Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

38
4
Medium Cost
Fervoyush icon

plotnine-mcp

by Fervoyush

Sec3

A Model Context Protocol (MCP) server that brings ggplot2's grammar of graphics to Python through plotnine, enabling AI-powered data visualization via natural language.

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️For full functionality (Parquet and Excel support), optional dependencies (`pyarrow`, `openpyxl`) must be installed via `pip install -e ".[full]"`.
  • ⚠️Requires configuration within an MCP client (e.g., Claude Desktop, Cursor, VSCode) with the full path to the `plotnine-mcp` executable or `python -m plotnine_mcp.server`.
Review RequiredView Analysis
The `apply_mutate` function in `src/plotnine_mcp/transforms.py` uses `pandas.DataFrame.eval()` with user-provided expressions, which is highly dangerous if the `mutations` parameter can be controlled by an untrusted entity, allowing arbitrary code execution. Additionally, the `data_loader.py` allows loading data from arbitrary URLs, posing a Server-Side Request Forgery (SSRF) risk if an attacker can control the `path` parameter.
Updated: 2025-11-26GitHub
38
1
Medium Cost
samtalki icon

AgentREPL.jl

by samtalki

Sec8

Provides a persistent Julia REPL for AI agents via Model Context Protocol (MCP) to eliminate the Time to First X (TTFX) startup penalty.

Setup Requirements

  • ⚠️Requires Julia 1.10+ installed and available in PATH.
  • ⚠️Requires the AgentREPL.jl package to be installed.
  • ⚠️Designed specifically for integration with Claude Code environment.
Verified SafeView Analysis
The server explicitly uses STDIO transport, which eliminates network attack surfaces by not opening any network ports. It runs with user permissions and automatically terminates when the Claude session ends. The core functionality involves executing arbitrary Julia code, which is an inherent risk, but the documentation is highly transparent about what it *does not* protect against (e.g., malicious code execution, file system access, network access from Julia). The plugin explicitly advises AI agents to display code to the user for review before execution. There are no obvious hardcoded secrets or obfuscation.
Updated: 2026-01-19GitHub
38
1
Medium Cost
contributte icon

mcp

by contributte

Sec8

Integrates the Multi-Capability Protocol (MCP) server SDK into Nette Framework applications, enabling web and console interfaces for managing and interacting with MCP capabilities (tools, resources, prompts).

Setup Requirements

  • ⚠️Requires Nette Framework (PHP framework) for integration.
  • ⚠️Requires PHP 8.4+.
  • ⚠️Relies on a specific 'dev-main' commit of 'mcp/sdk', which might impact stability or future compatibility.
  • ⚠️If 'file' session type is chosen, 'session.path' must be explicitly configured if Nette's 'tempDir' parameter is not available.
Verified SafeView Analysis
The codebase appears generally secure, with no direct 'eval' or malicious patterns. It handles HTTP requests by converting Nette's IRequest to PSR-7 ServerRequest, passing responsibilities for deeper request sanitization to Nette and the external 'mcp/sdk'. A potential configuration-time risk exists where a developer could inject a malicious 'Statement' for service definitions (e.g., container, cache) in the Nette DI configuration, leading to arbitrary code execution during compilation, but this is not a runtime vulnerability for end-users.
Updated: 2025-12-13GitHub
38
1
Medium Cost
apiwat-chantawibul icon

small-mcp-server-demos

by apiwat-chantawibul

Sec9

Provides a secure mathematical expression evaluator and an interface to an external search API, designed for AI agent integration.

Setup Requirements

  • ⚠️Requires SEARCH_API_KEY for searchapi.io (a paid service with free credits).
  • ⚠️Docker is required for easy setup and running both services.
  • ⚠️Python 3.13 or newer is required.
Verified SafeView Analysis
The calculator module uses AST parsing and whitelisted operators to safely evaluate mathematical expressions, avoiding direct use of `eval()`. The search-api module securely handles API keys via environment variables and makes standard HTTP requests to an external search service. Reliance on the external `searchapi.io` for query sanitization is implied.
Updated: 2025-12-10GitHub
38
4
Low Cost
sassoftware icon

sas-mcp-server

by sassoftware

Sec9

Acts as a Model Context Protocol (MCP) server for executing SAS code on SAS Viya environments.

Setup Requirements

  • ⚠️Requires Python 3.12+ and uv 0.8+.
  • ⚠️Requires administrative access to a SAS Viya environment for initial setup, including disabling Content Security Policy (CSP) on SAS Logon Manager for local development and registering an OAuth client with a specific redirect URI.
  • ⚠️The `redirect_uri` for OAuth client registration in Viya is hardcoded to `http://localhost:8134/auth/callback` (or the configured HOST_PORT), which must match the server's `HOST_PORT` if changed from default.
Verified SafeView Analysis
The server itself implements strong OAuth2 with PKCE authentication and securely handles environment variables. It uses `httpx` with SSL verification and cleans up compute sessions. A critical setup requirement, however, is disabling Viya's form-action CSP for local development, which is explicitly noted as not following security best practices and requiring TLS for production. This external configuration is a deployment-level risk/caveat, not a flaw in the server's code itself.
Updated: 2025-12-03GitHub
38
1
Medium Cost
Sec8

Manages and monitors `supervisord` processes via a Model Context Protocol (MCP) server with a REST API.

Setup Requirements

  • ⚠️Requires a pre-existing, running, and correctly configured `supervisord` instance with its `inet_http_server` enabled.
  • ⚠️Mandatory environment variables must be configured in a `.env` file (e.g., `SUPERVISORD_HOST`, `SUPERVISORD_PORT`, `SUPERVISORD_CONFIG_FILE`, `SUPERVISORD_COMMAND_DIR`, `MCP_PORT`).
  • ⚠️The `SUPERVISORD_CONFIG_FILE` and `SUPERVISORD_COMMAND_DIR` paths must be accurate for your supervisord setup.
Verified SafeView Analysis
The server explicitly addresses authentication for supervisord, uses input validation with `zod`, implements configuration backup, and logs errors. It provides HTTP endpoints, so network security best practices (e.g., firewall, access control, TLS if exposed beyond localhost) should be followed. While it handles authentication to `supervisord`, its own HTTP API does not appear to have direct authentication described in the README, relying on typical agent-to-tool scenarios where the agent is trusted.
Updated: 2025-11-18GitHub
38
11
Medium Cost
uarlouski icon

ssh-mcp-server

by uarlouski

Sec9

Provides secure SSH capabilities (command execution, SFTP, port forwarding, templates) for AI assistants to manage remote servers.

Setup Requirements

  • ⚠️Requires Node.js version 18.0.0 or higher.
  • ⚠️A configuration file (`ssh-mcp-config.json`) is mandatory and must specify valid SSH server details, including paths to existing SSH private keys.
  • ⚠️Server startup will fail if there are naming conflicts between manually defined SSH servers and those imported from the `~/.ssh/config` file (if `sshConfigImport` is enabled).
Verified SafeView Analysis
The server implements robust security controls including strict command allowlisting (parsing complex shell chains, substitutions, and backticks to extract all invoked commands), server allowlisting, mandatory SSH key authentication, and comprehensive audit logging. Port forwarding is locally bound by default to prevent external access. Configuration validation ensures essential security parameters are correctly set, and checks for existence of private key files. No 'eval' or obvious malicious patterns were found in the provided source code.
Updated: 2026-01-07GitHub
38
1
High Cost
noetic-sys icon

index

by noetic-sys

Sec8

Provides local semantic search for project dependencies, integrating as an MCP server for AI tools like Claude Code to prevent hallucinations.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid) for embeddings generation, configurable via `idx config set-key`.
  • ⚠️Requires an active internet connection for downloading package source code and communicating with the OpenAI API.
  • ⚠️Consumes local disk space for storing the index database, vector store, and code blobs in a `.index/` directory.
Verified SafeView Analysis
The application downloads and parses source code from public package registries, which inherently carries a risk if malicious code were to exploit parsing vulnerabilities. However, the application uses robust parsing libraries (Tree-sitter) and does not show obvious signs of 'eval', obfuscation, hardcoded secrets, or malicious patterns in its own code. OpenAI API keys are stored locally in a configuration file (`~/.config/idx/config.toml`), which is readable on the local filesystem, but not directly exposed to network risks by the application itself.
Updated: 2026-01-18GitHub
37
5
Medium Cost
McFuzzySquirrel icon

local-workbook-mcp

by McFuzzySquirrel

Sec9

Enable conversational AI interaction with local Excel workbooks using natural language queries, without transmitting data to external services.

Setup Requirements

  • ⚠️Requires a local LLM server (e.g., LM Studio, Ollama) to be running and configured, typically on 'http://localhost:1234' or 'http://localhost:11434'.
  • ⚠️Requires .NET SDK 9.0+ installed for building and running from source.
  • ⚠️Requires Excel workbook files in .xlsx format (not .xls or other legacy formats) to analyze.
Verified SafeView Analysis
The project is explicitly designed with 'Privacy-First Local Operation' as a core principle, ensuring Excel data never leaves the local machine. It leverages Semantic Kernel's plugin architecture, where predefined tools wrap MCP server functions, limiting arbitrary code execution by the LLM. Error messages are sanitized (e.g., 'Sheet not found' instead of revealing full path/name) to prevent sensitive data exposure, with full details logged locally for troubleshooting. Input validation is present (e.g., JSON schema for pivot analysis). There are no apparent hardcoded critical secrets in the provided code snippets (API keys are noted as 'not-used' or 'not-needed-for-local' for local LLMs). The main risks would be potential vulnerabilities in underlying libraries like ClosedXML or the local LLM itself, or subtle command injection vectors if user inputs are mishandled before reaching the MCP server, though the design aims to mitigate these through controlled tool calls and sanitization.
Updated: 2025-11-28GitHub
37
9
Low Cost
jztan icon
Sec9

Integrates Redmine project management data with AI assistants via a Model Context Protocol (MCP) server.

Setup Requirements

  • ⚠️Requires Python 3.10+ (for local installation) or Docker for deployment.
  • ⚠️Requires access to an existing Redmine instance.
  • ⚠️Authentication (Redmine API Key or Username/Password) is mandatory and must be configured via a `.env` file.
Verified SafeView Analysis
The server demonstrates strong security practices including explicit handling of SSL/TLS configurations (self-signed, mutual TLS), UUID-based secure file storage, path traversal prevention for file serving, and time-limited access URLs for attachments. A critical path traversal vulnerability was previously addressed and removed. It uses environment variables for sensitive credentials (API key, username/password) with clear documentation to avoid hardcoding or committing them. Default binding to `0.0.0.0` is common in containerized environments but requires awareness for external exposure. Explicit warnings are provided when SSL verification is disabled.
Updated: 2026-01-18GitHub
37
9
Medium Cost
tosin2013 icon

documcp

by tosin2013

Sec8

DocuMCP is an intelligent Model Context Protocol (MCP) server designed for automating documentation workflows, including analysis, generation, and deployment for GitHub Pages.

Setup Requirements

  • ⚠️Requires LLM API Key (e.g., OpenAI, DeepSeek, Anthropic) or local LLM setup (e.g., Ollama).
  • ⚠️Git must be installed and repository must be initialized for many features.
  • ⚠️Specific Static Site Generator (SSG) CLIs and their language runtimes (Node.js, Python, Ruby, Go) are required for SSG-related tools.
  • ⚠️Requires read/write file system permissions for specified project and documentation paths.
Verified SafeView Analysis
Interacts heavily with the filesystem and executes child processes for Static Site Generator (SSG) builds and Git operations. Uses external LLM APIs and relies on environment variables for API keys. Incorporates `permission-checker.ts` and explicit security policy. Critical to run in a sandboxed/isolated environment as an MCP agent to mitigate risks of arbitrary code execution.
Updated: 2026-01-17GitHub
37
7
Medium Cost
Technickel-Dev icon

baseline-mcp

by Technickel-Dev

Sec9

Provides an MCP server to query and analyze baseline web features, browser compatibility, and web standards data for developers and AI assistants.

Setup Requirements

  • ⚠️Requires Node.js and npm for local development and execution.
  • ⚠️Requires a TypeScript compilation step (`npm run build`) before running locally.
Verified SafeView Analysis
The server processes JSON-RPC requests and uses internal, trusted data sources from the `web-features` npm package and local JSON files. It relies on the `@modelcontextprotocol/sdk` for transport and request handling. No direct `eval` of user input, unvalidated external network calls, or hardcoded sensitive secrets are evident in the server's code. Tools designed for file analysis, such as `list_features_in_file` and `get_min_browser_support_for_file`, expect `fileContent` (the content of the file) as input, not `filePath`, meaning the server does not directly access the filesystem based on user-provided paths. The prompts for LLMs (`find-features-in-file`, `min-browser-support-report`) suggest operations involving file paths, but the actual server tools that implement these operations require the file content to be provided by the client, preventing server-side arbitrary file access.
Updated: 2026-01-18GitHub
PreviousPage 115 of 760Next