Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

98
548
Medium Cost
Kymo-MCP icon

mcpcan

by Kymo-MCP

Sec4

MCPCan is an open-source integration platform for managing and orchestrating MCP (Model Context Protocol) services, providing a web-based interface for service lifecycle management, multi-protocol compatibility, monitoring, security, and one-stop deployment on containerized environments.

Setup Requirements

  • ⚠️Requires Go 1.21+, Node.js 18+ and pnpm for development.
  • ⚠️Requires Docker and Docker Compose (or Kubernetes) for containerized deployment.
  • ⚠️Default database passwords and application secrets in example configurations MUST be changed for production use.
Verified SafeView Analysis
The project exhibits mixed security practices. Positive aspects include explicit path traversal prevention during archive extraction, robust CORS handling, and HMAC-SHA256 for internal API security middleware. However, several critical issues lower the overall score: 1. A hardcoded JWT token in `backend/pkg/mcpcansaas/client.go` is used for accessing an external SaaS platform (`mcpcan.com`), posing a significant risk if compromised. 2. The `backend/pkg/qm/signature.go` file contains a function for signature generation using MD5, a cryptographically broken hash function, though its usage appears commented out in the `client.go`. If enabled, this would be a severe vulnerability. 3. The `backend/pkg/dify` package (Go port of a Python module) uses SHA-1 for OAEP padding, which is an outdated cryptographic hash function. 4. Example configuration files (`backend/config-example/*.yaml`) contain default passwords and a generic `dev-app-secret` which, if not changed in production deployments, can easily lead to compromise. The `init` service also contains default admin credentials.
Updated: 2026-01-14GitHub
98
605
Low Cost
Puliczek icon
Sec10

This repository serves as a curated list of resources, including papers, videos, articles, tools, and servers, focusing on Model Context Protocol (MCP) security.

Verified SafeView Analysis
The provided 'SOURCE CODE' consists of the `README.md` and `CONTRIBUTING.md` files, which are static documentation. These files themselves do not contain executable code, 'eval' calls, obfuscation, network risks, or hardcoded secrets. Therefore, the repository content itself is inherently safe to run/view. It is important to note that the repository *lists* various external tools and servers, some of which are explicitly labeled as 'Damn Vulnerable MCP Server' or discuss known vulnerabilities within the broader MCP ecosystem. Users should exercise caution and perform their own due diligence when interacting with any external links or tools referenced in the list.
Updated: 2025-12-12GitHub
98
675
Medium Cost
worryzyy icon

HowToCook-mcp

by worryzyy

Sec9

Provides an AI assistant with tools for recipe lookup, meal planning, and food recommendations.

Setup Requirements

  • ⚠️Requires Node.js 16.0.0+.
  • ⚠️Needs an MCP-compatible AI client (e.g., Claude Desktop, Cursor) to function.
  • ⚠️The 'all_recipes.json' file must be present in the project root for data loading. The 'Query All Recipes' tool can generate a very large response, potentially incurring high token costs for the AI.
Verified SafeView Analysis
The server uses standard Node.js and MCP SDK practices. It reads data from a local JSON file and does not appear to make outbound network requests to user-controlled URLs, mitigating SSRF risks. Input validation is handled via Zod. The HTTP/SSE transport sets 'Access-Control-Allow-Origin: *', which is permissive but typical for public APIs or development, and less critical for non-sensitive recipe data. No 'eval', obfuscation, or hardcoded secrets were found.
Updated: 2026-01-19GitHub
97
405
Medium Cost
alpacahq icon
Sec9

Enables natural language trading operations for Alpaca's Trading API via AI assistants, supporting stocks, options, crypto, portfolio management, and real-time market data.

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️`uv` package manager is recommended and often required for smooth installation and dependency management.
  • ⚠️Mandatory Alpaca Trading API keys are required for operation (free paper trading accounts are available).
  • ⚠️Requires a separate Model Context Protocol (MCP) client (e.g., Claude Desktop, Cursor, VS Code, PyCharm, Gemini CLI) for interaction.
Verified SafeView Analysis
Uses environment variables and `.env` files for sensitive API keys, with explicit warnings against command-line arguments in `cli.py`. Implements DNS rebinding protection for HTTP transport with configurable `allowed-hosts`. `.env` file permissions are set restrictively (0o600) on non-Windows systems. Kubernetes secrets are leveraged in Helm chart deployments for credentials. The primary inherent risk is financial loss from actual trading, which is clearly disclosed to the user.
Updated: 2025-12-15GitHub
97
388
Low Cost
kagent-dev icon

kmcp

by kagent-dev

Sec9

KMCP is a Kubernetes controller and CLI tool that provides a declarative way to deploy, manage, and scale Model Context Protocol (MCP) servers in Kubernetes environments.

Setup Requirements

  • ⚠️Requires a Kubernetes cluster (1.11.3+) and Helm (3.0+) for controller deployment.
  • ⚠️Docker is required locally for building custom MCP server images.
  • ⚠️Node.js and npm (for npx) are required for local development when using the MCP Inspector.
  • ⚠️Specific language runtimes (e.g., 'uv' for Python, 'go' for Go, 'mvn' for Java) are required locally depending on the chosen MCP server framework for local execution.
Verified SafeView Analysis
The project uses standard Kubernetes practices for deployment and secret management. It explicitly disables HTTP/2 by default in the controller due to known vulnerabilities (CVEs mentioned) and validates image versions via regex to prevent injection attacks in the transport adapter. A dedicated sanitizer is included to redact common secret patterns (e.g., API keys, tokens, database credentials) from output and logs. Secrets are expected to be provided by the user via Kubernetes secrets or .env files, not hardcoded within the application logic.
Updated: 2025-12-08GitHub
97
400
Medium Cost
jtang613 icon

GhidrAssistMCP

by jtang613

Sec2

This Ghidra extension provides an MCP server, enabling AI assistants and other tools to interact with Ghidra's reverse engineering capabilities through a standardized API, supporting program analysis, modification, and navigation.

Setup Requirements

  • ⚠️Requires Ghidra 11.4+ to function as an extension.
  • ⚠️Requires an MCP Client (like GhidrAssist) to interact with the server.
  • ⚠️Building from source requires setting the GHIDRA_INSTALL_DIR environment variable.
Review RequiredView Analysis
CRITICAL: The server lacks any explicit authentication or authorization mechanisms for incoming MCP requests. While it defaults to binding to `localhost:8080`, the configuration allows changing the host and port, potentially exposing the unauthenticated API to the network. Any process on the host machine (or a remote attacker if misconfigured) can execute any enabled tool, including those that modify the Ghidra database (e.g., `rename_function`, `set_data_type`, `create_struct`, `modify_struct`). This presents a significant security risk for data integrity and system compromise within the Ghidra environment. Relying on internal Ghidra APIs via reflection also introduces potential fragility and unhandled edge cases if inputs are crafted maliciously.
Updated: 2026-01-12GitHub
97
678
Medium Cost
johnhuang316 icon

code-index-mcp

by johnhuang316

Sec9

Intelligent code indexing and analysis for Large Language Models, enabling tasks such as code review, refactoring, documentation generation, debugging assistance, and architectural analysis.

Setup Requirements

  • ⚠️Requires Python 3.10+ and `uv` for easy installation and execution.
  • ⚠️Relies on external command-line search tools (ugrep, ripgrep, ag, grep) for advanced search functionality; falls back to basic Python search if unavailable.
  • ⚠️File monitoring requires the `watchdog` library to be installed.
  • ⚠️On Windows, `uvx` may require `HOME`, `APPDATA`, `LOCALAPPDATA`, `SystemRoot` environment variables to be set for stable startup.
  • ⚠️On macOS, for large projects using the `kqueue` file watcher, increasing `ulimit -n` may be necessary.
Verified SafeView Analysis
The server employs robust path validation to prevent directory traversal and uses `subprocess.run` with careful argument handling (`--` before pattern) to mitigate shell injection risks when executing external search tools (ugrep, ripgrep, ag, grep). It includes regex safety checks to prevent ReDoS attacks and a FIFO concurrency limiter to mitigate resource exhaustion. File size and line limits are also in place during indexing. No hardcoded secrets were found in the core server logic; sample projects included environment variable fallbacks for secrets.
Updated: 2026-01-09GitHub
97
524
Medium Cost
brave icon
Sec8

Integrates the Brave Search API to provide comprehensive search functionalities including web, local, image, video, news, and AI-powered summarization through an MCP server.

Setup Requirements

  • ⚠️Requires a Brave Search API Key, with Free plans having limitations and Pro plans required for full local search and AI summarization capabilities.
  • ⚠️Requires Node.js 20 or higher to run.
  • ⚠️The default transport mode is STDIO; for HTTP communication, the `BRAVE_MCP_TRANSPORT` environment variable or `--transport` command-line argument must be set to `http`.
Verified SafeView Analysis
The server uses Zod for robust input validation on all tool parameters, significantly reducing common injection risks. API keys are properly handled via environment variables, not hardcoded. The `@modelcontextprotocol/sdk` is used for transport and RPC, which is expected to provide a secure communication layer. However, the internal rate-limiting for calls to the Brave API (`checkRateLimit()`) is currently commented out, which means the server relies solely on the upstream Brave API's rate limits. This could lead to API key exhaustion if not managed by external factors.
Updated: 2026-01-18GitHub
97
1142
Medium Cost
taylorwilsdon icon

google_workspace_mcp

by taylorwilsdon

Sec9

Provides comprehensive natural language control over Google Workspace services (Gmail, Calendar, Drive, Docs, Sheets, Slides, Forms, Tasks, Chat, Custom Search) through MCP clients and AI assistants.

Setup Requirements

  • ⚠️Requires a Google Cloud Project with OAuth 2.0 'Desktop Application' credentials (Client ID and Client Secret).
  • ⚠️Requires specific Google Workspace APIs (Calendar, Drive, Gmail, Docs, Sheets, Slides, Forms, Tasks, Chat, Custom Search) to be enabled in your Google Cloud Project.
  • ⚠️Requires `GOOGLE_OAUTH_CLIENT_ID` and `GOOGLE_OAUTH_CLIENT_SECRET` to be set as environment variables (or via `.env` file, `client_secret.json`, or Helm chart secrets).
Verified SafeView Analysis
The server employs robust security practices, including a strong emphasis on loading sensitive credentials (Google OAuth Client ID and Secret, Custom Search API Key/Engine ID) from environment variables or Kubernetes secrets, explicitly discouraging hardcoding. It supports OAuth 2.1 for multi-user, bearer token authentication, with an `AuthInfoMiddleware` to process and validate tokens. A stateless mode (`WORKSPACE_MCP_STATELESS_MODE=true`) is available for containerized deployments to avoid file system writes. Attachment handling for Drive files uses temporary storage with expiration. The `create_drive_file` tool's support for fetching content from `file://`, `http://`, and `https://` URLs, while a powerful feature, could be a potential SSRF vector if the execution environment is not secured. Warnings regarding `OAUTHLIB_INSECURE_TRANSPORT=1` for development-only HTTP redirects are clearly stated, emphasizing HTTPS for production. The Helm chart sets good defaults for pod security contexts (non-root, dropped capabilities). Overall, the project demonstrates a high level of security awareness.
Updated: 2026-01-07GitHub
97
596
Medium Cost
elastic icon
Sec8

Connects Model Context Protocol (MCP) clients to Elasticsearch instances, enabling natural language queries and interactions with Elasticsearch indices and data.

Setup Requirements

  • ⚠️Requires an existing Elasticsearch instance (8.x or 9.x).
  • ⚠️Requires Elasticsearch authentication credentials (API key or username/password).
  • ⚠️Primarily distributed as a Docker image, requiring Docker for deployment.
  • ⚠️Explicitly stated as deprecated, superseded by Elastic Agent Builder's MCP endpoint.
  • ⚠️The `ES_SSL_SKIP_VERIFY` flag bypasses SSL verification, which can be insecure if misused.
Verified SafeView Analysis
The server is implemented in Rust, offering strong memory safety. Authentication relies on standard Elasticsearch API keys or username/password, typically provided via environment variables, or passed through an 'Authorization' HTTP header from the MCP client. The `ES_SSL_SKIP_VERIFY` option, if set to `true`, bypasses critical SSL/TLS certificate verification, which is a significant security risk and should be avoided in production environments. No 'eval' or similar dynamic code execution patterns are observed.
Updated: 2026-01-19GitHub
97
408
High Cost
jina-ai icon

MCP

by jina-ai

Sec7

A remote Model Context Protocol (MCP) server that provides access to Jina Reader, Embeddings and Reranker APIs with a suite of URL-to-markdown, web search, image search, and embeddings/reranker tools.

Setup Requirements

  • ⚠️A Jina AI API Key is required for most tools; optional for some, but higher rate limits and performance necessitate it. A free key is available upon signup.
  • ⚠️The server is designed for deployment on Cloudflare Workers, implying a Cloudflare account is needed for production. Local development uses `wrangler dev`.
  • ⚠️The `VITE_GHOST_API_KEY` environment variable is required for the `search_jina_blog` tool to function.
Verified SafeView Analysis
The server acts as a proxy to various Jina AI APIs and can fetch arbitrary external URLs for content reading and screenshot capture. While deployed on Cloudflare Workers (which provides some isolation) and employing URL normalization and API key checks, fetching user-provided external content always carries inherent risks like large payloads or unexpected data. No 'eval' or hardcoded secrets were identified; API keys are expected via environment variables or headers. Error handling for API calls is present.
Updated: 2026-01-15GitHub
97
518
Low Cost
GoogleCloudPlatform icon

cloud-run-mcp

by GoogleCloudPlatform

Sec7

Enables MCP-compatible AI agents to deploy applications to Google Cloud Run, abstracting underlying GCP infrastructure operations.

Setup Requirements

  • ⚠️Requires an active Google Cloud Platform account with billing enabled.
  • ⚠️Requires Google Cloud SDK to be installed and Application Default Credentials to be set up (`gcloud auth application-default login`).
  • ⚠️Node.js (LTS recommended) must be installed to run locally, or Docker for containerized local execution. When running in HTTP mode, host validation is disabled by default.
Verified SafeView Analysis
By default, the HTTP server disables `ENABLE_HOST_VALIDATION`, which can make it vulnerable to DNS Rebinding attacks if exposed publicly without a proxy. Users are explicitly warned about this and provided with options to enable host validation via environment variables. `SKIP_IAM_CHECK` defaults to `true`, making deployed Cloud Run services publicly accessible, which is a configurable deployment choice rather than a code vulnerability. No 'eval' or obvious obfuscation detected. Relies on standard Google Cloud SDKs for authentication and API interactions.
Updated: 2026-01-19GitHub
PreviousPage 12 of 760Next