Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

98
726
Medium Cost
GreatScottyMac icon

context-portal

by GreatScottyMac

Sec8

Manages structured project context for AI assistants and developer tools, enabling Retrieval Augmented Generation (RAG) and prompt caching within IDEs.

Setup Requirements

  • ⚠️Python 3.10+ required
  • ⚠️uv recommended for installation
  • ⚠️Manual handling of `alembic.ini` may be needed for older workspaces during migration if auto-provisioning fails
Verified SafeView Analysis
Good input validation using Pydantic and parameterized SQL queries prevents common injection attacks. Active dependency management addresses known CVEs (e.g., `filelock`, `mcp`, `authlib`, `starlette`, `urllib3`). The local ML embedding model (`all-MiniLM-L6-v2`) carries standard supply chain risks. While paths for workspace data are derived from `workspace_id` (a local path typically provided by the IDE), this relies on the client providing a trusted path. A maliciously crafted `workspace_id` in some deployment scenarios (e.g., if an external untrusted client directly controls it) could potentially lead to directory traversal or unintended file system operations, though the primary `--base-path` CLI option does sanitize the workspace ID component.
Updated: 2026-01-19GitHub
98
1134
Medium Cost
korotovsky icon

slack-mcp-server

by korotovsky

Sec6

Provides a Model Context Protocol (MCP) server for integrating Slack workspace data and communication capabilities with AI models and agents.

Setup Requirements

  • ⚠️Requires obtaining and securely managing sensitive Slack authentication tokens (xoxp, xoxb, or both xoxc/xoxd). Obtaining browser tokens (xoxc/xoxd) involves using browser developer tools, while OAuth tokens require creating and configuring a Slack app with specific permissions.
  • ⚠️External dependencies are required based on the chosen deployment method: Go runtime for direct execution, Node.js/npm for 'npx' installation, or Docker for containerized deployment. For SSE transport with HTTPS, Ngrok (and an NGROK_AUTH_TOKEN) is often recommended.
  • ⚠️For Enterprise Slack environments, custom configuration of 'SLACK_MCP_USER_AGENT' and 'SLACK_MCP_CUSTOM_TLS' (for custom TLS handshakes) may be necessary for proper operation. Debugging with HTTP Toolkit may require setting 'SLACK_MCP_SERVER_CA_TOOLKIT'.
Verified SafeView Analysis
The server relies on highly sensitive Slack authentication tokens (xoxc/xoxd, xoxp, xoxb), which grant extensive access to Slack workspace data. Their security is paramount and depends on strict environment variable management. The 'stealth mode' using browser tokens (xoxc/xoxd) and custom TLS fingerprinting (utls) is an advanced technique that might bypass Slack's official API app controls, but is inherently fragile and could be against Slack's terms of service, leading to potential blocking or detection. The custom TLS implementation also introduces complexity, and while intended for enterprise compatibility, could pose risks if not perfectly secure. The 'conversations_add_message' tool, which allows posting messages, is disabled by default, which is a good security practice; if enabled, it offers channel-specific restrictions. Sensitive cached data (users, channels) is stored in local files, requiring secure file system permissions. No 'eval' or obfuscation was found in the provided code.
Updated: 2026-01-08GitHub
98
1575
High Cost
glidea icon

zenfeed

by glidea

Sec7

An AI-powered information hub that acts as an intelligent RSS reader, real-time news knowledge base, and personal assistant for monitoring events and delivering analysis reports.

Setup Requirements

  • ⚠️Docker and Docker Compose are required for deployment.
  • ⚠️Requires API keys for Large Language Models (LLMs), such as SiliconFlow or Google Gemini. These are not free.
  • ⚠️Lack of authentication means strict firewall/security group rules are CRITICAL to prevent API_KEY leakage if exposed to public networks.
  • ⚠️Relies on an RSSHub instance (provided in docker-compose, but needs to be functional).
  • ⚠️Content processing using LLMs can incur significant token costs.
Verified SafeView Analysis
The server lacks built-in authentication, which means exposing it directly to public networks could lead to unauthorized access and API_KEY leakage. Users are explicitly warned in the README to configure strict firewall/security group rules and are responsible for safeguarding API keys and credentials. The default `docker-compose.yml` exposes several ports (1400, 1300, 1301, 9090) that need careful management.
Updated: 2025-11-22GitHub
98
725
Medium Cost
stickerdaniel icon

linkedin-mcp-server

by stickerdaniel

Sec8

Enables AI assistants to connect to LinkedIn for accessing profiles, companies, job searches, and job details via web scraping.

Setup Requirements

  • ⚠️Docker required for most deployment methods (including Claude Desktop DXT)
  • ⚠️Requires LinkedIn manual authentication (via browser login for session file or `li_at` cookie)
  • ⚠️Requires `uv` package manager and Playwright Chromium browser installed locally for `uvx` setup or development
  • ⚠️Python 3.12+ required for local development
Verified SafeView Analysis
The server performs web scraping on LinkedIn. It handles sensitive user-provided LinkedIn session data (stored in `~/.linkedin-mcp/session.json` or provided via `li_at` cookie), which requires the user to ensure its security. The code does not contain 'eval', obfuscation, or hardcoded secrets. It explicitly warns users about potential violations of LinkedIn's Terms of Service regarding web scraping.
Updated: 2026-01-19GitHub
98
746
High Cost
cisco-ai-defense icon

mcp-scanner

by cisco-ai-defense

Sec8

Scans Model Context Protocol (MCP) servers, tools, prompts, and resources for security vulnerabilities, employing static analysis, YARA rules, Cisco AI Defense API, and LLM-based behavioral analysis.

Setup Requirements

  • ⚠️Requires Python 3.11+
  • ⚠️Requires 'uv' Python package manager for recommended installation
  • ⚠️Requires Cisco AI Defense API Key for API Analyzer
  • ⚠️Requires LLM Provider API Key (e.g., OpenAI, AWS Bedrock) for LLM and Behavioral Analyzers
Verified SafeView Analysis
The `mcp-scanner` is designed to detect security vulnerabilities in *other* MCP servers and tools. It employs robust static analysis techniques, integrates with Cisco AI Defense API, and uses LLM-as-a-judge for behavioral analysis. The tool itself follows good security practices by using environment variables for API keys and randomized delimiters to prevent prompt injection in its LLM interactions. File and function size limits are applied when scanning source code to prevent resource exhaustion during analysis.
Updated: 2026-01-14GitHub
98
609
Medium Cost
mbailey icon

voicemode

by mbailey

Sec6

Provides robust voice interaction capabilities for Model Context Protocol (MCP) agents, enabling real-time speech-to-text (STT) and text-to-speech (TTS) functionalities, with support for local and cloud-based services. It also includes tools for audio playback (DJ), service management, and diagnostics.

Setup Requirements

  • ⚠️Requires `uv` for Python package management during installation.
  • ⚠️`FFmpeg` is a critical system dependency for audio processing, and must be installed separately.
  • ⚠️`sudo` access is typically needed for system package installation on Linux.
  • ⚠️Requires a functional microphone/audio input device for voice interaction capabilities.
  • ⚠️`webrtcvad` (for silence detection) requires C/C++ build tools (e.g., `gcc`, `python3-dev`) to be installed prior to Python package installation.
  • ⚠️Local Whisper/Kokoro services require manual installation (via `voice-mode whisper install`/`kokoro install`), or an `OPENAI_API_KEY` is needed for cloud-based STT/TTS services.
Verified SafeView Analysis
Extensive use of `subprocess.run`/`Popen` for system integration (package installation, Git cloning, running services) poses a risk for command injection if user-provided input is not rigorously sanitized, though `Path` objects and `shlex.split` offer some protection. The `serve` command exposes the MCP server via HTTP/SSE, requiring explicit configuration of IP allowlisting, secret path, or token authentication to prevent unauthorized access. Trust in external repositories (whisper.cpp, kokoro-fastapi) and their integrity is assumed for installation.
Updated: 2026-01-19GitHub
98
556
Medium Cost
steipete icon
Sec7

Transforms an AI assistant into a macOS automation agent, enabling it to execute AppleScript and JXA commands to control applications and system functions.

Setup Requirements

  • ⚠️Requires macOS (AppleScript/JXA are macOS-specific).
  • ⚠️Requires Node.js (version >=18.0.0).
  • ⚠️CRITICAL: Requires explicit user permission grants for 'Automation' and 'Accessibility' in macOS System Settings for the application running the server (e.g., Terminal, Node).
Review RequiredView Analysis
The server's core functionality is to execute arbitrary AppleScript/JXA code, which by its nature, can be a high-risk operation if misused. While the `placeholderSubstitutor.ts` correctly sanitizes inputs for its specific placeholders, a malicious client could craft scripts that delete files, access sensitive data, or install malware. The README explicitly warns that the application running this server (e.g., Terminal, Node.js) requires manual user grants for macOS 'Automation' and 'Accessibility' permissions, which bestow significant control over the system. Therefore, while the server itself appears to handle its specific input sanitization well, the inherent power of arbitrary code execution makes it a high-privilege target.
Updated: 2026-01-13GitHub
98
584
Low Cost
saidsurucu icon

yargi-mcp

by saidsurucu

Sec2

Provides programmatic access to various Turkish legal databases (e.g., Yargıtay, Danıştay, Constitutional Court) as a Model Context Protocol (MCP) server for integration with Large Language Model (LLM) applications like Claude AI.

Setup Requirements

  • ⚠️Requires Python 3.11 or newer.
  • ⚠️Requires `uv` (Astral's package manager/runner) for local execution.
  • ⚠️Windows users may need Microsoft Visual C++ Redistributable.
  • ⚠️Authentication (if enabled) requires `CLERK_PUBLISHABLE_KEY`, `CLERK_SECRET_KEY`, and `JWT_SECRET_KEY` environment variables. Clerk is a paid service provider.
  • ⚠️Persistent OAuth session storage requires `UPSTASH_REDIS_REST_URL` and `UPSTASH_REDIS_REST_TOKEN` environment variables; otherwise, it falls back to in-memory storage, which is not suitable for multi-machine deployments.
Review RequiredView Analysis
CRITICAL: The API clients (Yargıtay, Danıştay, Emsal, Uyuşmazlık, KIK) use `verify=False` in `httpx.AsyncClient` when making requests to external APIs, disabling SSL/TLS certificate verification. This makes the application highly vulnerable to Man-in-the-Middle (MITM) attacks, allowing an attacker to intercept or modify communication with upstream legal databases. Additionally, a hardcoded AES-256-CBC encryption key (`KikV2ApiClient.DOCUMENT_ID_ENCRYPTION_KEY`) is used for document ID encryption, which is a severe security flaw if intended for any form of protection, as the key is publicly available. There is also a hardcoded fallback API token for Brave Search in `KvkkApiClient`.
Updated: 2026-01-15GitHub
98
674
Low Cost
bgauryy icon

octocode-mcp

by bgauryy

Sec9

The Octocode Research server enables AI agents to perform expert code forensics and deep-dive research across local filesystems (LSP, ripgrep, file I/O) and external GitHub repositories (code search, repo structure, pull requests, package search). It's optimized for architectural analysis, pattern discovery, and implementation planning.

Setup Requirements

  • ⚠️Requires Node.js v20 or higher.
  • ⚠️GitHub API tools require authentication (GitHub token via OAuth, gh CLI, or PAT). Without it, rate limits will be hit quickly.
  • ⚠️Local tools (`ripgrep`, `ls`, `find`) depend on these commands being installed and available in the system's PATH. LSP tools require a compatible LSP server (e.g., `typescript-language-server`).
  • ⚠️Uses port 1987 by default; a conflict will prevent the server from starting.
Verified SafeView Analysis
The server implements strong security measures including Zod-based input validation, explicit path traversal protection, and command injection prevention for spawned child processes (e.g., `ripgrep`, `ls`). Sensitive data is redacted from logs and output. Authentication tokens are handled securely via environment variables, GitHub CLI, or an encrypted local store. The server binds to `localhost` by default. External exposure would require additional security layers.
Updated: 2026-01-18GitHub
98
541
Low Cost
vercel icon

mcp-handler

by vercel

Sec8

Provides a Vercel adapter for the Model Context Protocol (MCP), enabling real-time communication between applications and AI models through Next.js or Nuxt.

Setup Requirements

  • ⚠️Requires @modelcontextprotocol/sdk@1.25.2 or later due to a known security vulnerability in prior versions (as explicitly stated in the README).
  • ⚠️Requires a Next.js 13+ or Nuxt 3+ project as a host framework.
  • ⚠️Requires Node.js 18+.
  • ⚠️While Redis integration is optional for the Streamable HTTP transport, it is mandatory if the Server-Sent Events (SSE) transport is enabled. If SSE is used without a `REDIS_URL` or `KV_URL` environment variable, the server will fail to initialize SSE functionality.
Verified SafeView Analysis
The code correctly handles proxy headers (X-Forwarded-Host, X-Forwarded-Proto, Forwarded) to prevent URL spoofing and ensure accurate public-facing URLs. It implements Bearer token authentication following MCP Authorization Specification, including checks for required tokens, scopes, and token expiration, and returns appropriate WWW-Authenticate headers. Explicit CORS headers are set for OAuth metadata endpoints. For Server-Sent Events (SSE), it integrates with Redis for messaging, relying on secure external configuration of the Redis URL via environment variables. Comprehensive cleanup logic for SSE connections helps prevent resource leaks and potential denial-of-service issues. No instances of 'eval', code obfuscation, hardcoded secrets, or overtly malicious patterns were identified. Security heavily depends on the secure configuration of its host environment (e.g., Next.js/Nuxt) and Redis.
Updated: 2026-01-09GitHub
98
552
Medium Cost
xing5 icon
Sec9

Acts as an AI assistant's gateway to Google Sheets for automation and data manipulation.

Setup Requirements

  • ⚠️Requires prior setup in Google Cloud Platform (creating a project, enabling Google Sheets and Drive APIs).
  • ⚠️Authentication is critical and involves choosing one of four methods (Service Account, OAuth 2.0, Direct Credential Injection, Application Default Credentials), each with specific environment variables and setup steps.
  • ⚠️Requires 'uv' (specifically 'uvx') to be installed for the recommended quick start method.
Verified SafeView Analysis
The server uses standard Google API client libraries for authentication and API interaction. It relies on environment variables for sensitive configurations like credential paths, folder IDs, or base64-encoded credential content, avoiding hardcoded secrets. The default binding to '0.0.0.0' means it listens on all interfaces, requiring proper host-level firewalling. The broad Google Sheets and Drive API scopes are necessary for its functionality, and the README clearly advises users on appropriate permissions for service accounts, indicating that the primary security responsibility lies with the user's Google Cloud credential management.
Updated: 2025-12-06GitHub
98
573
Medium Cost

mem-agent-mcp

by firstbatchxyz

Sec8

Provides a Model Context Protocol (MCP) server for a memory agent, enabling LLMs to interact with an Obsidian-like memory system for contextual assistance and RAG.

Setup Requirements

  • ⚠️Requires either macOS with Metal support or Linux with a compatible GPU for local vLLM, or relies on an external OpenAI-compatible proxy.
  • ⚠️Requires a separate LLM model server (vLLM or LM Studio) or LiteLLM proxy running concurrently.
  • ⚠️Integration with client applications (Claude Desktop, LM Studio) involves manual file copying and restarts.
Verified SafeView Analysis
The server can operate locally, enhancing privacy. Integrations with services like GitHub and Google Docs require API tokens, which need to be managed securely. Exposing the MCP server via ngrok for external access introduces standard network security considerations.
Updated: 2025-11-17GitHub
PreviousPage 11 of 760Next