Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(7632)

99
832
Medium Cost
pathintegral-institute icon

mcpm.sh

by pathintegral-institute

Sec6

Centralized management for Model Context Protocol (MCP) servers, including discovery, installation, execution, and sharing, with client integration and usage analytics.

Setup Requirements

  • ⚠️Requires Python 3.12 or higher.
  • ⚠️Node.js (and 'npx') must be installed and available in PATH for managing and running many MCP servers.
  • ⚠️Public sharing ('mcpm share') downloads an external 'frpc' binary from Hugging Face CDN, requiring internet access and trust in this third-party binary.
Verified SafeView Analysis
The 'share' command exposes local MCP servers publicly via a dynamically downloaded 'frpc' tunnel binary. While this functionality is optional and offers API key authentication, it requires trust in the 'frpc' binary and opens the local machine to external network requests. Disabling authentication via '--no-auth' significantly increases risk. The system also relies on 'npx' (Node.js) for many server types, introducing dependency risks.
Updated: 2025-12-10GitHub
99
797
Medium Cost
datalayer icon

jupyter-mcp-server

by datalayer

Sec7

The Jupyter MCP Server enables AI agents to connect to, manage, and interact with Jupyter Notebooks in real-time, facilitating contextualized coding tasks.

Setup Requirements

  • ⚠️Requires a running JupyterLab server (or JupyterHub) with a specified authentication token.
  • ⚠️Specific Python dependency installation order for `pycrdt` and `datalayer_pycrdt` is necessary.
  • ⚠️For advanced JupyterLab integration features, `jupyter-mcp-tools` must be installed as a JupyterLab extension in the target Jupyter environment.
Verified SafeView Analysis
The server includes tools (`execute_code`, `execute_cell`) that are designed to execute arbitrary code within a Jupyter kernel. While this is the intended functionality, it poses an inherent risk if the calling AI agent is unconstrained or receives untrusted input. The `execute_code` tool provides explicit warnings regarding its usage. The CORS policy is broadly open (`Access-Control-Allow-Origin: *`), which is typical for desktop/browser extension integrations but could be tightened for specific production environments. No direct `eval` or `exec` of untrusted input is observed outside the designated code execution tools.
Updated: 2025-12-01GitHub
99
870
Low Cost
antfu icon

nuxt-mcp-dev

by antfu

Sec3

Provides a Model Context Protocol (MCP) server for Vite/Nuxt applications, offering AI models insights into the app's setup and module graphs.

Setup Requirements

  • ⚠️Explicitly marked as 'Experimental. Not ready for production.'
  • ⚠️Requires a Vite or Nuxt.js project environment.
  • ⚠️Automatically modifies editor/IDE configuration files (.cursor/mcp.json, .vscode/mcp.json, ~/.codeium/windsurf/mcp_config.json, .mcp.json) which might be unexpected.
Review RequiredView Analysis
The project is explicitly marked as 'Experimental. Not ready for production.' The server exposes an SSE endpoint and a message POST endpoint, which, if not handled carefully, could be a vector for attacks. Automatic updates to config files (`.cursor/mcp.json`, `.vscode/mcp.json`, `~/.codeium/windsurf/mcp_config.json`, `.mcp.json`) could be risky if the plugin itself is compromised or if arbitrary remote URLs are added via `updateConfigAdditionalServers`. The `toolsScaffold` function executes `nuxi` commands, and while `zod` schemas are used for input, potential command injection vulnerabilities could arise if parameters are not sufficiently sanitized before execution.
Updated: 2025-12-02GitHub
98
562
High Cost
googleapis icon

gcloud-mcp

by googleapis

Sec8

Enables AI assistants to interact with the Google Cloud environment using the gcloud CLI, facilitating natural language interaction, automation, and simplified cloud management workflows.

Setup Requirements

  • ⚠️Requires Node.js version 20 or higher.
  • ⚠️Requires gcloud CLI to be installed and authenticated.
  • ⚠️Initial setup involves client-specific configuration (e.g., Gemini CLI extension, editing JSON files for other AI clients).
Verified SafeView Analysis
The server leverages the underlying gcloud CLI's authentication and permissions, following the principle of least privilege. A non-configurable, always-enforced default denylist prevents execution of sensitive commands (e.g., interactive sessions, arbitrary inputs). Users can configure additional allow/denylists via JSON files. This robust access control mechanism is a strong security feature. No hardcoded secrets were found. Network exposure depends on the chosen MCP transport (e.g., stdio for local, or HTTP if configured), with `express-rate-limit` used for HTTP servers.
Updated: 2025-12-12GitHub
98
731
Low Cost
mcpjungle icon

MCPJungle

by mcpjungle

Sec7

A self-hosted gateway and registry for Model Context Protocol (MCP) servers, allowing AI agents to discover and consume tools from a central location.

Setup Requirements

  • ⚠️Requires Docker and PostgreSQL for recommended production/team deployments.
  • ⚠️Server in 'enterprise' mode requires explicit initialization (`mcpjungle init-server`) to create an admin user and obtain an access token.
  • ⚠️STDIO-based MCP servers running inside Docker require specific volume mounts (e.g., `- .:/host:ro`) to access the host filesystem, which can have security implications if not configured carefully.
Verified SafeView Analysis
The server includes robust authentication and authorization mechanisms for enterprise mode (admin/user roles, client access tokens). It uses `crypto/rand` for secure access token generation. The primary security concern lies with the STDIO transport for MCP servers, which allows executing arbitrary commands (e.g., `npx`, `uvx`) on the host machine. While in enterprise mode, registration requires admin privileges, in development mode, an unauthenticated user with network access could potentially register a malicious STDIO server, leading to Remote Code Execution (RCE) on the host. Production deployments should enforce strong network segmentation and strictly control who can register STDIO servers, and avoid mounting host filesystems as read-write volumes. The project's documentation acknowledges these risks.
Updated: 2025-12-11GitHub
98
702
Medium Cost
GreatScottyMac icon

context-portal

by GreatScottyMac

Sec8

A database-backed Model Context Protocol (MCP) server for managing structured project context, designed to be used by AI assistants and developer tools within IDEs and other interfaces for Retrieval Augmented Generation (RAG) and prompt caching.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Initial download of the `all-MiniLM-L6-v2` Sentence Transformer model (approx. 90MB) on first use for embedding services.
  • ⚠️Requires local disk storage for workspace-specific SQLite databases and ChromaDB vector stores.
Verified SafeView Analysis
The server uses Pydantic for robust input validation, mitigating common injection risks. FTS (Full-Text Search) queries are pre-processed to prevent FTS5-specific injection vulnerabilities. No hardcoded secrets were identified in the provided source. When run in HTTP mode (via FastAPI/Uvicorn), it has standard web security considerations. When run in STDIO mode, the attack surface is significantly reduced. The `chromadb.PersistentClient` uses `allow_reset=True` during initialization, which is acceptable for development but should be reviewed for production if strict data immutability is required.
Updated: 2025-12-06GitHub
98
594
Medium Cost
laravel icon

mcp

by laravel

Sec6

Rapidly building Model Context Protocol (MCP) servers for Laravel applications, enabling AI clients to interact with the application through defined tools, resources, and prompts.

Setup Requirements

  • ⚠️Requires a Laravel 10.x+ application with PHP 8.1+.
  • ⚠️For OAuth functionality, Laravel Passport must be installed and configured in the host application.
  • ⚠️The default `redirect_domains` configuration (`*`) for OAuth clients (in `config/mcp.php`) is a critical security risk and MUST be changed by the developer to a specific list of allowed domains.
  • ⚠️Using the `mcp:inspector` command requires Node.js and npx to be installed on the system.
Verified SafeView Analysis
The OAuth registration endpoint allows for client registration with redirect URIs. By default, `config('mcp.redirect_domains')` is set to `*`, which means any redirect URI is permitted. This default configuration poses a significant open redirect vulnerability if not explicitly secured by the developer to a restricted list of domains. The server correctly implements `WWW-Authenticate` headers for 401 responses, supporting both Laravel Passport OAuth and general Bearer tokens. All `eval` calls are confined to test files and are used for dynamic class creation for testing purposes, posing no production security risk. JSON-RPC request parsing includes checks for valid JSON and protocol version.
Updated: 2025-12-12GitHub
98
1575
High Cost
glidea icon

zenfeed

by glidea

Sec7

An AI-powered information hub that acts as an intelligent RSS reader, real-time news knowledge base, and personal assistant for monitoring events and delivering analysis reports.

Setup Requirements

  • ⚠️Docker and Docker Compose are required for deployment.
  • ⚠️Requires API keys for Large Language Models (LLMs), such as SiliconFlow or Google Gemini. These are not free.
  • ⚠️Lack of authentication means strict firewall/security group rules are CRITICAL to prevent API_KEY leakage if exposed to public networks.
  • ⚠️Relies on an RSSHub instance (provided in docker-compose, but needs to be functional).
  • ⚠️Content processing using LLMs can incur significant token costs.
Verified SafeView Analysis
The server lacks built-in authentication, which means exposing it directly to public networks could lead to unauthorized access and API_KEY leakage. Users are explicitly warned in the README to configure strict firewall/security group rules and are responsible for safeguarding API keys and credentials. The default `docker-compose.yml` exposes several ports (1400, 1300, 1301, 9090) that need careful management.
Updated: 2025-11-22GitHub
98
575
Medium Cost
johnhuang316 icon

code-index-mcp

by johnhuang316

Sec8

Provides intelligent code indexing, searching, and analysis capabilities for large language models to understand and navigate codebases.

Setup Requirements

  • ⚠️Requires Python 3.10+ and the `uv` package manager as core prerequisites.
  • ⚠️Optimal performance for `search_code_advanced` depends on the availability of external command-line tools like `ugrep`, `ripgrep`, or `ag` in the system's PATH. It falls back to slower pure-Python or basic `grep` if preferred tools are not found.
  • ⚠️Real-time file monitoring for auto-refresh requires the `watchdog` Python library; if unavailable, this feature is disabled (troubleshooting suggests `pip install watchdog`).
Verified SafeView Analysis
The server uses `subprocess.run` to execute external search tools (`ugrep`, `ripgrep`, `ag`, `grep`). While necessary for performance, this introduces a risk of command injection if input is not perfectly sanitized. The project mitigates this by using `is_safe_regex_pattern` to validate regex patterns and appending `--` to separate arguments from search patterns for some tools. File system operations are mostly contained within project-specific temporary directories. No direct `eval` or `exec` is used. No hardcoded secrets were found within the server's own code.
Updated: 2025-11-27GitHub
98
667
High Cost
cisco-ai-defense icon

mcp-scanner

by cisco-ai-defense

Sec9

A Python tool for scanning MCP (Model Context Protocol) servers and tools for potential security findings, combining Cisco AI Defense inspect API, YARA rules, and LLM-as-a-judge to detect malicious MCP tools.

Setup Requirements

  • ⚠️Requires Python 3.11+
  • ⚠️Recommends 'uv' (Python package manager)
  • ⚠️Requires a valid Cisco AI Defense API Key for API analyzer (paid service)
  • ⚠️Requires an LLM Provider API Key for LLM analyzer (e.g., OpenAI, Anthropic, Google - may be paid service)
  • ⚠️For local LLMs (e.g., Ollama), MCP_SCANNER_LLM_API_KEY must be set to any value, even if not a real key.
Verified SafeView Analysis
The project demonstrates strong security practices for its intended use case. API keys and sensitive information are handled via environment variables and Pydantic's SecretStr. The LLM analyzer employs randomized delimiters to prevent prompt injection, and explicitly warns if such injection is detected. The stdio server command execution is carefully managed using `shlex.split` and executable path resolution to mitigate command injection risks. The core functionality is security scanning, making it inherently safe when used as intended.
Updated: 2025-12-11GitHub
98
562
Low Cost
saidsurucu icon

yargi-mcp

by saidsurucu

Sec3

Provides LLM applications programmatic access to various Turkish legal sources (Court of Cassation, Council of State, Constitutional Court, etc.) for legal research, decision searching, and document retrieval.

Setup Requirements

  • ⚠️Requires Python 3.11+ and 'uv' package manager (for streamlined installation).
  • ⚠️Semantic search functionality requires a paid OpenRouter API Key ('OPENROUTER_API_KEY').
  • ⚠️Authentication requires Clerk API Keys ('CLERK_PUBLISHABLE_KEY', 'CLERK_SECRET_KEY') and a 'JWT_SECRET_KEY' for token signing, indicating a SaaS dependency.
  • ⚠️Persistent OAuth session storage defaults to temporary files; Redis ('UPSTASH_REDIS_REST_URL', 'UPSTASH_REDIS_REST_TOKEN') is recommended for production/multi-machine deployment.
  • ⚠️Windows users may need 'Microsoft Visual C++ Redistributable' for certain Python packages.
Review RequiredView Analysis
CRITICAL RISK: Multiple API clients (Yargıtay, Danıştay, Emsal, Uyuşmazlık, KİK) explicitly disable SSL certificate verification (`verify=False` in httpx.AsyncClient or `ssl.CERT_NONE`, `check_hostname=False` in SSL context). This makes the application highly vulnerable to Man-in-the-Middle attacks, allowing attackers to intercept or alter communication with external legal databases. Additionally, a fallback Brave API token is hardcoded in the KVKK client, and a 'DOCUMENT_ID_ENCRYPTION_KEY' is hardcoded in the KİK v2 client for URL construction, which, if intended for security, represents a secret exposure. OAuth session and token storage can default to a system's temporary directory if Redis is not configured, posing a risk.
Updated: 2025-12-13GitHub
98
636
Medium Cost
bgauryy icon

octocode-mcp

by bgauryy

Sec9

Enables AI assistants to search, analyze, and extract insights from millions of GitHub repositories, supporting deep code research, architectural analysis, and pattern discovery. It provides a structured interface for AI to interact with GitHub codebases.

Setup Requirements

  • ⚠️Requires Node.js v20 or higher.
  • ⚠️Requires GitHub authentication (via GitHub CLI `gh auth login` or a Personal Access Token with `repo`, `read:user`, `read:org` scopes).
  • ⚠️The `packageSearch` tool relies on `npm` and `python` CLIs being available in the system's PATH.
  • ⚠️By default, anonymous operational data is logged to an external Octocode service. This can be disabled by setting the `LOG=false` environment variable.
Verified SafeView Analysis
The server implements robust input validation to prevent common vulnerabilities like prototype pollution and limits input sizes (e.g., string length, array size). Output content is thoroughly sanitized using an extensive set of regex patterns (over 1000) to detect and redact various sensitive data types (e.g., API keys, tokens, credentials, private keys) before being returned. External command execution (e.g., GitHub CLI `gh`, `npm`) is handled securely via `spawn` with careful argument validation (e.g., no null bytes, length checks) and environment variable sanitization to prevent shell injection. GitHub API interactions are rate-limited and handle errors gracefully. A notable privacy consideration is the default-enabled logging of anonymous operational data (tool calls, repositories, research goals) to an external service (`https://octocode-mcp-host.onrender.com/log`). While stated as anonymous and for operational insight, this involves transmitting developer activity data. This logging can be explicitly disabled by setting the `LOG=false` environment variable.
Updated: 2025-12-09GitHub
PreviousPage 11 of 636Next