Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

37
7
Medium Cost
lynnlangit icon
Sec7

Deep learning-based cell segmentation and classification in microscopy images for quantitative phenotyping and visualization.

Setup Requirements

  • ⚠️Requires Python 3.11+.
  • ⚠️For real analysis (i.e., `DEEPCELL_DRY_RUN=false`), it implicitly requires deep learning model weights which may need network access for auto-download or manual pre-installation.
  • ⚠️The `DEEPCELL_OUTPUT_DIR` environment variable must point to a writable directory for output visualizations.
Verified SafeView Analysis
The server processes file paths provided as arguments (`image_path`, `segmentation_mask_path`) to its tool functions. While the Streamlit UI includes file sanitization, the server's internal tool implementations do not explicitly re-sanitize these paths before file operations (e.g., `PIL.Image.open()`, `fig.savefig()`). This could potentially lead to path traversal vulnerabilities if arbitrary, unsanitized input is passed directly by a compromised LLM or client. The server operates within a designated output directory (`DEEPCELL_OUTPUT_DIR`), which is a good practice. No 'eval', code obfuscation, or hardcoded sensitive secrets were detected.
Updated: 2026-01-19GitHub
37
11
Low Cost
unit-mesh icon

auto-dev-next

by unit-mesh

Sec10

Identifies this repository as a deprecated version of an automated development project, directing users to an updated location.

Verified SafeView Analysis
Only README.md file provided. No executable source code to analyze for security risks such as 'eval', obfuscation, network risks, or hardcoded secrets.
Updated: 2025-12-02GitHub
37
7
Medium Cost
Unleash icon

unleash-mcp

by Unleash

Sec9

Manages Unleash feature flags for LLM-powered coding assistants, enabling creation, evaluation, and code wrapping following best practices.

Setup Requirements

  • ⚠️Requires Node.js 18 or higher.
  • ⚠️Requires access to an Unleash instance (hosted or self-hosted).
  • ⚠️Requires an Unleash Personal Access Token (PAT) with appropriate permissions.
Verified SafeView Analysis
The source code does not contain 'eval' or other direct arbitrary code execution vulnerabilities. It relies on environment variables for sensitive data (UNLEASH_PAT), which is good practice. Network communication is via Node.js native 'fetch' to a configurable Unleash API endpoint, with error handling. No obvious malicious patterns or obfuscation were found.
Updated: 2026-01-14GitHub
37
6
Medium Cost
NiclasOlofsson icon

dbt-core-mcp

by NiclasOlofsson

Sec6

A Model Context Protocol (MCP) server that empowers AI assistants (like Copilot) to interact with and manage dbt projects. It enables natural language control over dbt operations, providing project metadata, lineage, impact analysis, SQL query execution, and intelligent build/test workflows, all while respecting the user's local dbt environment.

Setup Requirements

  • ⚠️Requires Python 3.9+ (or 3.10+ as per pyproject.toml).
  • ⚠️Installation requires `uv` (recommended) or `pipx`.
  • ⚠️The user's dbt project must have dbt Core 1.9.0+ and a compatible dbt adapter installed in its own Python environment.
  • ⚠️Experimental features, such as CTE test generation, require setting the `EXPERIMENTAL_FEATURES` environment variable to 'true'.
Verified SafeView Analysis
The server executes user-provided dbt commands via `dbt.invoke()` within a Python subprocess running a dynamically generated script. While it does not introduce new, direct arbitrary code execution vectors outside of dbt's capabilities, it acts as a command executor for AI agents. The security posture heavily depends on the underlying dbt project's configuration and dependencies. Maliciously crafted dbt inputs (e.g., specific model names, SQL, or Jinja macros) could potentially lead to privilege escalation if dbt itself or its adapters are vulnerable or misconfigured (e.g., by allowing shell command execution within dbt macros). Network requests are made to the Databricks API for warehouse pre-warming if configured, using credentials from the user's `profiles.yml`.
Updated: 2026-01-18GitHub
37
9
High Cost
erickemj icon

BloodHound-MCP

by erickemj

Sec3

An AI assistant integrated with an MCP Server to query and analyze Active Directory (AD) and Azure Active Directory (AAD) environments using a Neo4j database populated with BloodHound data.

Setup Requirements

  • ⚠️Requires Python 3.13+.
  • ⚠️Requires a running Neo4j database instance populated with BloodHound data.
  • ⚠️Relies on environment variables BLOODHOUND_URI, BLOODHOUND_USERNAME, BLOODHOUND_PASSWORD for Neo4j connection, or uses weak hardcoded defaults.
Review RequiredView Analysis
Critical Cypher injection vulnerability due to direct string formatting of user/AI-generated input into database queries in most of the predefined tools, rather than using parameterized queries. This allows for arbitrary database manipulation if an attacker can control input. Default Neo4j credentials ('neo4j'/'bloodhound') are used if environment variables are not set, which are weak defaults but common for local testing setups.
Updated: 2025-12-15GitHub
37
18
Low Cost
roman icon

mcps.nix

by roman

Sec9

Provides a curated library of pre-configured Model Context Protocol (MCP) server presets for Claude Code, integrating seamlessly with Nix-based system configurations like devenv and Home Manager.

Setup Requirements

  • ⚠️Requires Nix package manager (devenv or Home Manager) for installation and configuration.
  • ⚠️Many MCP servers require external API keys/tokens (e.g., GitHub, Asana) that users must obtain and store securely in files.
  • ⚠️Relies on the Claude Code CLI, which must be installed (handled by Nix through this project).
Verified SafeView Analysis
The project strongly emphasizes secure credential management, advocating for reading API tokens from files instead of environment variables, with explicit support for this pattern. It also highlights path restrictions for filesystem access and ensures API tokens are not exposed in the Nix store. While the security of the integrated upstream MCP servers is external to this project, mcps.nix provides a secure framework for their configuration. No 'eval' or malicious patterns are evident in the provided `package-lock.json` or documentation.
Updated: 2026-01-07GitHub
37
8
Low Cost
HaithamOumerzoug icon

keycloak-mcp

by HaithamOumerzoug

Sec8

Manages Keycloak users, realms, clients, roles, and groups through a standardized Model Context Protocol (MCP) interface for AI agents.

Setup Requirements

  • ⚠️Requires a running Keycloak instance to connect to.
  • ⚠️Requires Keycloak admin URL, username, and password for authentication.
  • ⚠️Node.js version 20 or higher is required (as per package.json engines field, or latest LTS as per README).
Verified SafeView Analysis
The server uses the official Keycloak Admin Client and implements robust input validation using Zod schemas for all tool arguments. Admin credentials (URL, username, password) are loaded from environment variables or command-line arguments and are validated to ensure they are not empty. There are no direct 'eval' calls or obvious malicious patterns in the provided source. The primary security consideration is the sensitive nature of the Keycloak admin credentials, which grant full administrative access to Keycloak. Proper handling of these credentials in the deployment environment (e.g., using secure secrets management) is critical to prevent unauthorized access to the Keycloak instance.
Updated: 2025-12-01GitHub
37
10
Medium Cost
DimonSmart icon

NugetMcpServer

by DimonSmart

Sec7

Provides AI assistants with accurate NuGet package information for C# APIs and types.

Setup Requirements

  • ⚠️Requires Docker to be installed and running (for Docker option).
  • ⚠️Requires .NET 9.0 SDK to be installed (for .NET tool option).
  • ⚠️Configuring private NuGet feeds may require setting environment variables (NUGET_SOURCES, NUGET_CONFIG) or custom command-line arguments.
Verified SafeView Analysis
A full security audit of the application's core logic (C# source code) could not be performed as it was not provided in the truncated source. The analysis is based on the README, manifest files, and deployment configurations. The server interacts with external NuGet feeds (nuget.org, private feeds), which involves network communication. Configuration options allow passing custom NuGet sources and configuration files, potentially via environment variables (NUGET_SOURCES, NUGET_CONFIG). While this is necessary for its function, care should be taken to secure any sensitive credentials passed through these channels. No obvious malicious patterns, hardcoded secrets, or 'eval' like constructs were found in the provided manifest or README files. The tool uses standard .NET execution and Docker containers, relying on their inherent security features.
Updated: 2026-01-11GitHub
37
23
Medium Cost
influxdata icon
Sec8

Provides a Model Context Protocol (MCP) server for integrating with various InfluxDB v3 instances (Core, Enterprise, Cloud Dedicated, Clustered, Cloud Serverless) through tools, resources, and prompts.

Setup Requirements

  • ⚠️Requires a running InfluxDB 3 instance (Core, Enterprise, Cloud Dedicated, Clustered, or Cloud Serverless) with appropriate URL and token(s).
  • ⚠️Specific environment variables (`INFLUX_DB_INSTANCE_URL`, `INFLUX_DB_TOKEN`, `INFLUX_DB_PRODUCT_TYPE`, etc.) must be correctly configured based on the InfluxDB product type.
  • ⚠️Node.js v18 or newer and npm v9 or newer are required for local execution. Docker is required for Docker-based setups.
Verified SafeView Analysis
The server uses environment variables for all sensitive credentials (tokens, IDs), which is good practice. It communicates via StdioServerTransport, implying a local process-to-process communication model that reduces network exposure. However, the `HttpClientService` conditionally disables SSL certificate validation (`rejectUnauthorized: false`) for `InfluxProductType.Clustered`, which is a security risk (vulnerable to MITM attacks) if the environment is not fully trusted or secured otherwise. The project's `SECURITY.md` explicitly warns users about exposing system capabilities and emphasizes trusting the MCP client and deploying on the same device as a trusted agent.
Updated: 2026-01-08GitHub
37
2
Medium Cost
GleeMCP icon

Glee

by GleeMCP

Sec8

Glee is an essential MCP toolkit that acts as an orchestration layer for AI coding agents, providing persistent memory, AI code review, and session hooks to consolidate developer tools.

Setup Requirements

  • ⚠️Requires Python 3.11+
  • ⚠️Requires 'uv' or 'pipx' for installation
  • ⚠️Requires external CLI agents (Codex, Claude, Gemini) to be installed and authenticated for core features
  • ⚠️Requires API keys/OAuth authentication for underlying LLM services (e.g., OpenAI, Anthropic, Google) and GitHub for integration features
Verified SafeView Analysis
The project directly invokes external CLI agents (Codex, Claude, Gemini) via subprocess, which carries inherent risks, but mitigation strategies are in place. These include explicit permission models for subagents and tools (filesystem, network, secrets), an allowed commands whitelist for shell execution, and the requirement for human approval for sensitive operations. Sensitive data (API keys, tokens, passwords) is redacted from logs, and credential files are stored with restricted permissions (0o600). Full OS-level sandboxing is planned for future versions, indicating a proactive security posture.
Updated: 2026-01-17GitHub
37
30
High Cost
tjhop icon
Sec9

Serves as an MCP (Model Context Protocol) gateway, enabling Large Language Models (LLMs) to interact with and analyze a running Prometheus instance through its API.

Setup Requirements

  • ⚠️Requires a running Prometheus-compatible API endpoint (specified by `--prometheus.url`).
  • ⚠️Prometheus TSDB administrative tools (`snapshot`, `delete_series`, `clean_tombstones`) are disabled by default and require `--dangerous.enable-tsdb-admin-tools` to enable, which carries significant risks of data loss.
  • ⚠️Local LLM development/testing often requires additional tools like Ollama, `mcp-inspector`, or `mcphost` to be installed and running.
  • ⚠️Docker is recommended for simplified installation and testing.
Verified SafeView Analysis
The project transparently handles potentially destructive operations via the `--dangerous.enable-tsdb-admin-tools` flag, requiring explicit user acknowledgement. It supports securing connections to Prometheus and its own endpoints using HTTP configuration files (TLS, basic auth, bearer tokens), and correctly proxies authorization headers from incoming MCP requests to Prometheus API calls. No apparent `eval` usage, obfuscation, or hardcoded sensitive credentials. The main risk is user choice in enabling dangerous tools or misconfiguring security for the MCP server itself.
Updated: 2026-01-05GitHub
37
11
Medium Cost
StacklokLabs icon

ocireg-mcp

by StacklokLabs

Sec9

An MCP server enabling LLM-powered applications to interact with OCI registries for querying image information, tags, manifests, and configurations.

Setup Requirements

  • ⚠️Requires Go 1.21+ for building.
  • ⚠️Access to private OCI registries requires providing authentication credentials (Bearer token via Authorization header or OCI_TOKEN env, or Username/Password via OCI_USERNAME/OCI_PASSWORD env, or Docker config file).
  • ⚠️Running with ToolHive (recommended) requires ToolHive to be installed and configured.
Verified SafeView Analysis
The server uses `go-containerregistry` for OCI interactions. Authentication is handled robustly via HTTP Authorization headers, environment variables (OCI_TOKEN, OCI_USERNAME, OCI_PASSWORD), or the default Docker keychain, in a clear priority order. No hardcoded secrets, `eval` usage, or obvious malicious patterns were found in the provided source. The project follows a defined security policy for vulnerability reporting.
Updated: 2026-01-19GitHub
PreviousPage 116 of 760Next