Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

39
8
Medium Cost
ssdeanx icon

AgentStack

by ssdeanx

Sec4

A versatile backend for hosting and orchestrating multiple specialized AI agents and workflows within the Mastra framework, facilitating agent-to-agent (A2A) coordination, code-centric development tasks, knowledge management (notes), and integration with various external services. It supports evaluation of agent performance and policy-driven access control.

Setup Requirements

  • ⚠️Requires multiple API keys for external services (Google AI, GitHub, Alpha Vantage, Finnhub, Polygon, Serpapi).
  • ⚠️Relies on external E2B sandboxing for isolated code execution, typically requiring an E2B account and API key (`E2B_API_KEY`).
  • ⚠️Requires a PostgreSQL database with `pgVector` extension for memory and RAG, implying `PGHOST`, `PGUSER`, `PGDATABASE`, `PGPASSWORD`, `PGPORT` environment variables.
  • ⚠️Local `git` and `pnpm` commands are executed, meaning a compatible local environment is necessary.
  • ⚠️`Playwright-core` for browser automation in some tools implies a Chromium installation.
Review RequiredView Analysis
The `calculatorTool` (src/mastra/tools/calculator.tool.ts) uses `mathjs.evaluate()` directly with user-provided `expression` and `variables`. This is a critical code execution vulnerability if inputs are not strictly sanitized by upstream agents or components, as `mathjs.evaluate` is designed to execute arbitrary code. While other tools implement input validation (Zod) and external code execution is sandboxed (E2B), this specific tool poses a severe risk. Other tools using `execa` (for Git, pnpm) and `crawlee` (for web scraping) require careful input handling and configured allowed domains to prevent command injection or SSRF/content abuse.
Updated: 2026-01-16GitHub
39
7
High Cost
strato-space icon

media-gen-mcp

by strato-space

Sec9

Centralized Model Context Protocol (MCP) server for generating and editing images and videos via OpenAI (DALL-E, Sora) and Google GenAI (Veo), with local media fetching and processing.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid API) for OpenAI image and video generation tools.
  • ⚠️Requires Google API Key (Paid API) or Google Cloud Vertex AI configuration for Google GenAI video tools.
  • ⚠️File system access for reading and writing media is strictly limited to directories configured via `MEDIA_GEN_DIRS`. This must be properly set up for local file operations and storage.
  • ⚠️Image processing features like resizing and format conversion rely on the optional 'sharp' dependency. If 'sharp' is not installed, these features will be unavailable, and the server will fall back to basic image handling.
Verified SafeView Analysis
The server employs robust local file system access controls via `MEDIA_GEN_DIRS` and URL filtering via `MEDIA_GEN_URLS`, preventing arbitrary file reads/writes and unrestricted external network requests. API keys are loaded securely from `secrets.yaml` or environment variables, with logging sanitization to prevent accidental exposure in logs. No `eval` or code obfuscation patterns were found. Proper environment sandboxing is recommended for production deployment.
Updated: 2026-01-10GitHub
39
10
Medium Cost
Sec6

A Node.js server for hosting serverless functions, likely within a Managed Cloud Platform (MCP) SDK context.

Setup Requirements

  • ⚠️Requires Node.js runtime.
  • ⚠️Requires Azure Functions Core Tools for local development/execution.
  • ⚠️TypeScript project, necessitating a build step (e.g., `npm run build`).
  • ⚠️Requires configuration of environment variables/secrets via `local.settings.json`.
Review RequiredView Analysis
Cannot perform a complete security audit without code content. Potential risks include misconfiguration of `local.settings.json` (secrets), vulnerabilities in authentication flows (`authcomplete.html`), and security flaws in custom functions hosted by the server. Assumes standard secure development practices.
Updated: 2025-11-18GitHub
39
15
Medium Cost
tosin2013 icon
Sec7

Facilitates architectural decision record (ADR) analysis, content security, deployment and environment analysis, and architectural governance using advanced prompting techniques (GKP, APE, Reflexion) and knowledge graph management to automate and improve development workflows.

Setup Requirements

  • ⚠️Requires a Node.js environment (v18+ recommended).
  • ⚠️Requires Python 3.11 for Ansible-based testing components.
  • ⚠️Requires building the server executable via `npm run build` before running.
  • ⚠️Requires an `OPENROUTER_API_KEY` (or equivalent for OpenAI/Anthropic) for AI execution, which is a paid service.
  • ⚠️Advanced ADR Aggregator features may require a paid subscription.
  • ⚠️Execution of AI-generated deployment scripts via `bootstrapValidationLoop` requires explicit human approval for each plan.
  • ⚠️Potential for high token costs if not using CE-MCP (token-optimized) mode for AI interactions.
Verified SafeView Analysis
The server includes LLM-Managed Cloud/Database Management tools (`llmCloudManagement`, `llmDatabaseManagement`) that generate and execute commands. Currently, command execution is explicitly *simulated*, which acts as a critical safety measure. Direct execution of LLM-generated commands (if enabled in the future) poses a high risk of Remote Code Execution (RCE) if not rigorously sandboxed and audited. The `bootstrapValidationLoop` tool executes AI-generated shell scripts, but this is mitigated by a mandatory human review and approval step for the generated deployment plan (ADR). Sensitive information detection and masking are core security features of the `content-masking-tool`, enhancing data privacy. Hardcoded secrets are actively detected and flagged by `TreeSitterAnalyzer` and `gitleaks-detector` utilities, indicating a proactive approach to security.
Updated: 2026-01-19GitHub
39
12
Low Cost
keithrbennett icon

cov-loupe

by keithrbennett

Sec7

Provides an MCP server, CLI, and Ruby library for analyzing SimpleCov test coverage data, primarily to enable AI assistants to query and report on codebase coverage.

Setup Requirements

  • ⚠️Requires Ruby >= 3.2 (due to `mcp` gem dependency).
  • ⚠️Requires a SimpleCov-generated `.resultset.json` file.
  • ⚠️Requires `simplecov` gem >= 0.21 for multi-suite merging.
  • ⚠️The `validate` tool/command executes arbitrary Ruby code; only use with trusted input.
Verified SafeView Analysis
The `validate` tool/command, utilizing `PredicateEvaluator`, executes arbitrary Ruby code via `instance_eval` from either a code string or a file. This is a significant security risk if untrusted input is provided to this specific tool/command, as it grants full system privileges. The source code and documentation explicitly highlight this danger. Other tools do not present such a direct code execution risk. No hardcoded secrets or apparent obfuscation were found. Network risks from the core MCP server are minimal as it uses stdio transport, but external commands executed by malicious predicates could pose network threats.
Updated: 2026-01-19GitHub
39
16
Medium Cost
maquina-app icon

nvim-mcp-server

by maquina-app

Sec8

Enables LLMs to interact with Neovim instances to query open files and modify buffer content via the Model Context Protocol.

Setup Requirements

  • ⚠️Requires a running Neovim instance configured to listen on a Unix socket (e.g., `/tmp/nvim-{project_name}.sock`).
  • ⚠️Users of Ruby version managers (like rbenv or RVM) integrating with clients like Claude Desktop may need to create a symbolic link for the Ruby executable.
  • ⚠️The `project_name` parameter for tools must accurately match the name used when configuring the Neovim socket.
Verified SafeView Analysis
The server primarily communicates with Neovim instances via Unix sockets, an IPC mechanism that requires local access. It grants LLMs the capability to read buffer lists and replace buffer content, which are powerful operations but are within the explicit scope of an editor agent. The `update_buffer` tool can write arbitrary content to files open in Neovim, but this is the intended functionality and not a vulnerability in the server itself. HTTP mode with `--bind-all` allows network access, but the README explicitly mentions built-in security features (origin validation, IP filtering) and warns about use on trusted networks. No `eval` or direct shell execution of untrusted input is observed in the provided code snippets. The server appears to correctly contain its actions within the Neovim API.
Updated: 2025-12-01GitHub
39
18
High Cost
jalpp icon
Sec7

Provides advanced chess analysis, game review, and interactive training capabilities to large language models via the Model Context Protocol.

Setup Requirements

  • ⚠️Requires Node.js 22+.
  • ⚠️LICHESS_API_KEY (optional, but required for Lichess study tools) must be a Personal Access Token (PAT) with `study:read` permission from Lichess.
  • ⚠️CHESSBOARD_MAGIC_PAT (optional, but required for Chessboard Magic tools) must be obtained from chessboardmagic.com.
  • ⚠️Relies on external APIs for Stockfish, neural network, and database queries; availability and performance of these third-party services are external factors.
Verified SafeView Analysis
The server relies on multiple external APIs for core functionality, including Stockfish, Leela Chess Zero (LC0), Maia2, ChessDB, and Chessboard Magic. These external dependencies introduce risks related to service availability, performance, and trust in third-party infrastructure. While authentication tokens (LICHESS_API_KEY, CHESSBOARD_MAGIC_PAT) are handled via environment variables/user config (good practice), the integrity and uptime of these external services are beyond the control of the local server instance. No 'eval' or obvious malicious code patterns were found in the provided source.
Updated: 2026-01-08GitHub
39
8
Medium Cost
KSAklfszf921 icon

kolada-mcp-server

by KSAklfszf921

Sec9

Connects LLMs to a comprehensive database of 5,000+ Key Performance Indicators (KPIs) and statistics for all Swedish municipalities and regions.

Setup Requirements

  • ⚠️LLM client must support Model Context Protocol (MCP).
  • ⚠️Data provided is specific to Swedish municipalities and regions.
  • ⚠️The upstream Kolada API has rate limits (5 requests/second), and while the server implements retry logic and rate limiting, very high concurrent usage might still experience delays or errors.
Verified SafeView Analysis
The server implements robust security practices including automatic security scanning (CodeQL, GitGuardian, TruffleHog, Bearer SAST, Dependabot, npm audit), strict dependency management, API rate limiting, and explicit handling of sensitive values via environment variables. All exposed tools are designed to be read-only, fetching public data from the Kolada API, which inherently reduces the attack surface. While the remote server endpoints are explicitly open access without authentication, this aligns with its public data provision purpose and the read-only nature of its tools. No 'eval' or similar dangerous patterns are used without clear justification. The `SECURITY.md` provides clear guidelines for reporting vulnerabilities and internal security measures.
Updated: 2026-01-19GitHub
39
16
Medium Cost
Karthikathangarasu icon

pentest-mcp

by Karthikathangarasu

Sec8

This server provides a Model Context Protocol (MCP) interface for professional penetration testing, enabling automated execution and analysis of security tools like Nmap, John the Ripper, Gobuster, and Nikto.

Setup Requirements

  • ⚠️Requires external penetration testing tools (Nmap, John the Ripper, Gobuster, Nikto) to be installed and available in the system's PATH.
  • ⚠️Certain Nmap options (e.g., SYN scan, OS detection) require elevated privileges (root/administrator) to run effectively.
  • ⚠️Requires Node.js version 18 or newer.
Verified SafeView Analysis
The project is designed for professional penetration testing and executes powerful external tools. It uses `child_process.spawn` with an array of arguments, which is safer than `exec`. Crucially, it implements a `sanitizeOptions` function with `SAFE_OPTION_REGEX` to validate user-provided command-line arguments, significantly mitigating shell injection risks. Temporary files for John the Ripper are created and deleted. No direct `eval` or hardcoded secrets were found. The inherent risk lies in the powerful nature of the integrated tools, which requires professional judgment and a controlled environment, not in a lack of internal security practices.
Updated: 2025-12-14GitHub
39
15
Medium Cost
SamMorrowDrums icon

mcp-python-starter

by SamMorrowDrums

Sec9

A feature-complete Model Context Protocol (MCP) server template in Python for developing AI applications and agents.

Setup Requirements

  • ⚠️Requires Python 3.11+.
  • ⚠️LLM API Key (e.g., OPENAI_API_KEY, ANTHROPIC_API_KEY) is required for full functionality of LLM-dependent tools like 'ask_llm' and 'generate_content'.
  • ⚠️The 'tasks' experimental feature requires additional Python dependencies (starlette, anyio) installed with `uv sync --all-extras tasks` and uses HTTP transport.
Verified SafeView Analysis
The server uses the well-regarded MCP Python SDK (FastMCP) and follows best practices for secret management by advising the use of `.env` files for configuration. No 'eval' or direct obfuscation was found in the provided code. Network exposure through HTTP transport is standard for web servers, but requires appropriate deployment security measures (e.g., firewalls, access control) when deployed publicly.
Updated: 2026-01-19GitHub
39
17
High Cost
DevEnterpriseSoftware icon

scrapi-mcp

by DevEnterpriseSoftware

Sec8

This MCP server enables AI agents to scrape web pages and retrieve their content as HTML or Markdown, with advanced browser interaction capabilities.

Setup Requirements

  • ⚠️Requires a ScrAPI API Key for practical, unrestricted usage (limited free usage available without one).
  • ⚠️Requires Node.js and npm/npx or Docker runtime.
  • ⚠️Depends on an external commercial web scraping service (scrapi.tech) for its core functionality.
Verified SafeView Analysis
The server itself is well-structured and does not contain obvious direct vulnerabilities such as 'eval' or hardcoded sensitive credentials (API key is an environment variable or config). It acts as a proxy to an external commercial scraping service (scrapi.tech). The security of the scraping process, particularly how 'browserCommands' are executed and validated, relies heavily on the upstream ScrAPI service. While 'browserCommands' allow custom JavaScript execution, this is a feature for interacting with target websites and does not pose a direct security risk to the MCP server itself or the user running it.
Updated: 2026-01-14GitHub
39
48
High Cost
bjia56 icon

cosmotop

by bjia56

Sec3

System monitoring and information exposure via MCP protocol.

Setup Requirements

  • ⚠️Initial setup on Cosmopolitan builds requires internet access to download platform-specific plugins (using `curl`, `wget`, or Python if available).
  • ⚠️On Windows, the executable must be renamed to `cosmotop.cmd` or `cosmotop.bat` before running.
  • ⚠️Docker monitoring requires access to the Docker socket (e.g., user in `docker` group) or configuration of `DOCKER_HOST` which may transmit credentials in plaintext.
Review RequiredView Analysis
The server's Cosmopolitan build dynamically downloads platform-specific plugins (executables) from GitHub releases, posing a supply chain risk if the release source is compromised. The `downloadFile` function executes `curl`, `wget`, or Python for fetching, and `chmod`s the downloaded binary to be executable. Docker monitoring, if configured via `DOCKER_HOST` to an HTTP endpoint, explicitly states that 'Access to the socket must be over plaintext (i.e. no TLS)', which exposes sensitive data and potentially credentials over an unencrypted network.
Updated: 2025-11-19GitHub
PreviousPage 105 of 760Next