Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

38
13
Low Cost
josharsh icon

mcp-jest

by josharsh

Sec9

A testing framework for Model Context Protocol (MCP) servers, allowing automated validation of AI agent tools, resources, and prompts.

Setup Requirements

  • ⚠️Requires Node.js version 18 or higher to run.
  • ⚠️An external MCP-compliant server must be running or specified for testing.
  • ⚠️For HTTP-based transports (streamable-http, sse), the target MCP server must be pre-running and accessible via a specified URL.
Verified SafeView Analysis
The core `mcp-jest` framework carefully parses string-based expectations without using unsafe `eval()` or `new Function()` for user-provided input, significantly reducing injection risks. It is designed to spawn and interact with user-defined server commands and URLs, which is its intended function and not a vulnerability of the framework itself. While some example test servers within the repository (e.g., `e2e/test-server.js`) might use `Function()` for controlled dynamic execution within their own logic, this does not reflect a security flaw in the `mcp-jest` framework's handling of external input.
Updated: 2026-01-16GitHub
38
1
Medium Cost
sankalp0412 icon

stockfish-mcp

by sankalp0412

Sec7

Integrate the Stockfish chess engine with Claude Desktop for AI-assisted chess gameplay via natural language.

Setup Requirements

  • ⚠️Requires Python 3.13+
  • ⚠️Requires Stockfish chess engine (external installation)
  • ⚠️Requires Redis server (external installation and management)
Verified SafeView Analysis
Uses `pickle` for object serialization to Redis, which can be a security risk if an attacker can inject arbitrary pickled data into Redis. However, in this local context, data is self-generated and stored/retrieved by the application itself, mitigating immediate danger. Relies on an external API (fen2image.chessvision.ai) for board visuals, introducing a dependency and potential external service risks, though a timeout is implemented.
Updated: 2025-11-28GitHub
38
4
Medium Cost
zircote icon

subcog

by zircote

Sec9

Subcog acts as a persistent subconscious memory system for AI coding assistants, capturing decisions, patterns, learnings, and context from coding sessions, and surfacing them through semantic search and MCP server integration.

Setup Requirements

  • ⚠️Requires an LLM provider: OpenAI/Anthropic (paid API keys) or a locally running Ollama/LM Studio instance.
  • ⚠️First use requires downloading the `fastembed` embedding model (~100-500ms startup delay).
  • ⚠️Group management features require `SUBCOG_USER_ID` and `SUBCOG_ORG_ID` environment variables for authentication.
Verified SafeView Analysis
The project uses Rust's `forbid(unsafe_code)` for memory safety. It implements robust input validation, LLM prompt injection mitigation (XML escaping, strong system prompts), secrets and PII detection/redaction, JWT authentication with entropy validation, request rate limiting, and circuit breakers for external calls. File I/O operations include path traversal protection. Audit logging is also integrated. Score is 9, not 10, due to the inherent complexity of LLM integrations and local file storage, which always carry a residual risk, however well mitigated.
Updated: 2026-01-19GitHub
38
11
Low Cost
RadCod3 icon

LamPyrid

by RadCod3

Sec9

Automate personal finance workflows and analysis by integrating with Firefly III personal finance software via a Model Context Protocol (MCP) server.

Setup Requirements

  • ⚠️Requires a running Firefly III instance and a Personal Access Token configured for API access.
  • ⚠️Python 3.14+ and the `uv` package manager are required for local installation.
  • ⚠️Optional Google OAuth authentication requires prior setup in Google Cloud Console (Client ID, Client Secret, Server Base URL) and local generation of `JWT_SIGNING_KEY` and `OAUTH_STORAGE_ENCRYPTION_KEY`.
Verified SafeView Analysis
The server correctly uses environment variables for sensitive API tokens (`FIREFLY_TOKEN`). Google OAuth is an optional feature with secure token persistence using Fernet encryption and JWT signing keys, which are generated externally. Input sanitization (`FireflyClient._sanitize_value`) is implemented for search queries to mitigate potential injection risks into the Firefly III API query string. There are no obvious hardcoded secrets or direct command execution vulnerabilities in the provided source code. Relying on custom sanitization always carries a slight risk if edge cases are missed, but the current implementation appears robust for its intended purpose.
Updated: 2026-01-18GitHub
38
10
Medium Cost
bugzy-ai icon
Sec9

Cloud Run service for executing Claude Code AI agent tasks with secure credential handling and flexible configuration, ideal for GitOps and CI/CD workflows.

Setup Requirements

  • ⚠️Requires a Google Cloud Project with billing enabled and various GCP services (Cloud Run, Cloud KMS, Cloud Storage, Artifact Registry, Secret Manager) to be enabled and configured through `setup-project.sh`.
  • ⚠️Requires extensive IAM permissions setup (e.g., roles/run.invoker, roles/storage.objectAdmin, roles/cloudkms.cryptoKeyEncrypterDecrypter, roles/run.developer) across multiple GCP services for both the Cloud Run service and the Cloud Run Job. These are managed by `grant-job-permissions.sh` and `setup-service-account.sh`.
  • ⚠️Requires setting up Cloud KMS with a specific key ring and key (`KMS_KEY_RING`, `KMS_KEY_NAME`) for secure payload encryption. This setup is performed by the `setup-kms.sh` script.
Verified SafeView Analysis
The server demonstrates a strong focus on security, especially regarding sensitive data. Credentials (Anthropic API keys, OAuth tokens, SSH private keys, environment variables) are passed in the request payload and handled securely. They are encrypted using Google Cloud KMS before being temporarily stored in Google Cloud Storage, then decrypted in isolated Cloud Run Job workers. A local proxy prevents the Claude CLI from directly accessing real credentials. Webhook callbacks are HMAC-SHA256-signed for authenticity, using a secret retrieved from Secret Manager. Ephemeral workspaces, user isolation within Docker, and explicit environment variable control further enhance security boundaries. The use of `StrictHostKeyChecking=no` in the GitService is noted, but within the context of ephemeral, single-use workspaces, it mitigates typical man-in-the-middle concerns by preventing interactive prompts.
Updated: 2026-01-19GitHub
38
33
Medium Cost
groq icon
Sec6

Provides a Model Context Protocol (MCP) server to access Groq's AI capabilities, including ultra-fast LLM chat, vision, text-to-speech, speech-to-text, agentic tooling, and batch processing, from clients like Claude Desktop and Cursor.

Setup Requirements

  • ⚠️Requires a Groq API Key (Paid service, obtain at console.groq.com).
  • ⚠️Requires `uv` (Python package manager) or `pip` for dependency installation; Python 3.11+ is specified.
  • ⚠️Requires specific configuration within the MCP client (e.g., modifying `claude_desktop_config.json` for Claude Desktop).
  • ⚠️The designated output directory (`BASE_OUTPUT_PATH`, defaults to `~/Desktop`) must be writeable by the server process.
Review RequiredView Analysis
The server exposes agentic tooling (`compound_tool`) which explicitly enables dynamic code execution and web searches via the Groq API. While this functionality is delegated to Groq's service, it represents an inherent risk of powerful AI agents if prompts are maliciously crafted. The use of string interpolation for constructing Python commands within shell scripts (`python3 -c "..."`) is a moderate risk point, as improper sanitization of user-controlled inputs (`$AUDIO_FILE`, `$OUTPUT_DIR`, etc.) could potentially lead to command injection. Arbitrary file writes are possible if the `output_directory` parameter is controlled by a malicious client and the server process has broad file permissions. Additionally, the vision module can fetch images from arbitrary URLs, introducing potential Server-Side Request Forgery (SSRF) risks.
Updated: 2025-11-19GitHub
38
11
Low Cost
Code4Delphi icon

ia-na-pratica

by Code4Delphi

Sec5

Enables Large Language Models (LLMs) to interact with Delphi applications by exposing application functionalities as fine-grained tools, effectively creating an embedded Model Context Protocol (MCP) Server.

Setup Requirements

  • ⚠️Requires TMS AI Studio (commercial Delphi component suite).
  • ⚠️Requires Delphi development environment.
  • ⚠️Requires API Keys for chosen LLM providers (e.g., OpenAI, Google Gemini, Anthropic Claude).
  • ⚠️Specific samples may require WebView2Loader_x86.dll and WebView2Loader_x64.dll for map interaction (Edge Chromium) or Ollama for local AI.
Review RequiredView Analysis
The project describes a framework that allows LLMs to interact with application features such as file system, database manipulation, email sending/retrieval, and logging. While the documentation mentions 'structured and restricted manner' for these functionalities, granting AI such powerful access inherently carries significant security risks if not implemented with extreme caution. The potential to expose arbitrary methods via RTTI (mentioned in linked videos) also increases the attack surface. Proper sandboxing, strict access control, and thorough validation of AI-generated actions are crucial, and their implementation quality depends heavily on the developer using the framework. Without direct visibility into these safeguards, the potential for misuse or vulnerabilities is moderate to high.
Updated: 2025-12-14GitHub
38
2
High Cost
advance-group icon

jar-wise

by advance-group

Sec8

JarWise is a Java code analysis tool providing an MCP server to understand method call hierarchies, dependencies, and REST API endpoints in Java projects.

Setup Requirements

  • ⚠️Requires Java 21 or higher.
  • ⚠️Requires Gradle 8.0 or higher for building.
  • ⚠️Requires `JAR_WISE_PROJECT_PATH` environment variable set to the Java project root or root directory for scanning.
Verified SafeView Analysis
The server's primary function is to read and parse Java source code and JAR files. It does not execute arbitrary user-provided code strings. Inputs for tools like `signature` or `query` are used for lookups and pattern matching (with `Pattern.quote` for regex, mitigating injection). The `project-path` or `root-path` configuration can point to any directory, which means sensitive data could be indexed if misconfigured, but this is an intended function. Resource exhaustion (CPU/memory) is possible with extremely large codebases during indexing or complex traversals, though an LRU cache is used for multiple projects. Temporary files are created during Spring Boot JAR extraction but are configured to be deleted on exit.
Updated: 2025-12-03GitHub
38
9
Medium Cost
n0zer0d4y icon

vulcan-file-ops

by n0zer0d4y

Sec9

Transforms desktop AI assistants into powerful development partners by providing secure, user-controlled filesystem operations and code manipulation capabilities.

Setup Requirements

  • ⚠️Requires Node.js for execution.
  • ⚠️Requires explicit configuration of '--approved-folders' (CLI) or 'register_directory' tool for filesystem access.
  • ⚠️Requires explicit configuration of '--approved-commands' (CLI) or 'APPROVED_COMMANDS' (.env) for shell command execution.
Verified SafeView Analysis
The server demonstrates a very strong focus on security, actively mitigating several common vulnerabilities. It rigorously validates all file paths against a whitelist of 'allowed directories' using canonical path resolution and symlink dereferencing to prevent directory traversal (CWE-23) and symlink attacks (CVE-2025-53109). A recent 'SECURITY FIX' explicitly blocks all unapproved shell commands (CVE-2025-54795) and validates the working directory, even when unspecified, preventing execution bypasses. It also includes checks for dangerous command patterns (e.g., 'rm -rf', 'sudo') and command substitution. Write operations use atomic renames to prevent race conditions. The overall architecture is designed for secure, user-controlled access to local resources.
Updated: 2026-01-17GitHub
38
25
Medium Cost
brentmid icon
Sec9

Integrates Claude Desktop (or any MCP-compatible LLM) with Evernote for natural language contextual queries and searches over notes.

Setup Requirements

  • ⚠️Requires Evernote API credentials (Consumer Key and Consumer Secret) from a registered Evernote developer application.
  • ⚠️Requires generating self-signed SSL certificates for local HTTPS communication (handled automatically in Docker deployment).
  • ⚠️Initial OAuth 1.0a authentication flow requires browser interaction and command-line prompts.
Verified SafeView Analysis
The project demonstrates strong security practices: uses HTTPS-only, leverages Red Hat Hummingbird (Chainguard) minimal base images with zero CVEs, employs npm overrides for transitive dependency vulnerability management, implements automatic token redaction in debug logs, and limits Evernote access to read-only. A critical command injection vulnerability in the `openBrowser` function was identified and fixed in v2.2.0 by transitioning to `child_process.spawn` with array arguments, preventing shell injection. OAuth tokens are persisted in `.env` files, which should be properly secured and excluded from version control in production environments.
Updated: 2025-11-19GitHub
38
8
Medium Cost
r-brink icon

polars-mcp

by r-brink

Sec9

Provides interactive and introspectable Polars API reference documentation and conceptual usage guides via an MCP server.

Setup Requirements

  • ⚠️Requires Polars to be installed; documentation accuracy depends on the installed Polars version matching the project's used version.
  • ⚠️Requires the Model Context Protocol (MCP) framework and `mcp` Python package.
Verified SafeView Analysis
The server's core functionality relies on Python's `inspect` module to introspect the locally installed Polars package, which is generally safe as it operates on trusted Python objects. File operations are confined to loading static markdown guides from a known local directory (`guides/`). There are no indications of 'eval', 'exec', arbitrary code execution, direct external network calls beyond typical server communication, or hardcoded sensitive information. The main potential (but unlikely) risk would be if the installed Polars package itself were malicious, but the server code doesn't introduce new vulnerabilities in its interaction with Polars.
Updated: 2026-01-13GitHub
38
5
Medium Cost

carla-mcp-server

by agrathwohl

Sec6

Enables natural language control of professional audio production workflows by acting as a Model Context Protocol (MCP) server for the Carla audio plugin host, providing 45 tools across 7 functional categories.

Setup Requirements

  • ⚠️Requires Carla Audio Plugin Host and its dependencies (e.g., JACK, Wine on Linux for VSTs) to be installed separately.
  • ⚠️Strict Python 3.12+ requirement.
  • ⚠️Manual configuration of essential environment variables (CARLA_PATH, PYTHONPATH, LD_LIBRARY_PATH) for Carla integration is required.
Review RequiredView Analysis
The server offers extensive control over the Carla audio plugin host and potentially the underlying audio system (JACK, hardware). While it mentions 'comprehensive error handling and type safety,' the broad scope of control (e.g., loading arbitrary plugins, direct parameter manipulation, file operations, system audio routing) means that a compromised LLM or crafted inputs could lead to significant system disruption or resource exhaustion. It defaults to stdio for MCP communication but can be configured for network access, potentially expanding the attack surface if not properly secured.
Updated: 2025-11-17GitHub
PreviousPage 108 of 760Next