internal error details, but this is a low information leakage risk, not a critical execution vulnerability.
Updated: 2026-01-19GitHub
39
6
Low Cost
tmonk icon
Sec8

A VS Code compatible extension that enables running Stata code directly from the editor, displaying output and graphs, and allowing AI agents to interact with Stata through an MCP server backend.

Setup Requirements

  • ⚠️Requires Stata 17+ installed locally (Mac OS, Windows, or Linux).
  • ⚠️Requires 'uv' (uvx) CLI tool on PATH; the extension attempts to automatically install it locally if missing.
  • ⚠️Relies on 'mcp-stata' backend, which is automatically installed/refreshed by the extension using 'uvx'.
Verified SafeView Analysis
The extension's core functionality involves executing user-provided Stata code via a local backend (mcp-stata) that wraps the Stata executable. This is an inherent risk of a code execution tool but is handled in a controlled environment. The extension uses `child_process.spawnSync` for `uvx` installation/verification and `fs.writeFileSync`/`fs.readFileSync` for managing MCP configuration files and temporary scripts in expected locations. Network communication is primarily with a local MCP server (localhost). Content Security Policy (CSP) is used in webviews. No obvious hardcoded secrets were found.
Updated: 2026-01-19GitHub
39
7
High Cost
leandrogavidia icon

solx402-mcp-server

by leandrogavidia

Sec3

The SOLx402 MCP Server enables AI assistants to interact with the x402 payment protocol on Solana, providing tools for service discovery, consumption, USDC payments, and access to Solana development resources.

Setup Requirements

  • ⚠️Requires MCP client to be configured with a minimum request timeout of 60,000ms (60 seconds) to prevent payment issues and service consumption failures.
  • ⚠️Requires a Base58-encoded Solana wallet private key (`privateKey`) as a mandatory configuration parameter.
  • ⚠️Requires a Solana mainnet RPC URL (`mainnetRpcUrl`) as a mandatory configuration parameter.
Review RequiredView Analysis
The server design requires passing the Solana wallet's private key (Base58-encoded) via URL query parameters. While the `smithery.yaml` marks this as `x-secret: true`, passing sensitive credentials like a private key directly in a URL query parameter is a significant security risk. Query parameters can be logged by proxies, web servers, and appear in browser history or referrer headers, potentially exposing the private key. A more secure method would involve environment variables or a secure secret management system where the key is never transmitted directly in the URL.
Updated: 2025-12-10GitHub
39
5
Low Cost

hoot

by Portkey-AI

Sec9

A testing and development tool for interacting with and debugging MCP (Multi-Modal Chat Protocol) servers, functioning like a specialized Postman for AI services.

Verified SafeView Analysis
The tool is designed for local development, running its backend and frontend on localhost with explicit 'localhost-only access'. It handles OAuth tokens locally in a SQLite database (~/.hoot/hoot-mcp.db) for persistence. Stated security features include session-based authentication, rate limiting, and audit logging. The primary risk would be connecting to a user-specified malicious MCP server, which is a user-initiated action and not an inherent vulnerability of the tool itself.
Updated: 2025-11-17GitHub
PreviousPage 104 of 760Next