Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

37
3
Low Cost
abda11ah icon

serencp

by abda11ah

Sec5

Provides a standard MCP server for bidirectional communication with VM serial consoles and live viewer capabilities.

Setup Requirements

  • ⚠️Strictly requires a *nix-like operating system (Linux, macOS, BSD); Windows is only supported via WSL.
  • ⚠️Requires Perl with `IO::Pty` and `JSON::PP` modules installed.
  • ⚠️VMs must be configured to expose their serial console over a TCP port (default 4555).
  • ⚠️Guest OS must be configured to use the serial console (e.g., GRUB, inittab, systemd).
Review RequiredView Analysis
A comprehensive security audit of the `serencp.pl` script is impossible as the actual Perl source code for the server logic was not provided, only the README and LICENSE files. Therefore, this score reflects general design considerations and potential risks inherent in this type of application, rather than specific code vulnerabilities. Potential areas of concern based on the README: - **Unix Socket Exposure**: The server creates Unix sockets (`/tmp/serial_${VM_NAME}`). Permissions on these sockets are critical. If not properly secured, any local user could potentially connect and gain full control of the associated VM's serial console, allowing arbitrary command execution within the VM. - **Input Sanitization**: Writing to a VM serial console (`write` tool) could be an attack vector if input is not properly sanitized. Malicious input might lead to unintended behavior in the VM or, in extreme cases, affect the bridge itself (though less likely given PTY separation). - **Child Processes and Resource Management**: The server forks child processes for each VM bridge. While 'Zombie Management' is mentioned, potential resource exhaustion or unhandled errors in child processes could lead to denial of service or instability. - **No Authentication/Authorization**: The README does not mention any authentication or authorization mechanisms for connecting to the MCP server or the Unix sockets. This implies that any client capable of connecting can interact with the VMs. Without access to the full source code, it's impossible to check for common vulnerabilities like command injection, buffer overflows, improper error handling, hardcoded secrets, or insecure use of `IO::Pty` or other system calls. Running this server without a thorough code review presents an unknown risk, especially in multi-user or sensitive environments.
Updated: 2026-01-16GitHub
37
9
Medium Cost
jordanburke icon

reddit-mcp-server

by jordanburke

Sec9

Provides tools for fetching and creating Reddit content through a Model Context Protocol (MCP) server.

Setup Requirements

  • ⚠️Requires creating a Reddit app and configuring it as a 'script' type to obtain API credentials.
  • ⚠️Write operations (create, reply, edit, delete) require a Reddit username and password to be set as environment variables, in addition to client credentials.
  • ⚠️Requires a Node.js environment with pnpm for installation and execution.
Verified SafeView Analysis
The server correctly loads sensitive credentials (Client ID, Client Secret, Username, Password, OAuth Token) from environment variables, preventing hardcoding. Input validation for tool parameters is implemented using Zod, reducing common injection vulnerabilities. The RedditClient handles OAuth2 token acquisition and refresh, and includes a retry mechanism for 401 errors. Optional OAuth protection for the HTTP endpoint is available, with token generation if none is provided during setup. No 'eval' or obvious malicious patterns were found in the provided code. However, the OAuth token generation during startup if `OAUTH_ENABLED` is true but `OAUTH_TOKEN` is unset, prints the token to console.error, which might be a minor security exposure if not properly managed in a production environment.
Updated: 2026-01-18GitHub
37
12
High Cost
sgaunet icon

pplx

by sgaunet

Sec9

This server exposes Perplexity AI's query and chat functionalities to MCP-compatible clients like Claude Code, allowing programmatic interaction with the AI model.

Setup Requirements

  • ⚠️Requires Perplexity AI API Key (Paid service, usage-based billing applies).
  • ⚠️Requires Go 1.24.0 or later to build from source.
  • ⚠️Requires an MCP-compatible client (e.g., Claude Code, Claude Desktop) to interact with the 'mcp-stdio' server.
Verified SafeView Analysis
The project demonstrates good security practices by explicitly requiring and managing API keys via environment variables or configuration files, rather than hardcoding them. It includes robust key masking and sanitization logic for logs and output, preventing accidental exposure. The server operates over standard I/O (stdio) rather than a network port, reducing direct network attack surface. Outbound network calls are made to the legitimate Perplexity AI API. Minor `gosec` warnings exist for file permissions and external command execution (`EDITOR`), but they are either handled with explicit permissions or acknowledged as intentional for user experience.
Updated: 2026-01-19GitHub
37
8
Medium Cost
0xReLogic icon

Cognio

by 0xReLogic

Sec7

Cognio provides persistent semantic memory for AI assistants, enabling long-term context retention and semantic search across conversations.

Setup Requirements

  • ⚠️Requires LLM API keys (Groq/OpenAI) if auto-tagging or abstractive summarization are enabled (can incur costs).
  • ⚠️A ~1GB embedding model is downloaded on first run, requiring disk space and time.
  • ⚠️Requires Python 3.11+ or Docker for the main backend server.
Verified SafeView Analysis
The default CORS configuration allows all origins (`allow_origins=["*"]`), which is a significant security risk for production deployments. API key authentication is optional by default (`API_KEY=None`), meaning the API is open unless explicitly configured. The Node.js MCP server and setup scripts use `execSync`, but this is for controlled, internal auto-configuration (e.g., writing client config files) rather than executing arbitrary user input, which mitigates immediate exploit concerns. LLM API keys (Groq, OpenAI) are loaded from environment variables, which is good practice. SQL queries use parameterization, preventing SQL injection.
Updated: 2026-01-18GitHub
37
11
Low Cost
charles-adedotun icon

notifications-mcp-server

by charles-adedotun

Sec4

Provides real-time sound and visual notifications on macOS when Claude Desktop completes tasks.

Setup Requirements

  • ⚠️Requires macOS operating system.
  • ⚠️Requires Claude Desktop to be installed for integration.
  • ⚠️Installation of `terminal-notifier` (e.g., via `brew install terminal-notifier`) is recommended for enhanced visual notifications.
  • ⚠️Requires Python 3.10 or higher.
Review RequiredView Analysis
The `notify-claude.sh` helper script, if present and used, is vulnerable to JSON injection via the `MESSAGE` argument, as the message string is not properly escaped when embedded in the `echo` command's JSON output. This could lead to malformed JSON and parsing errors in the Python server. The server heavily relies on `subprocess.run` to execute external macOS commands (`afplay`, `osascript`, `terminal-notifier`) and the helper shell script. While parameters are generally quoted in shell calls and macOS notification systems typically sanitize inputs, passing LLM-generated `title` and `message` arguments to external processes introduces a higher attack surface compared to purely native API calls. The `os.chmod` call to make the `notify-claude.sh` script executable also presents a minor local privilege escalation risk if the script's content is compromised.
Updated: 2025-12-12GitHub
37
9
Medium Cost
saucelabs icon

sauce-api-mcp

by saucelabs

Sec9

This server enables AI assistants to manage Sauce Labs testing infrastructure, interact with device clouds, analyze test jobs and builds, and monitor tunnels via natural language.

Setup Requirements

  • ⚠️Requires an active Sauce Labs account with API access (paid service).
  • ⚠️Requires setting SAUCE_USERNAME and SAUCE_ACCESS_KEY environment variables.
  • ⚠️LLM client configuration (e.g., Claude Desktop, Gemini CLI, Goose) is necessary to integrate the server correctly.
Verified SafeView Analysis
The server implements crucial security by refusing to run if its standard I/O streams are connected to a TTY, preventing potential STDIO hijacking attacks. It properly retrieves sensitive Sauce Labs API credentials (username and access key) from environment variables, avoiding hardcoding. The RDC component includes tools for proxying HTTP requests from a real device to arbitrary external hosts and paths. While this is an intended feature of the Sauce Labs Real Device Cloud API, its usage by an LLM client would require careful validation of generated `targetHost` and `targetPath` parameters to prevent unintended or malicious network requests from the controlled device. No `eval` or obfuscation found.
Updated: 2025-12-12GitHub
37
7
High Cost
BranchManager69 icon

dexter-mcp

by BranchManager69

Sec8

Serves as a Model Context Protocol (MCP) bridge, exposing a curated set of tools for AI agents (Claude, ChatGPT, voice bots) to interact with Solana-based financial trading, wallet management, search, and analytics services.

Setup Requirements

  • ⚠️Requires a PostgreSQL database configured for Prisma, typically provided by Supabase.
  • ⚠️Extensive environment variables for Supabase (URL, API keys, JWT secrets), OAuth/OIDC, Hyperliquid, Tavily, and other services must be populated.
  • ⚠️Many advanced tools (e.g., Hyperliquid trading, premium data) are x402 paid resources, incurring real-world costs per use.
Verified SafeView Analysis
The server relies heavily on external Supabase authentication and Dexter API for core functionalities, indicating a robust external security posture. Sensitive information is managed via environment variables. The `apps-sdk/bootstrap.js` uses `JSON.stringify(baseUrl)` to embed a base URL, which could be a vulnerability if `baseUrl` were attacker-controlled during deployment/build, but is generally safe for properly configured environment variables. The implementation includes defensive measures for external link handling and HTML attribute manipulation. No direct `eval()` of user input was found.
Updated: 2026-01-17GitHub
37
7
High Cost
fiberplane icon

mcp-gateway

by fiberplane

Sec7

A unified gateway for managing and monitoring MCP (Model Context Protocol) servers, capturing traffic logs, and troubleshooting integrations with AI clients like Claude.

Setup Requirements

  • ⚠️Requires Bun runtime for development and running from source.
  • ⚠️Accessing the Web UI requires copying an authentication token displayed in the terminal output (or configured via MCP_GATEWAY_TOKEN env var).
  • ⚠️Logs and server configurations are stored locally in the user's home directory (`~/.mcp-gateway/`), which may contain sensitive information.
Verified SafeView Analysis
Designed primarily as a local development and debugging tool. Captured MCP traffic, including potentially sensitive OAuth tokens or API keys, is stored unencrypted in SQLite databases (`~/.mcp-gateway/logs.db`) and custom HTTP headers are stored in `mcp.json`. Authentication tokens for the Gateway's Web UI/API are displayed in the terminal and can be visible in browser URLs. By default, it operates on `localhost` without TLS, making it vulnerable to local Man-in-the-Middle attacks. No built-in rate limiting, audit logging, or secret management. While generally safe for its intended local debugging purpose, it is explicitly not recommended for production use without significant security hardening (e.g., reverse proxy with TLS/auth, stricter file permissions, external secret management).
Updated: 2025-12-06GitHub
37
8
High Cost
rnett icon

gradle-mcp

by rnett

Sec7

Provides a Model Context Protocol (MCP) server for Gradle, enabling programmatic inspection, execution of tasks/tests, and interaction with Gradle builds, including Develocity Build Scan publishing.

Setup Requirements

  • ⚠️JDK 17 or higher is required.
  • ⚠️JBang must be installed.
  • ⚠️If multiple MCP roots are configured, 'projectRoot' must be explicitly specified in tool calls. If only one root is configured, it defaults to that. If no roots are configured, 'projectRoot' is required.
  • ⚠️The server forwards its environment variables to Gradle. For critical build-related environment variables (e.g., JAVA_HOME), it might be necessary to run the 'jbang' command within a shell wrapper to ensure the correct environment is inherited by the MCP server itself.
Verified SafeView Analysis
The server's core functionality involves executing arbitrary Gradle commands (`run_gradle_command`, `run_tests_with_gradle`) and accessing project data. While the server itself does not contain explicit 'eval' or malicious patterns, this inherent capability means that if the server is exposed to untrusted clients or networks, it could be leveraged to execute arbitrary commands or access files within the configured Gradle project roots on the host system. The `README.md` explicitly warns, "DO NOT EVER EXPOSE THIS SERVER TO THE INTERNET," which confirms this risk.
Updated: 2026-01-18GitHub
37
4
Low Cost
pgmoneta icon

pgmoneta_mcp

by pgmoneta

Sec9

Provides a Model Context Protocol (MCP) server for querying PostgreSQL backup and restore information via natural language.

Setup Requirements

  • ⚠️Requires an existing PostgreSQL 14+ and pgmoneta installation, with pgmoneta configured in remote admin mode and a management port.
  • ⚠️The pgmoneta-mcp-admin tool must be used to set a master key and add users, which encrypts credentials for connecting to pgmoneta.
  • ⚠️Requires creation of a pgmoneta-mcp.conf configuration file to specify server host/port and pgmoneta backend host/port.
Verified SafeView Analysis
The server uses SCRAM-SHA-256 for authentication with the pgmoneta backend, which is a strong authentication mechanism. User passwords for connecting to pgmoneta are encrypted using a master key stored in a securely permissioned file (.pgmoneta-mcp/master.key in the user's home directory). Input parsing for tool requests relies on `serde_json`, which is generally robust against malformed input. There is no evidence of 'eval', obfuscation, or directly hardcoded secrets in the source code; secrets are either user-provided (master key) or derived/encrypted. File permissions for the master key are explicitly managed on Unix systems to restrict access.
Updated: 2026-01-19GitHub
37
9
Medium Cost
axiomhq icon

mcp

by axiomhq

Sec8

Connect AI assistants (e.g., Claude, Cursor) to Axiom's observability platform, enabling natural language querying of datasets, traces, monitors, and dashboards via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires deployment to Cloudflare Workers, involving setup of KV Namespaces, Durable Objects, and configuration via Wrangler CLI.
  • ⚠️Requires registering an OAuth client with Axiom to obtain `AXIOM_OAUTH_CLIENT_ID` and `AXIOM_OAUTH_CLIENT_SECRET`.
  • ⚠️Multiple environment variables must be configured correctly for both local development (via `.dev.vars`) and production deployments (via Wrangler secrets).
Verified SafeView Analysis
The server implements a robust OAuth 2.0 flow using PKCE for client authentication, with session state managed via encrypted and signed cookies (using `COOKIE_ENCRYPTION_KEY`) and refresh tokens stored in Cloudflare KV. This provides good protection against common OAuth threats. Client-provided information in UI rendering is sanitized to prevent XSS. OpenTelemetry integration includes secure key handling. The `/icon` endpoint, which fetches external images based on a `domain` query parameter, could theoretically be used for minor external request triggering (e.g., as a low-level SSRF vector), though it has a timeout and is restricted to image content types, limiting its impact. No `eval` or blatant malicious patterns were found in the provided code.
Updated: 2026-01-13GitHub
37
3
Low Cost
Sikbik icon
Sec9

Provides an MCP (Model Context Protocol) server to expose Flux Cloud / FluxOS node API workflows as structured tools for AI agents.

Setup Requirements

  • ⚠️Requires Node.js 20+ to run.
  • ⚠️The `flux-mcp/dist/index.js` path must be absolute when configuring MCP clients.
  • ⚠️Requires a Flux node API base URL (e.g., `http://<node-ip>:16127`); providing the UI URL (`https://cloud.runonflux.com/`) is a common mistake.
Verified SafeView Analysis
The server implements robust safety measures: mutating actions require explicit `confirm=true` or `allowMutation=true` arguments. The `flux_daemon_call` tool uses a strict read-only allowlist and parameter validation to prevent arbitrary RPC execution. Sensitive information is redacted in resource outputs. File upload tools include checks to prevent misuse via proxies. Authentication (`zelidauth`) is handled via environment variables or runtime configuration. The `flux_apps_exec` tool allows remote command execution on the target Flux node, but it is explicitly gated with `confirm=true` due to its high privilege.
Updated: 2026-01-19GitHub
PreviousPage 117 of 760Next