Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

38
12
Medium Cost
StuMason icon
Sec9

Integrate with and manage resources, applications, services, databases, and deployments on a Coolify platform via a standardized Model Context Protocol (MCP) interface.

Setup Requirements

  • ⚠️Requires a Coolify API Access Token to be set as the `COOLIFY_ACCESS_TOKEN` environment variable.
  • ⚠️Requires the base URL of your Coolify instance to be set as the `COOLIFY_BASE_URL` environment variable.
  • ⚠️Requires specific configuration in a `claude_desktop_config.json` file to correctly integrate with the Model Context Protocol environment.
Verified SafeView Analysis
The server securely handles sensitive information by requiring `COOLIFY_ACCESS_TOKEN` and `COOLIFY_BASE_URL` as environment variables, preventing hardcoded secrets. Input parameters for API calls are validated using Zod schemas, which helps mitigate common injection vulnerabilities. All external communication is performed using standard `fetch` requests, and no usage of `eval` or other potentially dangerous functions was found. The error handling for external API calls is present. The server functions as a proxy, forwarding requests to a user-configured Coolify API.
Updated: 2026-01-17GitHub
38
11
Low Cost

SchemaPin

by ThirdKeyAI

Sec9

A cryptographic protocol to ensure integrity and authenticity of tool schemas for AI agents, preventing 'MCP Rug Pull' attacks.

Setup Requirements

  • ⚠️Tool developers must securely manage cryptographic private keys.
  • ⚠️Deployment requires hosting a `.well-known/schemapin.json` endpoint for public key discovery.
  • ⚠️Building from source requires multiple language toolchains (Python, JavaScript, Go, Rust) and associated build tools.
Verified SafeView Analysis
The project's core purpose is to enhance security by cryptographically signing and verifying AI tool schemas. It uses standard, robust cryptographic algorithms (ECDSA P-256, SHA-256). It explicitly addresses supply-chain attacks and Man-in-the-Middle (MITM) risks. The main security considerations for users involve proper management of cryptographic private keys by tool developers and secure deployment of public keys via `.well-known` endpoints.
Updated: 2025-11-17GitHub
38
1
Low Cost
SamMorrowDrums icon

mcp-conformance-action

by SamMorrowDrums

Sec5

A GitHub Action for detecting changes to Model Context Protocol (MCP) server public interfaces by comparing API responses between branches.

Setup Requirements

  • ⚠️Requires `fetch-depth: 0` in the `actions/checkout` step to ensure full Git history for baseline comparison.
  • ⚠️The MCP server being tested must be runnable and bind to an accessible address (e.g., `0.0.0.0` or `127.0.0.1` for HTTP transport) within the GitHub Actions runner environment.
  • ⚠️If using a `start_command` for HTTP transport, `startup_wait_ms` or `pre_test_wait_ms` may need to be adjusted if the server takes longer to start.
Verified SafeView Analysis
This project is a GitHub Action designed to execute user-provided shell commands for installing, building, and starting an MCP server for testing. The commands (`install_command`, `build_command`, `start_command`, `pre_test_command`, `post_test_command`, `http_start_command`) are executed using `sh -c` or `spawn` without explicit input sanitization within the action's source code. This introduces a command injection vulnerability if the inputs to the action (e.g., from a pull request by an untrusted user) contain malicious shell commands. While this is a common pattern for GitHub Actions that run user scripts, it means the security depends entirely on the trustworthiness of the workflow definition and its inputs, rather than the action itself providing safeguards. It is not an MCP server itself, but a tool for testing them.
Updated: 2026-01-18GitHub
38
12
Medium Cost
effytech icon

freshservice_mcp

by effytech

Sec8

Integrates AI models with Freshservice for automated IT service management operations across tickets, changes, products, requesters, agents, and solution articles.

Setup Requirements

  • ⚠️Requires a Freshservice account and API key (may be a paid service).
  • ⚠️Requires 'uvx' (or 'uv') for Python environment management.
  • ⚠️Python 3.13 or higher is required.
  • ⚠️Correctly setting `FRESHSERVICE_APIKEY` and `FRESHSERVICE_DOMAIN` environment variables is critical.
Verified SafeView Analysis
The server uses environment variables for sensitive API keys, which is good practice. It handles API requests via `httpx` and `base64` for basic authentication. There are no obvious signs of 'eval', obfuscation, or hardcoded secrets. Filtering functions pass query strings directly to the Freshservice API; while URL-encoded, the underlying Freshservice API's handling of these queries would determine vulnerability to injection, not this server's direct code.
Updated: 2025-12-01GitHub
38
7
High Cost
clempat icon

ai-tools-flake

by clempat

Sec8

Unified Nix flake for configuring AI tools, MCP servers, and AI agents across Claude Code, OpenCode, and other platforms.

Setup Requirements

  • ⚠️Requires Home Manager `unstable` branch.
  • ⚠️Recommends Nixpkgs `nixos-unstable`.
  • ⚠️Full functionality for many agents (e.g., Atlassian, GitHub, Sentry MCPs) requires configuration of various external API keys.
Verified SafeView Analysis
The project leverages Nix for declarative configuration, enhancing reproducibility and auditability of dependencies. Agent definitions explicitly instruct to avoid hardcoding secrets and encourage credential vaults or environment variables. The `mcp-gateway` acts as a stdio-to-HTTP proxy, introducing a controlled network interaction point, which is a common pattern for bridging MCP types. The `nixos-command-not-found` skill uses `nix shell` for execution, providing some isolation. Overall, appears well-considered within the Nix ecosystem.
Updated: 2026-01-14GitHub
38
1
Medium Cost
looptech-ai icon

artifact-mcp

by looptech-ai

Sec8

AI agent server for high-fidelity document generation and manipulation (Word, Excel, PowerPoint, PDF, Markdown, EPUB, MS Project, Email) via a declarative workspace pattern.

Setup Requirements

  • ⚠️Requires an MCP client to interact with its tools.
  • ⚠️EPUB document generation and editing requires the `EbookLib` Python package (`pip install EbookLib`).
  • ⚠️Reading Outlook `.msg` files (for email analysis/editing) requires the `extract-msg` Python package (`pip install extract-msg`).
  • ⚠️PDF chart generation functionality requires the `matplotlib` Python package.
  • ⚠️Visio (`.vsdx`) document generation and editing relies on the `vsdx` Python package (`pip install vsdx`) and is template-based, meaning it cannot create shapes from scratch without an existing .vsdx template.
  • ⚠️Markdown to HTML export functionality requires the `markdown` Python package (`pip install markdown`).
Verified SafeView Analysis
Uses robust path validation (`artifact_mcp.config.validate_path`) to sandbox all file operations within a defined workspace (`./workspace`), mitigating directory traversal risks. Leverages well-established document processing libraries (python-docx, openpyxl, python-pptx, WeasyPrint, ebooklib, vsdx, markdown, email) which handle underlying file formats. Custom XML manipulation for specific Word/PPTX features (e.g., comments, sections, fields) is present but targets predefined document structures, reducing the risk of arbitrary XML injection. `yaml.safe_load` is used for Markdown front matter, which is generally secure against arbitrary code execution. No direct `eval` or unvalidated `subprocess` calls were observed. Overall, the implementation appears secure for its intended sandboxed document generation purpose.
Updated: 2025-11-26GitHub
38
36
High Cost
Teradata icon
Sec6

A comprehensive Model Context Protocol (MCP) server for Teradata, exposing a rich suite of database administration, data quality, security, SQL optimization, vector store, plotting, backup/restore, feature store, and LLM chat/RAG capabilities as MCP tools for client applications like AI agents.

Setup Requirements

  • ⚠️Requires a running Teradata Database (version >= 17.20).
  • ⚠️Requires Teradata-specific Python client libraries (`teradataml`, `teradatagenai`, `tdfs4ds`).
  • ⚠️For Backup & Restore features, a Teradata DSA (Data Stream Architecture) system must be installed and accessible. Insecure default credentials (`admin`/`admin`) are used if environment variables are not set for DSA.
  • ⚠️For Chat Completion features, an OpenAI-compatible `CompleteChat` Java Table Operator UDF must be installed in the Teradata database.
  • ⚠️Extensive environment variable configuration is necessary to enable all features securely.
Verified SafeView Analysis
The `eval` function in `src/teradata_mcp_server/utils.py` is used with a restricted namespace, limiting direct arbitrary code execution risk. However, `src/teradata_mcp_server/tools/bar/dsa_client.py` sets default `DSA_USERNAME='admin'` and `DSA_PASSWORD='admin'` if not overridden by environment variables, posing a critical security vulnerability if deployed in production. The `chat_tools.py` can be configured with `ignore_https_verification=True` for external LLM calls, which is an insecure option. Authentication attempts are rate-limited.
Updated: 2026-01-05GitHub
38
11
High Cost
bluewings1211 icon

codebase-RAG

by bluewings1211

Sec8

A Retrieval-Augmented Generation (RAG) server designed to assist AI agents and developers in understanding and navigating codebases through semantic search.

Setup Requirements

  • ⚠️Requires a locally running vector database (Qdrant) for persistent storage.
  • ⚠️Requires a locally running embedding model server (Ollama or MLX Server) for generating code embeddings.
  • ⚠️A Python 3.8+ environment with 'uv' (a modern package manager) is necessary for setup and running the server/tools.
Verified SafeView Analysis
The server's core functionality involves extensive file system access (`os.walk`, file I/O) to read and index codebases. This is an inherent risk for any code analysis tool. However, the system includes mitigations such as respecting `.ragignore` files and internal exclusion lists (`exclude_dirs`, `exclude_patterns` in `ProjectAnalysisService`). Input validation (`PromptValidator`) specifically checks for dangerous directory patterns (e.g., path traversal attempts) in user-provided paths. Network connections are primarily to configurable local services (Qdrant, Ollama, MLX Server), reducing exposure to arbitrary external network risks. No direct `eval()` or `exec()` on untrusted user input was observed. The main residual risk is the potential exposure of sensitive internal code if an untrusted codebase is indexed and then queried by an LLM, or if internal code could be misused through generated LLM responses. Overall, it appears robust against common remote execution vulnerabilities, but careful deployment and use with trusted codebases are recommended.
Updated: 2025-12-11GitHub
38
9
High Cost
Daghis icon

teamcity-mcp

by Daghis

Sec9

A Model Control Protocol (MCP) server that bridges AI coding assistants with JetBrains TeamCity CI/CD server, exposing TeamCity operations as MCP tools.

Setup Requirements

  • ⚠️Requires Node.js version >= 20.10.0 and < 21.
  • ⚠️Requires access to a running JetBrains TeamCity Server 2020.1+ with its REST API enabled.
  • ⚠️A valid TeamCity authentication token with appropriate permissions is mandatory for operation.
Verified SafeView Analysis
The server explicitly prioritizes sensitive configuration (TeamCity URL and Token) via CLI arguments, environment variables, or .env files, avoiding hardcoded secrets. It employs a global error handler that sanitizes messages by redacting sensitive patterns (like 'token=', 'password=', 'apikey=', 'authorization:') before logging them, enhancing security in production environments. The core API client uses Axios for HTTP requests, which is a well-vetted library. There's no apparent use of `eval` or other dynamic code execution that could introduce direct arbitrary code execution vulnerabilities.
Updated: 2026-01-19GitHub
38
50
Low Cost
nickytonline icon
Sec8

This project provides a foundational TypeScript template for developing remote Model Context Protocol (MCP) servers with robust tooling and best practices.

Setup Requirements

  • ⚠️Requires Node.js >= 22.18.0
Verified SafeView Analysis
The implementation follows good practices for Node.js applications, such as environment variable validation using Zod, structured logging with Pino, and secure session ID generation with node:crypto.randomUUID(). No explicit 'eval' or direct arbitrary code execution vulnerabilities are apparent in the provided source code. Security relies on the robustness of the underlying 'express' and '@modelcontextprotocol/sdk' libraries for request parsing and protocol adherence. Proper error handling returns generic 500 errors for unexpected issues.
Updated: 2026-01-01GitHub
38
1
Medium Cost
newline53 icon

newline-mcp-server

by newline53

Sec8

Enables AI agents to interact with the Newline Banking API for managing synthetic accounts, transfers, customers, transactions, and other banking operations via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires a Newline API HMAC authentication key (`NEWLINE_HMAC_KEY`).
  • ⚠️Requires a Newline program identifier (`NEWLINE_PROGRAM_ID`).
  • ⚠️Requires Node.js version 18.0.0 or higher.
Verified SafeView Analysis
The server uses JWT-based authentication with HMAC signing, relying on a secret key (`NEWLINE_HMAC_KEY`). While sensitive keys are loaded from environment variables as recommended, the `config.ts` provides default placeholder strings if these variables are not set. This would lead to authentication failures rather than a direct security compromise, but is a noteworthy configuration risk. The project explicitly states that external pull requests are not accepted due to operating within a regulated banking environment, and directs vulnerability reports to a HackerOne program, indicating a strong internal security focus. Proxy support is implemented via `https-proxy-agent`. Running via `npx git+...` involves executing remote code, which is a common practice but carries inherent supply chain risks.
Updated: 2025-12-12GitHub
38
12
High Cost
create-with-swift icon

Flint

by create-with-swift

Sec8

A server that generates 3D models in Blender and exports them as USDZ files from text prompts using an AI agent.

Setup Requirements

  • ⚠️Requires macOS with Blender installed at `/Applications/Blender.app/Contents/MacOS/Blender` (or `BLENDER_PATH` set in `.env`).
  • ⚠️Requires `uv` toolchain (`brew install uv`) for `uvx blender-mcp`.
  • ⚠️Requires a valid Anthropic API key (`ANTHROPIC_API_KEY`) for Claude Sonnet 4.5, which is a paid service.
Verified SafeView Analysis
The server uses `subprocess.run` to interact with Blender and the `uvx blender-mcp` toolchain, which is necessary for its functionality. Inputs to these subprocess calls are derived from controlled configurations (`BLENDER_PATH`, `EXPORT_FOLDER`, `EXPORT_FILENAME`) rather than direct user input, mitigating command injection risks. The `/download` endpoint is explicitly restricted to `exported_model.usdz` to prevent arbitrary file access. The MCP agent uses `toolAllowList` to restrict the LLM's capabilities, enhancing security by limiting potential malicious tool calls. The primary remaining risk is the inherent power of the `execute_blender_code` tool, which allows the LLM to generate and run arbitrary Python code within Blender, though the agent's constraints (max steps, prompt truncation, system hints) aim to guide it to safe operations. Hardcoded API keys are avoided, relying on `.env` for sensitive information.
Updated: 2025-11-26GitHub
PreviousPage 114 of 760Next