Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(7632)

98
563
Medium Cost
elastic icon
Sec8

Connects Model Context Protocol (MCP) clients to Elasticsearch for natural language interaction with indices and data.

Setup Requirements

  • ⚠️Requires an Elasticsearch instance (versions 8.x or 9.x) with authentication credentials.
  • ⚠️Docker is the primary deployment method for the server.
  • ⚠️Requires an MCP Client (e.g., Claude Desktop, Goose) to interact with the server. If using Claude Desktop with HTTP/SSE, `mcp-proxy` is also needed.
Verified SafeView Analysis
The server is implemented in Rust, contributing to memory safety. Credentials are managed via environment variables (ES_URL, ES_API_KEY, ES_USERNAME, ES_PASSWORD) or dynamically from the MCP client's Authorization header, which offers flexibility but requires careful handling of client trust. Direct exposure of Elasticsearch's Query DSL and ES|QL through tools means that the security relies heavily on the permissions granted to the Elasticsearch user and the robustness of the LLM's query generation to prevent malicious or overly broad queries (e.g., data exfiltration, denial-of-service). The `ES_SSL_SKIP_VERIFY` option, if enabled, introduces a known security risk by bypassing SSL/TLS certificate validation. Errors are captured and returned generically, preventing sensitive information leakage.
Updated: 2025-12-11GitHub
98
620
Low Cost
featureform icon

enrichmcp

by featureform

Sec4

A Python framework for building semantic APIs for AI agents, allowing them to discover, understand, and navigate structured data models via the Model Context Protocol.

Setup Requirements

  • ⚠️Requires Python 3.11+.
  • ⚠️SQLAlchemy integration requires the `enrichmcp[sqlalchemy]` extra and an async SQLAlchemy driver (e.g., `aiosqlite`).
  • ⚠️Redis caching requires the `redis` package.
  • ⚠️All relationships must have at least one resolver defined before running the application, otherwise `app.run()` will raise a `ValueError`.
Review RequiredView Analysis
The `RedisCache` backend uses `pickle.loads` to deserialize cached values. If an attacker can inject malicious pickled data into the Redis cache (e.g., through compromised Redis access), this can lead to arbitrary code execution on the server. Additionally, `exec()` is used internally in the SQLAlchemy integration for dynamic function generation; while its inputs are intended to be controlled by the framework, dynamic code execution is a high-risk primitive.
Updated: 2025-12-01GitHub
98
552
Medium Cost
xing5 icon
Sec9

Acts as an AI assistant's gateway to Google Sheets for automation and data manipulation.

Setup Requirements

  • ⚠️Requires prior setup in Google Cloud Platform (creating a project, enabling Google Sheets and Drive APIs).
  • ⚠️Authentication is critical and involves choosing one of four methods (Service Account, OAuth 2.0, Direct Credential Injection, Application Default Credentials), each with specific environment variables and setup steps.
  • ⚠️Requires 'uv' (specifically 'uvx') to be installed for the recommended quick start method.
Verified SafeView Analysis
The server uses standard Google API client libraries for authentication and API interaction. It relies on environment variables for sensitive configurations like credential paths, folder IDs, or base64-encoded credential content, avoiding hardcoded secrets. The default binding to '0.0.0.0' means it listens on all interfaces, requiring proper host-level firewalling. The broad Google Sheets and Drive API scopes are necessary for its functionality, and the README clearly advises users on appropriate permissions for service accounts, indicating that the primary security responsibility lies with the user's Google Cloud credential management.
Updated: 2025-12-06GitHub
98
582
High Cost
IvanMurzak icon

Unity-MCP

by IvanMurzak

Sec4

AI-powered game development and automation within the Unity Editor and runtime environments, connecting Large Language Models (LLMs) to Unity via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Unity Editor 2022.3 or newer.
  • ⚠️Unity project path cannot contain spaces.
  • ⚠️Requires a compatible MCP Client (e.g., Claude Code, Cursor, GitHub Copilot in VS Code) which must support dynamic MCP Tool updates.
  • ⚠️Using Docker for deployment (recommended) requires Docker Desktop (on Windows) and appropriate port forwarding configuration.
Verified SafeView Analysis
The server's core functionality is to enable an AI agent to have extensive programmatic control over a Unity project. This includes dynamic C# code compilation and execution via Roslyn, and deep reflection capabilities (ReflectorNet) to inspect, modify, and call methods anywhere in the Unity codebase, including compiled DLLs. While essential for an 'AI game developer assistant', this level of access inherently poses significant security risks if the AI's directives are compromised, maliciously crafted, or misused. No obvious hardcoded secrets or malicious patterns were found in the provided server code. Communication uses standard SignalR over HTTP or STDIO. Users must understand that granting access means the AI gains powerful control over their Unity project.
Updated: 2025-12-14GitHub
98
573
Medium Cost

mem-agent-mcp

by firstbatchxyz

Sec8

Provides a Model Context Protocol (MCP) server for a memory agent, enabling LLMs to interact with an Obsidian-like memory system for contextual assistance and RAG.

Setup Requirements

  • ⚠️Requires either macOS with Metal support or Linux with a compatible GPU for local vLLM, or relies on an external OpenAI-compatible proxy.
  • ⚠️Requires a separate LLM model server (vLLM or LM Studio) or LiteLLM proxy running concurrently.
  • ⚠️Integration with client applications (Claude Desktop, LM Studio) involves manual file copying and restarts.
Verified SafeView Analysis
The server can operate locally, enhancing privacy. Integrations with services like GitHub and Google Docs require API tokens, which need to be managed securely. Exposing the MCP server via ngrok for external access introduces standard network security considerations.
Updated: 2025-11-17GitHub
98
605
Low Cost
Puliczek icon
Sec10

This repository serves as a curated list of resources, including papers, videos, articles, tools, and servers, focusing on Model Context Protocol (MCP) security.

Verified SafeView Analysis
The provided 'SOURCE CODE' consists of the `README.md` and `CONTRIBUTING.md` files, which are static documentation. These files themselves do not contain executable code, 'eval' calls, obfuscation, network risks, or hardcoded secrets. Therefore, the repository content itself is inherently safe to run/view. It is important to note that the repository *lists* various external tools and servers, some of which are explicitly labeled as 'Damn Vulnerable MCP Server' or discuss known vulnerabilities within the broader MCP ecosystem. Users should exercise caution and perform their own due diligence when interacting with any external links or tools referenced in the list.
Updated: 2025-12-12GitHub
97
381
High Cost
higress-group icon

himarket

by higress-group

Sec8

Himarket is an enterprise-grade AI open platform designed to help organizations build private AI capability markets, unifying the management and distribution of LLM, MCP Server, and Agent AI resources.

Setup Requirements

  • ⚠️Requires JDK 17, Node.js 18+, Maven 3.6+, and MySQL 8.0+ for local setup.
  • ⚠️Critical database connection parameters (`DB_HOST`, `DB_PORT`, `DB_NAME`, `DB_USERNAME`, `DB_PASSWORD`) must be provided as environment variables or JVM arguments.
  • ⚠️An AES encryption key (`app.encrypt.aesKey`) needs to be securely configured for sensitive data encryption.
  • ⚠️Integration with Higress AI Gateway and Nacos is fundamental, and these components may need separate setup/configuration if not using the provided Docker Compose/Helm scripts.
Verified SafeView Analysis
The backend utilizes Spring Security for authentication and authorization with JWTs. Sensitive configuration fields (e.g., API keys, passwords) are marked with `@Encrypted` and are expected to be encrypted when stored, with the AES key configured via `app.encrypt.aesKey`. Critical settings like database credentials are externalized to environment variables. On the frontend, `parseOpenAPISpec` uses `js-yaml.load` and `JSON.parse` on user-provided spec strings. While this is in the admin panel (implying trusted input), direct parsing of complex data formats can pose risks (e.g., DoS, RCE in certain parser versions) if not robustly sanitized on the backend or if the libraries have unknown vulnerabilities.
Updated: 2025-12-12GitHub
97
505
Low Cost
YuzeHao2023 icon

Awesome-MCP-Servers

by YuzeHao2023

Sec10

A curated, community-driven list of Model Context Protocol (MCP) servers, tools, frameworks, clients, and utilities, enabling AI models to securely interact with local and remote resources.

Verified SafeView Analysis
The provided source code is a documentation repository (README files) and is inherently safe to read. It contains a critical and comprehensive security warning section for *other MCP servers* listed within the ecosystem, advising users on best practices for safe deployment and interaction, including running servers in isolated environments and limiting permissions.
Updated: 2025-12-06GitHub
97
399
Medium Cost
alpacahq icon
Sec8

A comprehensive Model Context Protocol (MCP) server that integrates with Alpaca's Trading API, enabling natural language trading operations for stocks, options, crypto, portfolio management, and real-time market data through AI assistants.

Setup Requirements

  • ⚠️Requires Python 3.10+ and `uv` (a modern Python package manager) for installation and execution.
  • ⚠️Manual configuration of client-specific JSON files (e.g., Claude Desktop, Cursor, VS Code, PyCharm, Gemini CLI) is necessary after server installation, as these client configurations override `.env` settings for API keys.
  • ⚠️For remote usage (e.g., Claude Mobile, ChatGPT), users must deploy the server to a cloud service, as Alpaca does not provide a hosted remote MCP server.
  • ⚠️Some real-time market data features (e.g., SIP data feed, latest 15-minute stock data) require a premium Alpaca subscription.
Verified SafeView Analysis
The server leverages environment variables (.env file) for API keys and provides clear warnings regarding live trading with real funds. Input parsing for market data and order parameters is handled using built-in types and regex, reducing injection risks. For HTTP transport, it defaults to localhost and strongly advises SSH tunneling or reverse proxy for remote access, along with OAuth 2.0 bearer token passthrough for secure multi-tenant deployments. The code explicitly handles specific Alpaca API errors, including those related to trading permissions for complex options strategies, providing informative messages to the user. No direct `eval` or `exec` from user input was found. The main security concerns lie in the sensitive nature of financial trading and the responsibility of the user to secure their API keys and review LLM-generated actions.
Updated: 2025-12-12GitHub
97
388
Low Cost
kagent-dev icon

kmcp

by kagent-dev

Sec9

KMCP is a Kubernetes controller and CLI tool that provides a declarative way to deploy, manage, and scale Model Context Protocol (MCP) servers in Kubernetes environments.

Setup Requirements

  • ⚠️Requires a Kubernetes cluster (1.11.3+) and Helm (3.0+) for controller deployment.
  • ⚠️Docker is required locally for building custom MCP server images.
  • ⚠️Node.js and npm (for npx) are required for local development when using the MCP Inspector.
  • ⚠️Specific language runtimes (e.g., 'uv' for Python, 'go' for Go, 'mvn' for Java) are required locally depending on the chosen MCP server framework for local execution.
Verified SafeView Analysis
The project uses standard Kubernetes practices for deployment and secret management. It explicitly disables HTTP/2 by default in the controller due to known vulnerabilities (CVEs mentioned) and validates image versions via regex to prevent injection attacks in the transport adapter. A dedicated sanitizer is included to redact common secret patterns (e.g., API keys, tokens, database credentials) from output and logs. Secrets are expected to be provided by the user via Kubernetes secrets or .env files, not hardcoded within the application logic.
Updated: 2025-12-08GitHub
97
494
High Cost
mbailey icon

voicemode

by mbailey

Sec6

Provides voice interaction capabilities (STT, TTS, LiveKit) for Model Context Protocol (MCP) servers, allowing LLMs to converse and interact with audio.

Setup Requirements

  • ⚠️Requires OpenAI API Key for cloud STT/TTS services (paid service).
  • ⚠️Requires `uv` package manager for installation and execution.
  • ⚠️Requires Python 3.10+.
  • ⚠️Requires `sudo` access for system package installation on Linux.
  • ⚠️Requires FFmpeg for audio processing.
  • ⚠️Hardcoded default LiveKit credentials ('voicemode123' password, 'devkey: secret') should be changed for any non-local/production use.
Review RequiredView Analysis
The server uses `subprocess.run` and `subprocess.Popen` extensively, which, if not carefully handled, can introduce command injection risks. Hardcoded default weak credentials like 'voicemode123' for `LIVEKIT_ACCESS_PASSWORD` and 'devkey: secret' for the LiveKit server configuration are present. While noted for development, these could pose a security risk if local services are exposed externally or if users do not change them.
Updated: 2025-12-13GitHub
97
399
Medium Cost
brave icon
Sec9

Integrates the Brave Search API to provide comprehensive search capabilities including web, local business, image, video, news, and AI-powered summarization.

Setup Requirements

  • ⚠️Requires a Brave Search API key, obtainable from brave.com/search/api/. Different plans (Free/Pro) offer varying query limits and features.
  • ⚠️Full local search capabilities and AI summarization (`brave_local_search`, `brave_summarizer`) require a Brave Search API Pro plan.
  • ⚠️The server defaults to STDIO transport. If HTTP transport is desired, it must be explicitly configured via environment variable (`BRAVE_MCP_TRANSPORT=http`) or command-line argument (`--transport http`).
Verified SafeView Analysis
The server correctly handles API keys via environment variables or CLI arguments, avoiding hardcoded secrets. Input parameters are validated using Zod schemas for various tools, ensuring data integrity. The 'goggles' parameter in search requests is sanitized to accept only HTTPS URLs, preventing arbitrary URL injection. Client-side rate limiting logic is present in `src/utils.ts` but commented out in the `issueRequest` function in `src/BraveAPI/index.ts`, implying reliance on upstream Brave API rate limits, which is not a critical vulnerability but means the server itself won't throttle outbound requests.
Updated: 2025-12-10GitHub
PreviousPage 12 of 636Next