Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

36
7
High Cost
everford icon

fetcher-mcp

by everford

Sec7

Fetching and processing web page content (HTML to Markdown) using a headless browser for AI-driven applications.

Setup Requirements

  • ⚠️Requires a Node.js environment (version >= 18) to run.
  • ⚠️Playwright Chromium browser binaries must be installed using `npx playwright install chromium` before the server can operate.
Verified SafeView Analysis
The Playwright browser context is configured to `ignoreHTTPSErrors: true` by default, which bypasses SSL/TLS certificate validation. This can expose the client to Man-in-the-Middle (MITM) attacks when fetching content from untrusted networks or malicious sites. While potentially useful in specific debugging or problematic scenarios, it reduces the overall security posture for web fetching. The tool otherwise appears to be safe from direct malicious intent, and `disableMedia` is true by default, reducing some attack surface.
Updated: 2025-12-15GitHub
36
6
Medium Cost
connectaman icon

Pitchlense-mcp

by connectaman

Sec9

Provides AI-powered, multi-category risk analysis for startups, aiding in investment due diligence, growth potential evaluation, and portfolio risk management.

Setup Requirements

  • ⚠️Requires `GEMINI_API_KEY` for Google Gemini AI (paid service).
  • ⚠️Requires `SERPAPI_API_KEY` for Google News and PDF search (paid service).
  • ⚠️Requires `PERPLEXITY_API_KEY` for advanced web search and synthesis (paid service).
  • ⚠️For Google Cloud specific tools (e.g., Vertex AI RAG, Agent Builder, GCS operations), `GOOGLE_CLOUD_PROJECT`, `GOOGLE_APPLICATION_CREDENTIALS`, and `VERTEX_AI_LOCATION` environment variables are required, necessitating a Google Cloud project and service account setup.
Verified SafeView Analysis
The server demonstrates strong security practices for handling API keys, consistently loading them from environment variables (`os.getenv`) rather than hardcoding. Input validation is present for `startup_text`. There's no evidence of direct `eval` or `exec` on user-provided input. File uploads in the GCP Cloud Function are handled by downloading to the `/tmp` directory, which is standard for temporary serverless storage, and processing relies on LLM-based content extraction rather than arbitrary code execution. LLM prompts include explicit `SECURITY INSTRUCTIONS` to prevent prompt injection and generate professional, unbiased content. The `GoogleContentModerationMCPTool` currently uses a *mock* keyword-based check, which is a functional limitation (not actual Google moderation) but is transparently stated and doesn't introduce a code vulnerability. Network risks are inherent with multiple external API calls (Gemini, Perplexity, SerpAPI), but robust error handling is implemented.
Updated: 2026-01-13GitHub
36
5
Low Cost
Sec8

This server provides a comprehensive Text-to-Speech toolkit for content creators and developers, integrating with AI tools via the Model Context Protocol (MCP), offering CLI and Streamlit interfaces, and supporting audio enhancement and multi-engine TTS (Kokoro, Indic, OpenVoice).

Setup Requirements

  • ⚠️Requires specific system dependencies like `espeak-ng`, `ffmpeg`, and `libsndfile1`, which may require manual installation on Windows.
  • ⚠️High RAM requirements for multi-engine setups: 4GB for Kokoro only, 6GB+ for OpenVoice, 8GB+ for Indic, and 10GB+ for all engines combined.
  • ⚠️Python dependencies require specific installation options (e.g., `pip install -e ".[complete]"` for full features) and some engines like Indic and OpenVoice have additional git-based `pip install` commands and model checkpoint downloads.
Verified SafeView Analysis
The server primarily operates locally (stdio transport by default). An optional HTTP server (`run_http_server.py`) can bind to `0.0.0.0`, which could expose it to the local network if not behind a firewall. File operations (saving/deleting audio/scripts) are generally confined to dedicated output/temp directories (`outputs/`, `logs/`, `temp/`), reducing arbitrary file system access risks. The `normalize_path` function attempts to handle various path formats robustly for user-provided file paths, which is good practice to prevent path traversal, but careful auditing of user input against this function is always recommended. No clear hardcoded secrets or malicious patterns were identified.
Updated: 2025-12-14GitHub
36
7
High Cost
PStryder icon

MemoryGate

by PStryder

Sec7

MemoryGate provides durable memory-as-a-service for AI agents, combining structured storage, semantic search, OAuth-based authentication, and lifecycle controls for retention and archiving.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid) for embedding generation (unless `EMBEDDING_PROVIDER` is set to 'none' or 'local_cpd').
  • ⚠️Requires PostgreSQL with pgvector extension for full semantic search capabilities (SQLite fallback available, but lacks vector search).
  • ⚠️Full OAuth functionality requires configuring credentials for Google, GitHub, and PStryder Desktop environments.
  • ⚠️Python 3.11+ is recommended.
Verified SafeView Analysis
The server implements strong authentication mechanisms including OAuth 2.0 + PKCE, API keys with bcrypt hashing, and an ASGI middleware to protect MCP endpoints, preventing unauthorized access and OpenAI API usage. Rate limiting and security headers are configured by default. However, a high-severity timing attack vulnerability exists in `oauth_discovery.py` for `OAUTH_CLIENT_SECRET` comparison (not using `secrets.compare_digest`), which could potentially aid in credential disclosure via side-channel attacks. Previous critical issues like in-memory OAuth state storage and API key prefix collisions appear to be resolved. No 'eval' or other obviously malicious patterns were found.
Updated: 2026-01-17GitHub
36
7
Medium Cost
INPAYXWEB3 icon

INPAYX

by INPAYXWEB3

Sec2

Develops and manages autonomous, evolving AI agents on the Solana blockchain for Web3 interactions, including trading, governance, and data analysis, treating code as a living, self-mutating organism.

Setup Requirements

  • ⚠️Requires Solana wallet with SOL for transaction fees (devnet/testnet for development).
  • ⚠️Optimal AI training/inference may require GPU/TPU hardware acceleration.
  • ⚠️Multiple language toolchains (Node.js, Python, Go, Rust) must be installed.
  • ⚠️Default hardcoded secrets in Python and Go backends are present; production deployment requires setting environment variables for all secrets.
Review RequiredView Analysis
Critically low due to multiple hardcoded JWT secret keys across Python and Go backends, severe authorization bypasses (e.g., hardcoded user ID in Go JWT middleware), arbitrary code execution vulnerability via `torch.load` (allowing malicious model uploads), and excessively broad CORS/WebSocket origin policies (`AllowAllOrigins = true`). Private key handling in client-side JavaScript examples also poses a significant risk if deployed as-is. These issues make the system highly vulnerable to unauthorized access, data breaches, and remote code execution.
Updated: 2026-01-16GitHub
36
7
Low Cost
OleksandrKucherenko icon

mcp-obsidian-via-rest

by OleksandrKucherenko

Sec7

An MCP server that enables AI assistants to read, search, and interact with Obsidian notes via its Local REST API, supporting multiple network transports and self-healing connections.

Setup Requirements

  • ⚠️Requires Obsidian Desktop running with the 'Local REST API' community plugin enabled and configured.
  • ⚠️A valid Obsidian API Key (minimum 32 characters) is required and must be provided via environment variables.
  • ⚠️Network access to Obsidian's REST API is critical, often requiring specific firewall rules (e.g., Windows Firewall for WSL2 setups) to allow inbound connections to port 27124.
Verified SafeView Analysis
The Obsidian API client uses `rejectUnauthorized: false` for HTTPS connections, which is a significant security risk in general but might be a practical necessity for local, self-signed Obsidian REST APIs. The HTTP transport defaults to binding on `0.0.0.0` (all interfaces), requiring external firewall configuration (as advised in documentation) to prevent unauthorized access. Test secrets (API keys, VNC passwords) are present in test-specific Docker Compose files, which is acceptable for non-production code. Authentication for the HTTP transport is implemented via Bearer tokens, which is a good practice when enabled.
Updated: 2026-01-18GitHub
36
1
Low Cost

A local AI model router and orchestration server for Claude Code, integrating multiple LLM providers (Gemini, OpenAI, etc.) with fallback capabilities and supporting Model Context Protocol (MCP) servers for tool execution.

Setup Requirements

  • ⚠️Node.js v18+ required
  • ⚠️API keys required for LLM providers (e.g., Google Gemini, OpenAI), which may incur costs
  • ⚠️Python and 'modelcontextprotocol' SDK required for optional MCP server functionality
Verified SafeView Analysis
The project explicitly warns against hardcoding API keys, recommends using environment variables, and advises keeping the router bound to '127.0.0.1'. The optional MCP server example demonstrates a 'list_files' tool, which could expose local file system information if misused by an LLM or if the MCP server's 'stdio' transport were redirected insecurely, but the provided setup is local and relatively contained. No critical vulnerabilities like 'eval' or obfuscation were found.
Updated: 2025-11-26GitHub
36
6
High Cost
stancld icon

rossum-mcp

by stancld

Sec6

An AI agent toolkit for Rossum document processing, enabling conversational automation of workflows, debugging of hooks, and configuration management across different environments.

Setup Requirements

  • ⚠️Requires a valid Rossum API Token (paid Rossum account).
  • ⚠️Requires AWS credentials configured for Bedrock access (paid AWS account, Bedrock service enabled).
  • ⚠️Requires Python 3.12 or newer.
  • ⚠️Redis is recommended for chat persistence and history (optional, but full functionality may be impacted without it).
Review RequiredView Analysis
The agent utilizes Python's `exec()` function within the `evaluate_python_hook` tool to execute user-defined code for hook debugging. While efforts are made to sandbox this execution (e.g., stripping imports, whitelisting built-ins), `exec()` inherently carries a significant risk for arbitrary code execution if the sandboxing mechanisms are bypassed. This makes the system more vulnerable if exposed to untrusted inputs. However, other security practices like using environment variables for sensitive credentials (API tokens, AWS keys), and implementing URL and file path sanitization for SSRF and path traversal prevention in the API, are well-observed.
Updated: 2026-01-19GitHub
36
8
Low Cost
Sec9

Encodes and decodes text using characters from the 'Thousand Character Classic' (千字文) for unique text representation.

Setup Requirements

  • ⚠️Requires Python 3.10+ for Python integration.
  • ⚠️Requires Rust toolchain and Cargo for building from source.
  • ⚠️Requires Maturin for building Python extension from source.
Verified SafeView Analysis
The project uses Rust, which provides strong memory safety guarantees. Encoding involves `num-bigint` for numerical conversion of input text and `rand` for character selection, both used in standard, safe ways. Decoding reverses this process. There are no direct network requests within the core logic, no hardcoded secrets, and no use of `eval` or similar high-risk functions. The `uvx` or `pipx` execution methods fetch the repository from GitHub, which is an inherent network operation of those tools, not the application itself.
Updated: 2025-11-24GitHub
36
7
Medium Cost
Sec8

This template provides a monorepo for building AI documentation chatbots using Mastra, separating concerns into an MCP server, an agent, and frontend applications.

Setup Requirements

  • ⚠️Requires API Key for an AI model provider (e.g., OpenAI, Anthropic, Google), which may incur costs.
  • ⚠️Requires pnpm for dependency management and running scripts.
  • ⚠️Multiple services need to run concurrently on different ports (4111, 4112, 3000, 3001) for full functionality.
Verified SafeView Analysis
The application requires API keys for external AI model providers (e.g., OpenAI, Anthropic), which are sensitive credentials and must be secured. The MCP server exposes tools via HTTP/SSE, and while `localhost` is used in examples, public deployment would require HTTPS and proper access control. No explicit use of 'eval' or obfuscation is indicated.
Updated: 2025-11-16GitHub
36
1
Medium Cost
PageLines icon

n8n-mcp

by PageLines

Sec8

Provides opinionated workflow automation for n8n, enforcing best practices, auto-fixing issues, and offering version control.

Setup Requirements

  • ⚠️Requires a running n8n instance URL (N8N_API_URL)
  • ⚠️Requires an n8n API Key with appropriate permissions (N8N_API_KEY)
Verified SafeView Analysis
The server's internal code is well-structured and does not use dangerous patterns like 'eval' or obfuscation. It actively validates against hardcoded secrets and IDs in n8n workflows it manages, recommending environment variables for sensitive data. Network requests are made to a configurable n8n API URL and webhook endpoints, which is standard for its functionality. Security relies heavily on the secure management of the N8N_API_KEY used to connect to the n8n instance.
Updated: 2026-01-16GitHub
36
2
Low Cost
baptiste-mnh icon

bigrack.dev

by baptiste-mnh

Sec8

Provides intelligent, local-first context and task management for AI assistants like Claude Code and Cursor, enhancing their ability to plan complex features, maintain persistent context, and validate business rules during software development.

Setup Requirements

  • ⚠️Requires initial download of an ~80MB vector embedding model (Xenova/all-MiniLM-L6-v2) upon first `bigrack init`.
  • ⚠️Initial repository and project creation, as well as context management, are primarily designed to be performed via an AI assistant (using MCP tools) rather than direct CLI commands, which are "not yet available" for some core features like `bigrack_create_repo` and `bigrack_store_context`.
  • ⚠️Requires Node.js >= 20.0.0 and npm >= 9.0.0.
Verified SafeView Analysis
The project is designed as a local-first application, reducing inherent network attack surfaces. It uses SQLite for local storage and Prisma ORM, which generally handles SQL injection risks through parameterized queries. Tool arguments are defined with JSON schemas, indicating input validation. The `execSync` calls in scripts are for known system commands (like `claude mcp list` or `git rev-parse`) which, while `execSync` is generally discouraged for untrusted input, appear to be used in controlled contexts. No obvious `eval` or obfuscation. The local GUI server could have XSS/CSRF concerns, but its local nature mitigates external exploitation. Overall, good practices for a local application, with risks primarily tied to the execution environment or local data handling.
Updated: 2025-12-10GitHub
PreviousPage 123 of 760Next