Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

38
11
High Cost
JustusBraitinger icon
Sec8

Integrates AI assistants with Autodesk Fusion 360 via the Model Context Protocol (MCP) to enable conversational CAD, AI-driven automation, and parametric control for 3D modeling.

Setup Requirements

  • ⚠️Requires a licensed Autodesk Fusion 360 installation.
  • ⚠️Requires specific AI client integration (Claude Desktop or VS Code with Copilot Chat).
  • ⚠️The installation script moves the Add-in to a Windows-specific AppData directory and deletes the original source folder, which might be unexpected.
Verified SafeView Analysis
The server operates locally via HTTP on localhost:5000, which is noted as safe for local execution but insecure on networks. Input validation primarily relies on Python's type casting (float, int, str), which helps prevent direct code injection through tool arguments. No obvious hardcoded secrets or malicious patterns were found. The main potential risk is prompt injection manipulating the AI to perform valid but unintended CAD operations, rather than arbitrary code execution on the server itself.
Updated: 2026-01-12GitHub
38
1
High Cost
tobsentobsentobs icon

a-mem-mcp-server

by tobsentobsentobs

Sec3

An agentic memory system for LLM agents based on the Zettelkasten principle, providing explicit graph-based memory, semantic retrieval, and autonomous maintenance through an MCP server.

Setup Requirements

  • ⚠️Requires local Ollama server and specific models (qwen3:4b, nomic-embed-text) if LLM_PROVIDER is 'ollama', OR a paid OpenRouter API key if 'openrouter'.
  • ⚠️If RESEARCHER_ENABLED=true, may require Google Search API Key and Custom Search Engine ID (must be set in .env to override hardcoded defaults), a local Jina Reader Docker instance (or rely on cloud API), and/or installation of `unstructured[pdf]` Python package (or a running Unstructured API) for PDF extraction.
  • ⚠️Requires `pip install rustworkx` for improved performance (GRAPH_BACKEND=rustworkx) or `pip install falkordblite`/`falkordb redis` (plus external Redis for Windows) for the experimental FalkorDB backend.
Review RequiredView Analysis
CRITICAL: Google Search API Key and Search Engine ID are hardcoded as fallback values in `src/a_mem/config.py`. This is a severe security vulnerability as it exposes credentials directly in the source code if not explicitly overridden by environment variables. This could lead to unauthorized API usage and potential billing. While `SafeGraphStore` and parameter validation add robustness, the hardcoded API key overshadows these positives. The system also makes external network calls to various APIs (OpenRouter, Google Search, Jina Reader, Unstructured) and uses file I/O for storage and temporary files, which require trust in external services and careful URL sanitization for researcher agent functions. Direct Cypher query construction in FalkorDB adapters has minor potential for injection if input sanitization were flawed, but appears to be handled reasonably for now. Event log (`events.jsonl`) can grow indefinitely without rotation or size limits.
Updated: 2025-11-29GitHub
38
9
High Cost
neverinfamous icon

memory-journal-mcp

by neverinfamous

Sec9

Provides persistent project memory and integrates GitHub workflows (issues, PRs, Kanban) to bridge fragmented AI sessions for developers.

Setup Requirements

  • ⚠️Requires Node.js 24+ (if running from source/npm directly).
  • ⚠️Requires 'GITHUB_TOKEN' environment variable for full GitHub integration (issues, PRs, Kanban).
  • ⚠️Mounting a local Git repository path ('GITHUB_REPO_PATH') is recommended for automatic repository detection, especially within Docker.
  • ⚠️Docker is the recommended deployment method for ease of setup and persistent data management.
Verified SafeView Analysis
The server demonstrates a strong security posture. It utilizes Zod for robust input validation, employs parameterized SQL queries to prevent injection attacks, and relies on environment variables (e.g., GITHUB_TOKEN) for sensitive credentials. The included SECURITY.md outlines critical measures such as WAL mode for database integrity, strict file permissions (600/700), and non-root execution in Docker containers. External network interactions are limited to documented GitHub API calls, which are an explicit feature, and HTTP/SSE transport, both handled with standard security practices like CORS and session management. No evidence of `eval`, code obfuscation, or hardcoded secrets was found.
Updated: 2026-01-18GitHub
38
8
Medium Cost
StacklokLabs icon

mcp-optimizer

by StacklokLabs

Sec8

Acts as an intelligent intermediary MCP server, providing semantic tool discovery, caching, and unified access to multiple MCP servers for AI clients.

Setup Requirements

  • ⚠️Requires ToolHive Operator and ToolHive CRDs (MCPServer) to be installed in Kubernetes for K8s runtime mode.
  • ⚠️Requires a running ToolHive (`thv serve`) for Docker runtime mode, with connection resilience handling restarts or port changes.
  • ⚠️Database migrations must be run on startup or deployment (handled automatically by CLI/Helm).
Verified SafeView Analysis
Uses f-strings for database table names, with internal warnings and controls to ensure they are not user-controlled. SQLite database file permissions are explicitly set to read/write for owner only. Relies on Kubernetes service account for in-cluster authentication. FTS queries are sanitized against common injection patterns. Binds to `0.0.0.0` for accessibility in containerized environments. No obvious 'eval' or malicious patterns found. Environment variables are used for sensitive configurations, preventing hardcoding.
Updated: 2026-01-19GitHub
38
12
Low Cost
Hacker0x01 icon
Sec8

Provides a Model Context Protocol (MCP) interface to HackerOne's GraphQL API, allowing AI agents or tools to interact with HackerOne data.

Setup Requirements

  • ⚠️Docker is required to run the server.
  • ⚠️A HackerOne API token (base64 encoded) is required for authentication.
  • ⚠️The Docker container must be piped into an MCP-compatible client; running it directly will result in an error.
Verified SafeView Analysis
The server itself is a thin wrapper over Apollo MCP Server, configured to connect to HackerOne's GraphQL API. It relies on environment variables for sensitive data like `TOKEN` (a base64 encoded API key), which is good practice for Dockerized applications. The `scripts/generate_token.sh` handles API key input securely by suppressing echo. The `MUTATION_MODE` variable allows control over write operations, defaulting to 'none' for safety. Setting `MUTATION_MODE` to 'all' or 'explicit' introduces the risk of performing sensitive operations on HackerOne, which is a user-configurable risk rather than an inherent vulnerability in the server's design. No 'eval', obfuscation, or hardcoded secrets were found.
Updated: 2025-12-03GitHub
38
12
Medium Cost
nebius icon

mcp-server

by nebius

Sec5

This service allows AI agents and assistants to fetch documentation for Nebius services and execute Nebius CLI commands through the Model Context Protocol.

Setup Requirements

  • ⚠️Requires Python 3.13+
  • ⚠️Requires 'uv' package manager installed
  • ⚠️Requires Nebius CLI (version >=0.12.65) installed and configured locally
Review RequiredView Analysis
The server explicitly warns about potential destructive and insecure consequences due to executing arbitrary Nebius CLI commands from an AI. While it implements a 'safe mode' to restrict commands related to tokens/access keys and dangerous actions (update, delete), the fundamental nature of allowing AI-generated command execution inherently carries significant risk. Users must double-check commands and avoid 'Allow always' options.
Updated: 2026-01-19GitHub
38
10
Medium Cost
tssujt icon

miniflux-mcp

by tssujt

Sec9

Manage and interact with a Miniflux RSS reader instance using the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires a running Miniflux RSS reader instance
  • ⚠️Requires Docker for recommended deployment
  • ⚠️Requires either a Miniflux API key or username/password for authentication
Verified SafeView Analysis
The server uses environment variables for sensitive credentials (API key, username, password) and performs basic validation for their presence. It relies on the Miniflux Go client library for API interactions, which is generally robust. No 'eval' or similar dangerous patterns are present. Input arguments for tools are type-checked, mitigating basic type-related vulnerabilities. Network communication for the MCP itself is via standard I/O (ServeStdio), and the server connects outbound to the configured Miniflux instance.
Updated: 2026-01-12GitHub
38
8
Medium Cost
derailed-dash icon

adk-docs-ext

by derailed-dash

Sec6

Provides up-to-date documentation for the Agent Development Kit (ADK) to the Gemini CLI, allowing the Gemini model to answer ADK-related questions accurately.

Setup Requirements

  • ⚠️Requires Gemini CLI to be installed.
  • ⚠️Relies on `uvx` to run the `mcpdoc` Python package, which `uvx` typically manages automatically but requires a Python environment.
  • ⚠️Requires internet access to fetch the `llms.txt` and ADK documentation content.
Verified SafeView Analysis
The `gemini-extension.json` configures the `mcpdoc` server with `--allowed-domains "*"`. This allows the server to fetch documentation from any domain specified in the `llms.txt` file or via the tool's methods. While the default `llms.txt` is from a trusted Google source, this broad permission creates a potential Server-Side Request Forgery (SSRF) vulnerability if the `llms.txt` source is compromised or a user configures a malicious `llms.txt`. The `GEMINI.md` also instructs the model to use `curl` for off-site content, which if not properly sandboxed by the Gemini CLI, could lead to arbitrary command execution for network requests.
Updated: 2025-12-06GitHub
38
1
Medium Cost
forayconsulting icon

google-slides-mcp

by forayconsulting

Sec9

Provides semantic, developer-friendly access to the Google Slides API for creating and manipulating presentations, abstracting away verbose low-level API calls.

Setup Requirements

  • ⚠️Extensive Google Cloud Project Setup: Requires creating a project, enabling Google Slides and Drive APIs, configuring an OAuth consent screen (including adding test users or publishing the app), and creating 'Desktop app' OAuth 2.0 client credentials.
  • ⚠️Mandatory Environment Variables: Requires GOOGLE_CLIENT_ID and GOOGLE_CLIENT_SECRET. For Cloudflare Workers, COOKIE_ENCRYPTION_KEY is also mandatory.
  • ⚠️Local OAuth Flow (Python): For local stdio transport, users must run `python scripts/get_token.py` to acquire and save OAuth tokens locally, which involves an interactive browser-based consent flow.
Verified SafeView Analysis
The project uses environment variables/secrets for sensitive Google OAuth credentials (CLIENT_ID, CLIENT_SECRET, COOKIE_ENCRYPTION_KEY). The Python implementation stores local OAuth tokens in a file with restricted permissions (0o600). There are no apparent uses of `eval`, obfuscation, or other immediately malicious patterns. Standard interactions with Google APIs (Slides, Drive, OAuth2) are expected. The FastMCP framework and Cloudflare Workers runtime provide additional security layers. The Cloudflare Workers server is publicly accessible for OAuth, which is standard for such services.
Updated: 2025-12-06GitHub
38
15
High Cost
Knuckles-Team icon

servicenow-api

by Knuckles-Team

Sec6

The ServiceNow MCP Server acts as a Model Context Protocol (MCP) endpoint, wrapping ServiceNow APIs as tools for consumption by LLMs and multi-agent systems, enabling automated interaction with ServiceNow for tasks like incident management, change management, and CMDB queries.

Setup Requirements

  • ⚠️Requires access to a ServiceNow instance with appropriate API user credentials (username/password, or client ID/secret).
  • ⚠️Requires Docker or Podman for the recommended deployment via `docker compose` or `docker run`.
  • ⚠️If using advanced authentication (e.g., OIDC proxy), an external OIDC provider's configuration URL, client ID, and client secret are mandatory.
  • ⚠️For policy-based access control, an Eunomia policy file (`mcp_policies.json`) is required for embedded mode, or a remote Eunomia server URL for remote mode.
Verified SafeView Analysis
The server supports robust authentication mechanisms like JWT, OAuth, and OIDC proxies, and integrates with Eunomia for policy-based access control, which are strong positives. However, it allows explicit disabling of SSL verification (`SERVICENOW_VERIFY=False`), which is a critical security risk (Man-in-the-Middle attacks). The `api_request` tool allows arbitrary HTTP requests to any ServiceNow endpoint, which could be exploited if Eunomia authorization is disabled or misconfigured. Sensitive credentials must be securely managed via environment variables and never hardcoded.
Updated: 2026-01-19GitHub
38
10
Medium Cost
verygoodplugins icon

mcp-freescout

by verygoodplugins

Sec9

Manages FreeScout helpdesk tickets by fetching, analyzing, updating, searching, and drafting responses, leveraging AI-powered insights for customer support workflows.

Setup Requirements

  • ⚠️Requires Node.js 18 or higher to run.
  • ⚠️A FreeScout instance with API access enabled is necessary.
  • ⚠️A FreeScout API key with appropriate read/write permissions for conversations and threads is required.
Verified SafeView Analysis
The server correctly uses environment variables for sensitive data like the FreeScout API key, avoiding hardcoded secrets. It implements robust retry logic for transient network failures and rate limiting. Input parsing for ticket IDs and URLs is handled with validation. The Markdown to HTML conversion function for draft replies includes HTML escaping to prevent XSS vulnerabilities, enhancing content security. No 'eval' or direct execution of arbitrary shell commands from user input was found.
Updated: 2026-01-15GitHub
38
11
High Cost
EOSC-Data-Commons icon

data-commons-search

by EOSC-Data-Commons

Sec5

Provides a natural language search interface over open-access scientific datasets and tools, assisted by a Large Language Model (LLM) through the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires access to a pre-indexed OpenSearch instance.
  • ⚠️Requires an API key for at least one supported LLM provider (e.g., e-infra CZ, OpenRouter) to utilize the LLM-assisted search.
  • ⚠️Requires `uv` for dependency management and running development scripts.
Review RequiredView Analysis
The server's CORS configuration sets `allow_origins=['*']`, which is a significant security risk for production deployments as it permits requests from any domain. The `/chat` endpoint's `CHAT_API_KEY` is optional, making LLM calls potentially unauthenticated and vulnerable to abuse if not set. The `search_data` tool uses `query_string` within OpenSearch, which, while generally more robust than SQL, could theoretically be susceptible to resource exhaustion attacks if highly complex or long queries are injected without proper validation. External API calls to `FileMetrix` and `Tool Registry` are made without explicit authentication in the provided code, which could be a risk if these endpoints are not publicly accessible or require authorization.
Updated: 2026-01-13GitHub
PreviousPage 112 of 760Next