Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

38
11
Medium Cost
Teamwork icon

mcp

by Teamwork

Sec9

Provides an MCP server to integrate Large Language Models with Teamwork.com for project management and helpdesk operations.

Setup Requirements

  • ⚠️Requires Go 1.25 or later to build and run locally.
  • ⚠️Requires valid Teamwork.com API credentials (Bearer Token or OAuth2 setup) to interact with the Teamwork API.
  • ⚠️Optional HAProxy integration requires specific network configuration and disables TLS verification for internal communication.
Verified SafeView Analysis
The server demonstrates strong security practices including explicit separation of credentials into environment variables, redaction of sensitive information in logs, and a clear security policy. Middleware is used for authentication and request context. A potential minor risk, if not managed carefully, is the `InsecureSkipVerify: true` option for TLS when HAProxy is enabled, though this is stated to be for internal, trusted HAProxy setups.
Updated: 2026-01-19GitHub
38
1
Medium Cost
mrsimpson icon

prompts-mcp

by mrsimpson

Sec9

A Model Context Protocol (MCP) server for managing, templating, and exposing AI prompts defined in markdown files via stdio and HTTP transports.

Setup Requirements

  • ⚠️Requires Node.js >= 22
  • ⚠️Requires pnpm >= 9.0.0
  • ⚠️Requires an MCP-compatible client (e.g., Claude Desktop, MCP Inspector) to interact with.
Verified SafeView Analysis
The server uses Handlebars templating with `noEscape: true` for prompt content, which is intentional to preserve code formatting in prompts. While this means the server itself does not attempt to sanitize the *output* to the LLM, the content is intended for an AI, not direct rendering in a browser, mitigating typical XSS risks. All file paths are handled using `path.resolve` and `existsSync` which helps prevent directory traversal vulnerabilities. Configuration parsing includes validation for ports and log levels. No obvious hardcoded secrets or direct arbitrary code execution via user input were found. The directory discovery mechanism allows overrides via environment variables, which is a flexible but secure pattern.
Updated: 2025-12-03GitHub
38
1
Medium Cost
kadinsayani icon

lxd-mcp

by kadinsayani

Sec6

Manages LXD containers and virtual machines through a Model Context Protocol (MCP) server.

Setup Requirements

  • ⚠️Requires LXD to be installed and running on the system.
  • ⚠️Requires Go 1.25.4 or higher to build from source.
  • ⚠️User account must be in the `lxd` group for socket access, implying elevated privileges.
Verified SafeView Analysis
The server interacts directly with the LXD daemon via a Unix socket, requiring the user to be in the `lxd` group, granting high privileges. The `exec_instance` tool allows arbitrary command execution within instances, which carries inherent security risks. The `README` explicitly states 'Consider implementing authentication for production use', indicating a lack of built-in authentication for generic exposure beyond its intended local, stdin/stdout use case (e.g., with GitHub Copilot CLI). No 'eval' or obvious malicious patterns found.
Updated: 2025-12-05GitHub
38
10
Medium Cost
microsoft icon
Sec9

Enables AI assistants to securely access and analyze retail sales data through a Model Context Protocol (MCP) server, integrating with PostgreSQL and Azure AI services.

Setup Requirements

  • ⚠️Requires Docker Desktop for local development.
  • ⚠️Requires an Azure Subscription and Azure CLI for resource deployment and authentication.
  • ⚠️Requires access to Azure OpenAI models (specifically `text-embedding-3-small`, and optionally `gpt-4o-mini`) which may have quota limits.
  • ⚠️PostgreSQL database is required with the `pgvector` extension enabled for semantic search functionality.
  • ⚠️Python 3.8+ is a prerequisite for server development.
Verified SafeView Analysis
The server implements robust security features including Row Level Security (RLS) for data isolation, Azure AD authentication for AI services (DefaultAzureCredential), input validation for table names, and parameterized queries (implied by `asyncpg` usage in Python for database interaction). Secrets like database passwords and Azure API keys are expected to be provided via environment variables, reducing the risk of hardcoding. Docker containers run as a non-root user. Minor exposure of PGPASSWORD in a healthcheck is noted but generally within a trusted network context.
Updated: 2026-01-13GitHub
38
174
Medium Cost
garylab icon

MakeMoneyWithAI

by garylab

Sec9

This server curates a list of AI tools and projects from GitHub, generating concise business model descriptions for each to help users identify income-generating open-source opportunities.

Setup Requirements

  • ⚠️Requires GITHUB_TOKEN environment variable (from GitHub for API access)
  • ⚠️Requires OPENAI_API_KEY environment variable (for GPT-5-mini API calls, which are paid)
  • ⚠️Assumes 'excluded-repos.txt' and 'extra-repos.txt' files exist or are configured as needed
Verified SafeView Analysis
The script uses environment variables for GitHub and OpenAI API keys, which is a good security practice. It makes outbound network requests to these well-known APIs. No 'eval' or obvious malicious patterns were found. The primary security consideration is the secure management of the API keys in the environment where the script is run.
Updated: 2025-12-17GitHub
38
11
High Cost
KxSystems icon

kdb-x-mcp-server

by KxSystems

Sec8

Enables natural language interaction and AI-powered querying of KDB-X and KDB+ databases through the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires a running KDB-X or KDB+ service with its SQL interface loaded (and AI libraries loaded for vector search tools if used).
  • ⚠️Requires a valid PyKX license; the `QLIC` environment variable must be set to point to your license directory.
  • ⚠️Requires `uv` (Astral's Python package manager/installer) to be installed to run the server.
  • ⚠️Using AI-powered tools (similarity/hybrid search) necessitates configuring external embedding providers (e.g., OpenAI, SentenceTransformers), which may require API keys (e.g., OPENAI_API_KEY) and an `embeddings.csv` configuration file.
Verified SafeView Analysis
The server includes explicit guardrails to prevent dangerous SQL operations (e.g., INSERT, DROP) by filtering queries for keywords. Passwords for database connections are handled as SecretStr. Dynamic module loading for tools, prompts, and resources is used for extensibility, requiring careful management of the server's filesystem content. The `streamable-http` network transport is recommended not to be exposed externally, and TLS is configurable for KDB-X database connections.
Updated: 2026-01-19GitHub
38
6
Low Cost
missdeer icon

gemini-mcp-rs

by missdeer

Sec8

A high-performance Rust MCP server that enables AI-driven tasks by wrapping the Gemini CLI, facilitating integration with MCP-compatible clients like Claude Code.

Setup Requirements

  • ⚠️Requires Gemini CLI (from Google) installed and configured on the system.
  • ⚠️Requires an MCP-compatible client (e.g., Claude Code) to interact with the server after setup.
Verified SafeView Analysis
The server wraps the Gemini CLI, with robust input validation, timeout enforcement, and configurable sandbox mode. It uses `Command::new` for process spawning, correctly quoting arguments to prevent shell injection. The `run.js` script handles binary downloads via HTTPS from GitHub Releases, including redirect handling and timeouts, and uses `spawn` for extraction (tar/powershell). There are checks for unbounded output from the CLI and a locking mechanism for concurrent downloads. The primary implicit risk is reliance on the security of the underlying Gemini CLI and the trust placed in the official GitHub repository for binary downloads. No `eval` or blatant malicious patterns were found.
Updated: 2026-01-18GitHub
38
1
Medium Cost
txn2 icon
Sec9

Connects AI assistants to DataHub metadata catalogs for searching datasets, exploring schemas, tracing lineage, and accessing glossary terms and domains. It can be used as a standalone server or as a composable Go library for custom MCP servers with advanced features.

Setup Requirements

  • ⚠️Requires `DATAHUB_URL` environment variable pointing to your DataHub GraphQL API endpoint.
  • ⚠️Requires a `DATAHUB_TOKEN` (personal access token) environment variable for authentication, which must be generated from DataHub with appropriate permissions.
  • ⚠️For full functionality (e.g., lineage), your DataHub instance needs to have the relevant metadata ingested.
Verified SafeView Analysis
The project demonstrates strong security practices: tokens are handled via environment variables and explicitly not logged, connections use HTTPS, TLS certificate verification is enabled by default. It provides middleware interfaces for custom access control, audit logging, and rate limiting. Supply chain security is also addressed with SLSA Level 3 provenance and Cosign-signed releases. No 'eval' or obfuscation patterns were found. The tool performs read-only operations on DataHub.
Updated: 2026-01-16GitHub
38
1
Medium Cost
3rdbrain icon

architectgbt-mcp

by 3rdbrain

Sec8

Provides AI model recommendations and code templates directly within an IDE via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Node.js >= 18.0.0.
  • ⚠️ArchitectGBT Pro subscription and API key required for unlimited recommendations and code templates.
  • ⚠️Free tier recommendations are IP-based and limited to 3 per day.
Verified SafeView Analysis
The server acts as an interface to an external platform (architectgbt.com). While API keys are handled via environment variables (secure), a user-configured `ARCHITECTGBT_API_URL` could pose a risk if pointed to a malicious endpoint. No direct code execution risks like `eval` or hardcoded secrets were found in the provided source code.
Updated: 2026-01-17GitHub
38
1
Medium Cost
cmd8 icon
Sec9

Model Context Protocol (MCP) server for programmatically creating, modifying, and querying Excalidraw diagrams.

Setup Requirements

  • ⚠️Node.js >= v18.0.0 required
  • ⚠️Requires a local Excalidraw file path to operate on (`--diagram` argument)
Verified SafeView Analysis
The server uses `fs.readFile` and `fs.writeFile` to interact with a local Excalidraw diagram file. The path to this file is resolved using `path.resolve(process.cwd(), argv.diagram.trim())`, which limits file access to the current working directory and its subdirectories, mitigating arbitrary file system access risks. Data is parsed and stringified as JSON. No `eval` or dynamic code execution is observed. The server operates over stdio, not exposing network ports by default. Potential for resource exhaustion if very large or malformed Excalidraw JSON files are processed, but this is a general file processing risk.
Updated: 2025-11-29GitHub
38
14
Low Cost
microsoft icon
Sec7

Demonstrates building and packaging a C# Model Context Protocol (MCP) server for Windows in MSIX and MCPB formats, and provides client samples to interact with it.

Setup Requirements

  • ⚠️Requires .NET 9.0 SDK or later for server components.
  • ⚠️Requires NodeJS for MCPB packaging and JavaScript client samples.
  • ⚠️Requires WinAppCLI for MSIX packaging, with a non-standard installation process for the `mcp-host-electron` sample (download .tgz and install locally).
  • ⚠️Manual installation of a development certificate is necessary for MSIX packages on the machine.
  • ⚠️`odr.exe` must be accessible in the system's PATH for client applications to discover and connect to servers.
Verified SafeView Analysis
Client applications use `child_process.execFile` to invoke `odr.exe` to manage and proxy MCP server connections. This relies on the security and integrity of the `odr.exe` executable itself (which is part of the MCP platform). User-provided input for tool parameters is converted (e.g., JSON.parse, Number) before being sent to the server. The security of tool execution depends on the C# server's (source not provided) internal implementation and its handling of these inputs. MSIX packaging involves installing a development certificate, a common but privileged step for development environments.
Updated: 2026-01-07GitHub
38
9
Medium Cost
neverinfamous icon

postgres-mcp

by neverinfamous

Sec9

A PostgreSQL database management and optimization expert system, offering interactive workflows for query analysis, index tuning, health monitoring, backup strategies, and advanced functionalities like vector search and geospatial data management. It helps users understand and improve their PostgreSQL database performance and health.

Setup Requirements

  • ⚠️Requires a running PostgreSQL Instance (connection details via DATABASE_URI environment variable).
  • ⚠️Full functionality depends on PostgreSQL Extensions (e.g., pg_stat_statements, hypopg, pgvector, PostGIS) which must be manually installed in the database.
  • ⚠️Docker is the recommended deployment method, implying users need Docker installed.
Verified SafeView Analysis
The server features a robust `SafeSqlDriver` that, when operating in `RESTRICTED` access mode (the recommended deployment default), explicitly forbids DDL (CREATE, ALTER, DROP, TRUNCATE), DML (INSERT, UPDATE, DELETE), and other administrative statements, limiting operations primarily to `SELECT`. Even in `UNRESTRICTED` mode, the `execute_sql` tool includes basic SQL injection pattern detection for non-parameterized queries. Password obfuscation is applied to connection errors to prevent credential exposure. No use of `eval` or similar high-risk functions with untrusted input was identified. The `tool_filtering` mechanism further allows administrators to control exposed functionality.
Updated: 2026-01-19GitHub
PreviousPage 106 of 760Next