Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

36
7
High Cost
VISTA-Stanford icon

meds-mcp

by VISTA-Stanford

Sec9

A Medical Context Protocol (MCP) server for retrieving and analyzing de-identified patient EHR data, facilitating LLM-powered chat interaction and evidence review with medical ontologies and faceted search.

Setup Requirements

  • ⚠️Access to the MedAlign dataset requires approval from Stanford and a REDIVIS_ACCESS_TOKEN.
  • ⚠️Stanford APIM LLM access requires a VAULT_SECRET_KEY, Stanford VPN connectivity, and appropriate API credentials. The `secure-llm` library is a private dependency.
  • ⚠️A MeiliSearch server must be running locally on http://localhost:7700 for faceted search functionality.
  • ⚠️Requires Python 3.10+ and `uv` for dependency management.
Verified SafeView Analysis
No obvious malicious patterns or glaring vulnerabilities were found within the provided source code. Sensitive API keys are managed via environment variables (REDIVIS_ACCESS_TOKEN, VAULT_SECRET_KEY). The system explicitly notes data privacy concerns with LLMs and recommends specific providers for handling sensitive EHR data securely. The use of a private `secure-llm` library is a dependency outside this audit's scope, but it implies an attempt at secure LLM interaction.
Updated: 2026-01-19GitHub
36
7
Medium Cost
nmeierpolys icon

mcp-structured-memory

by nmeierpolys

Sec8

Provides structured, domain-specific memory management for AI agents to use in ongoing projects, storing accumulated context in local markdown files.

Setup Requirements

  • ⚠️Requires Node.js version 20.0.0 or higher.
  • ⚠️Requires local file system access for memory storage in platform-specific directories (e.g., `~/Library/Application Support/` on macOS, `~/.local/share/` on Linux).
  • ⚠️Requires manual configuration of the LLM client (e.g., Claude Desktop `mcpServers` entry) and explicit instructions added to the project context for the AI to effectively utilize the memory server's tools.
Verified SafeView Analysis
Input `memory_id` is well-sanitized to prevent path traversal vulnerabilities. Section names are used for content parsing and manipulation within a document, not directly for file paths, further mitigating risks. The server's core function involves writing LLM-generated markdown content to local files, which inherently relies on the trustworthiness of the LLM's output. No direct `eval` calls, obfuscation, or hardcoded sensitive secrets were identified. Error handling is present to prevent exposing raw stack traces.
Updated: 2026-01-13GitHub
36
2
High Cost
ai-endurance icon

mcp

by ai-endurance

Sec8

The AI Endurance MCP server provides conversational access to personal training data, workouts, performance analytics, and training plan management for runners, cyclists, and triathletes through AI assistants.

Setup Requirements

  • ⚠️Requires an AI Endurance account and active subscription.
  • ⚠️Access to Claude Pro or an MCP-compatible client is necessary.
  • ⚠️OAuth 2.0 authorization is required for initial setup, which involves granting access to your AI Endurance data.
Verified SafeView Analysis
The server leverages OAuth 2.0 for authentication with defined scopes ('read', 'write'), limiting data access to specific user profile, workout, activity, prediction, recovery, and race goal information. It explicitly states what the server *cannot* do (e.g., start plan generation, delete account, access payment info, delete historical activities). Without direct access to the server's executable source code, a comprehensive audit for low-level vulnerabilities (like SQL injection, XSS, or 'eval' usage) cannot be performed. However, the documented security architecture and clear data access boundaries suggest a robust design.
Updated: 2025-12-03GitHub
36
1
Low Cost
Sec9

Enables AI coding agents to access and search conversation history from various local AI tools like VS Code Copilot, Cursor, and Rovodev to maintain context across sessions.

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️Relies on specific local storage paths for AI tools (VS Code Copilot, Cursor, Rovodev); non-standard installations might require setting `VSCODE_STORAGE`, `CURSOR_STORAGE`, or `ROVODEV_HOME` environment variables.
  • ⚠️Installation is recommended via `pipx` for isolated global access or manual `venv` setup for development.
Verified SafeView Analysis
The server operates locally via STDIN/STDOUT (Model Context Protocol). It includes a robust `ContentFilter` module with default patterns to redact sensitive information like API keys, secrets, and private keys from conversation history, enhancing security for the data it processes. No hardcoded secrets were found within the application's own configuration or logic, and there is no usage of `eval` or similar dangerous patterns. It primarily reads local files, which inherently carries some risk if the files themselves are compromised, but the active filtering is a strong positive.
Updated: 2026-01-19GitHub
36
6
Medium Cost
fungiboletus icon

mcp_cafe

by fungiboletus

Sec9

Simulates technical discussions with various AI agent personalities to aid in problem-solving and brainstorming.

Setup Requirements

  • ⚠️Requires Ollama to be installed and running locally (or at a specified endpoint)
  • ⚠️Requires the specified Ollama model (default `gemma3`) to be available or pullable via Ollama
  • ⚠️Requires Python virtual environment setup and dependencies installed from `requirements.txt`
Verified SafeView Analysis
The server uses environment variables for configuration (Ollama endpoint, model, token), avoiding hardcoded secrets. It makes network calls to a specified Ollama endpoint, which defaults to localhost, minimizing external network risks. Authentication uses bearer tokens for Ollama if configured. No 'eval' or other dynamic code execution patterns were found. The primary security consideration would be configuring the Ollama endpoint to an untrusted external server, potentially exposing data.
Updated: 2025-11-28GitHub
36
3
Low Cost
alexha11 icon

Junction-2025

by alexha11

Sec6

The MCP Server acts as a bridge, exposing OPC UA (Open Platform Communications Unified Architecture) digital twin variables and historical data through an MCP (Microservice Communication Protocol) interface, enabling other services like AI agents to read, write, browse, and aggregate real-time industrial data.

Setup Requirements

  • ⚠️Requires an OPC UA server to be running and accessible at 'OPCUA_SERVER_URL'.
  • ⚠️Needs the 'opcua-client' Python library (e.g., 'python-opcua') and 'mcp' library to function correctly.
Verified SafeView Analysis
The MCP server binds to '0.0.0.0', making it accessible from all network interfaces. The 'write_opcua_variable' tool allows writing arbitrary float values to specified OPC UA variables, which could impact a physical system if this were a live digital twin and the MCP server were exposed externally without strong authentication and authorization. No explicit authentication or authorization mechanisms are detailed within the provided code snippets for the MCP server itself. While intended for internal Docker network communication, direct exposure could be a significant risk.
Updated: 2025-11-22GitHub
36
7
High Cost

This MCP server exposes indexed code data to AI coding agents, enabling structured interaction for codebase understanding, code discovery, symbol analysis, and file content reconstruction.

Setup Requirements

  • ⚠️Requires a running Elasticsearch instance (v8.0+) with the ELSER model downloaded and deployed.
  • ⚠️A codebase must first be indexed using the Semantic Code Search Indexer (from the referenced GitHub repository).
  • ⚠️Requires Node.js v20+ and npm for local development/running outside Docker.
Verified SafeView Analysis
The server uses `JSON.parse` but only on internally generated and stringified data, which is a safe pattern. Configuration, including Elasticsearch credentials, is loaded from environment variables, preventing hardcoded secrets. There is no usage of 'eval' or other dynamic code execution from arbitrary inputs. External network calls are limited to the configured Elasticsearch instance. Overall, the security posture appears robust for its intended use.
Updated: 2026-01-13GitHub
36
7
Low Cost
Nicolaas0411 icon

investec-mcp

by Nicolaas0411

Sec8

An MCP server that integrates with the Investec Open Banking API, enabling AI agents to access banking information and perform transactions.

Setup Requirements

  • ⚠️Python 3.12+ is required.
  • ⚠️Requires an Investec Developer account with API credentials (Client ID, Client Secret, API Key).
  • ⚠️Requires `uv` for easy Python dependency management or manual `pip` installation.
  • ⚠️A Docker build step is required if deploying as a container.
Verified SafeView Analysis
The server correctly uses environment variables for sensitive Investec API credentials, preventing hardcoding. It does not use `eval` or exhibit obfuscation. Network communication is via standard HTTP(S) and SSE. Error messages from tools might reveal some internal exception details, which could be refined for production. The primary security risk lies in the secure management of API keys and the deployment environment, as the server provides extensive banking access to an AI agent.
Updated: 2025-11-25GitHub
36
7
Medium Cost
shelfio icon

datadog-mcp

by shelfio

Sec9

Provides Datadog monitoring and management capabilities as a Model Context Protocol (MCP) server for Claude Desktop and other MCP clients.

Setup Requirements

  • ⚠️Requires Python 3.13+.
  • ⚠️Requires UV package manager (includes uvx).
  • ⚠️Requires Datadog API Key (DD_API_KEY) and Application Key (DD_APP_KEY) environment variables set.
Verified SafeView Analysis
The server uses environment variables for Datadog API credentials, which is good practice. Input validation is performed through `inputSchema` definitions for each tool, mitigating common injection risks. API calls use `httpx` and Datadog's official SDK client, relying on their internal security. There is a `DD_SITE` validation which uses a regex and warns for unknown sites but doesn't strictly block them, which is a minor flexibility over strictness trade-off.
Updated: 2026-01-13GitHub
36
7
Low Cost

This project provides example implementations for integrating Solon.AI features, including LLM chat, RAG (Retrieval Augmented Generation), and AI agent capabilities, into various Java frameworks (Spring Boot, Solon, Quarkus, JFinal, Vert.x) while demonstrating the use of the Model Context Protocol (MCP) for server endpoint functionality.

Setup Requirements

  • ⚠️Requires a local Ollama instance running and configured for LLM interaction (default API URLs point to 127.0.0.1:11434).
  • ⚠️Java compilation with `-parameters` flag is recommended for proper parameter name resolution in `@ToolMapping`, `@ResourceMapping`, and `@PromptMapping` annotations.
  • ⚠️Framework-specific setup is required for each example (e.g., Spring Boot, Quarkus, JFinal, Solon, Vert.x) for correct Solon.AI and MCP integration.
Verified SafeView Analysis
The project is an example repository, and some security-sensitive components are provided as basic demonstrations. For instance, `_Constants.java` hardcodes LLM API URLs (to localhost for Ollama), and `McpServerAuth.java` implements a rudimentary authentication check (`if ("no".equals(authStr))`) explicitly labeled as '仅为示例' (only for example). These are not suitable for production environments without robust configuration and proper authentication mechanisms. No 'eval', obfuscation, or overtly malicious patterns were identified. Running locally for demonstration is safe, but production deployment would require significant security hardening.
Updated: 2026-01-19GitHub
36
8
Medium Cost
miklevin icon

pipulate

by miklevin

Sec4

Pipulate is a local-first AI SEO software and digital workshop, designed to automate data saving/loading, web scraping, and SEO tasks using local LLMs and browser automation with robust error handling and server restart capabilities.

Setup Requirements

  • ⚠️Requires Nix package manager for environment setup and reproducibility.
  • ⚠️Requires a local LLM, specifically Ollama with Gemma 3 model, for AI functionalities.
  • ⚠️Requires a Google API Key for integration with Google's Generative AI models (e.g., Gemini-2.5-flash).
  • ⚠️The installer downloads an SSH key (`key.rot`) from `pipulate.com/key.rot` for Git operations within the Nix environment, requiring trust in this external resource.
Verified SafeView Analysis
The server-side JavaScript execution via `eval()` for WebSocket messages (e.g., in `assets/pipulate-init.js`) is a critical vulnerability if the WebSocket input can be compromised, allowing arbitrary code execution in the client's browser. While intended for server-controlled scripts in a local-first context, it represents a significant risk for public-facing deployments. The `install.sh` script employs a 'magic cookie' approach which downloads a ROT13-encoded SSH key from `pipulate.com/key.rot`. While ROT13 is not encryption, the reliance on a potentially exposed deploy key for git operations (even if handled by Nix later) could pose a risk if that key has write permissions. External API integrations (Botify, Google AI) mean trust in these services and secure API key management is essential. Dynamic command execution via `subprocess` in Python modules is present, requiring careful sanitization of any user-controlled input.
Updated: 2026-01-14GitHub
36
5
Medium Cost
WebMCP-org icon

webmcp-sh

by WebMCP-org

Sec8

Demonstrates a client-side AI agent memory and tool ecosystem using WebMCP, enabling structured knowledge management, conversation tracking, and interaction with web applications via browser-based PostgreSQL.

Setup Requirements

  • ⚠️Relies on the WebMCP standard and `@mcp-b` packages for AI agent interaction, which might require familiarity with this specific ecosystem and browser API (`navigator.modelContext`).
  • ⚠️Uses PGlite for client-side PostgreSQL database management entirely within WebAssembly (WASM) and IndexedDB, a non-traditional database setup that may differ from typical server-side databases.
  • ⚠️The Sentry DSN for error tracking is hardcoded in `main.tsx`, which is not ideal for production environments or custom deployments, and should be managed via environment variables.
Verified SafeView Analysis
Application focuses on client-side AI memory management using PGlite (PostgreSQL in browser WASM). SQL execution tools (`sql_query`) include explicit safety checks to block dangerous operations (e.g., DROP, TRUNCATE, ALTER, CREATE) and SQL injection patterns. An append-only audit log is implemented and explicitly protected from AI modification or deletion via database triggers, enhancing data integrity and accountability. The Sentry DSN is hardcoded in `main.tsx`, which is a minor security oversight but not a critical vulnerability.
Updated: 2025-12-12GitHub
PreviousPage 126 of 760Next