Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

36
4
Low Cost

mcpd-proxy

by mozilla-ai

Sec8

Provides a network proxy for Minecraft Protocol connections, facilitating traffic management and potential modifications.

Setup Requirements

  • ⚠️Requires Node.js (LTS recommended)
  • ⚠️Requires npm or yarn package manager
Verified SafeView Analysis
This is a network proxy, so inherent risks related to network traffic management exist. The project structure (TypeScript, modern tooling like ESLint, Vite, Vitest) suggests good development practices. No direct evidence of 'eval' or obfuscation from the file list, but without code, a full audit is not possible. Dependencies would need to be audited separately.
Updated: 2025-11-18GitHub
36
7
Low Cost
codingsasi icon

ddev-mcp

by codingsasi

Sec4

Provides AI assistants with DDEV development environment automation for various web projects, managing environments, databases, and executing commands.

Setup Requirements

  • ⚠️Requires Node.js 20+ (22+ preferred)
  • ⚠️Requires DDEV to be installed and available in the system's PATH
  • ⚠️By default, dangerous commands (e.g., `platform environment:delete`) are blocked and require `ALLOW_DANGEROUS_COMMANDS=true` environment variable to be set for execution.
  • ⚠️The server operates on the 'current working directory' principle; users must manually navigate to the DDEV project directory or explicitly provide `projectPath` for operations.
Review RequiredView Analysis
The server's primary tool, `ddev_exec`, directly executes arbitrary shell commands provided by AI input within the DDEV container. While a 'Dangerous Command Protection' feature is implemented using regex patterns, blacklisting is inherently vulnerable to bypass. There is no explicit shell escaping or robust whitelisting for the `command` argument before it's passed to `child_process.exec`. This poses a significant command injection risk if the AI-generated input is not strictly validated and sanitized by an external client or if a malicious prompt bypasses the regex filters, allowing execution of arbitrary code on the host system. The `sanitizeCommand` and `sanitizeOptions` functions are for logging purposes only, not for preventing injection into the execution itself. Running with `ALLOW_DANGEROUS_COMMANDS=true` escalates this risk further.
Updated: 2026-01-09GitHub
36
1
Low Cost
splinesreticulating icon

claude-svelte5-skill

by splinesreticulating

Sec10

Provides expert guidance on Svelte 5 and SvelteKit development for the Claude Code AI environment.

Setup Requirements

  • ⚠️Requires the Claude Code AI environment.
  • ⚠️Installation involves specific directory structure for skills (`.claude/skills/svelte5-development`).
Verified SafeView Analysis
The project consists of documentation files (`README.md`, `SKILL.md`) that serve as guidance for an AI. It is not an executable server or application in itself. The source code provided is entirely instructional markdown, containing no direct security vulnerabilities. Any code examples provided within the skill are for user implementation and do not pose a direct risk from the skill itself.
Updated: 2025-11-25GitHub
36
7
Medium Cost
knitli icon

codeweaver

by knitli

Sec6

A code intelligence platform that provides semantically rich, context-aware code search for AI agents, aimed at reducing cognitive load and token costs for coding tasks.

Setup Requirements

  • ⚠️Python 3.12+ Required
  • ⚠️API Keys for Cloud Providers (e.g., VoyageAI, OpenAI, Cohere, Bedrock, Mistral for embeddings/reranking)
  • ⚠️Qdrant Setup (requires a running Qdrant instance, often via Docker, if not using in-memory provider)
Verified SafeView Analysis
- **`pickle.loads` usage**: The `NodeTypeParser` uses `pickle.loads` to deserialize a pre-built cache (`node_types_cache.pkl`). While the developers state it's generated during their build process and validated, `pickle` is inherently insecure for untrusted data and can lead to Remote Code Execution (RCE) if the cache or build process is compromised. - **Network Exposure**: The server runs HTTP services (MCP on 9328, Management on 9329) which are local-only (`127.0.0.1`) by default. However, these hosts and ports are configurable, potentially allowing public exposure without adequate authentication or firewalling, creating a network attack surface. - **Telemetry**: Integrates PostHog telemetry, which collects usage data. The system allows opting out and provides a `tools_over_privacy` setting for fine-grained control over what data is sent, and models include `_telemetry_keys` for redaction. This seems transparent. - **`subprocess.run`**: Used for `git` commands and system service installation in CLI tools. These calls are generally safe as they don't involve user-controlled arguments being passed directly to the shell, but the system service installation part (`cli/commands/init.py`) could be a vector if the system itself is compromised or misconfigured.
Updated: 2026-01-19GitHub
36
6
Low Cost
IvanMurzak icon

MCP-Plugin-dotnet

by IvanMurzak

Sec6

Integrates .NET applications with the Model Context Protocol (MCP) to expose methods and data as tools, prompts, and resources to AI assistants like Claude.

Setup Requirements

  • ⚠️Requires a separate .NET application to integrate the `McpPlugin` library, as this is a bridge, not a standalone tool.
  • ⚠️Relies on SignalR for communication between your .NET app and the bridge, potentially requiring firewall adjustments for the default port 8080.
  • ⚠️The power of fuzzy matching and complex type support relies on `ReflectorNet`, which requires understanding of dynamic method invocation and careful consideration of exposed methods.
Verified SafeView Analysis
The server uses a bridge architecture with SignalR for real-time, bidirectional communication and dynamic method invocation (ReflectorNet) to expose C# methods to AI clients. While powerful, this design introduces security risks, particularly if the bridge server is exposed over HTTP to untrusted networks without explicit authentication and authorization. The safety heavily depends on what methods the application developer chooses to expose using `[McpPluginTool]` attributes; exposing sensitive operations (e.g., file system access, shell commands) without careful validation can lead to severe vulnerabilities. The provided code snippets and documentation do not detail authentication/authorization mechanisms for the SignalR hub or the MCP bridge itself.
Updated: 2026-01-18GitHub
36
5
Low Cost
Sec5

A professional MCP server for Google's Gemini 3 Pro Image Preview, enabling state-of-the-art image generation with advanced reasoning, high-resolution output (1K-4K), up to 14 reference images, Google Search grounding, and automatic thinking mode.

Setup Requirements

  • ⚠️Requires a Google Gemini API key (via `GEMINI_API_KEY` or `GOOGLE_API_KEY` environment variable; free tier available).
  • ⚠️Requires Python 3.11 or higher.
  • ⚠️The `image_size` parameter (e.g., '1K', '2K', '4K') critically requires an uppercase 'K'; lowercase will be rejected by the Gemini API.
  • ⚠️On macOS, when configured with Claude Desktop or Cursor, the `uvx` command might require specifying its full path in the MCP configuration (e.g., `/Users/yourusername/.local/bin/uvx`).
Verified SafeView Analysis
The `reference_image_paths` parameter allows specifying arbitrary local file paths. While validation checks for file existence and type, it does not restrict access to a safe directory, potentially allowing the server to read any image file accessible to its process on the local system (an information disclosure risk) if given untrusted input. The content is then base64 encoded and passed to the Google API. No `eval` or obvious malicious patterns were found. For its intended use as a local MCP server, it is generally considered safe but the path handling is a point of concern for broader deployments.
Updated: 2026-01-18GitHub
36
1
Low Cost
Sec3

Provides a Model Context Protocol (MCP) server for verified knowledge with trust scores, reasoning capabilities, and fact-checking.

Setup Requirements

  • ⚠️Requires a running Neo4j graph database instance, configured via environment variables (NEO4J_URI, NEO4J_USER, NEO4J_PASSWORD).
  • ⚠️Requires Python 3.10 or newer.
  • ⚠️The `/knowledge/collect` endpoint (for data ingestion) may require additional, unspecified 'knowledge collectors' to be installed or a specific deployment environment ('agents container'), indicating extra setup if collection features are desired.
Review RequiredView Analysis
The `/knowledge/collect` endpoint in `src/api/server.py` uses `sys.path.insert` to add `/data/apps/agents/src` to Python's import path, then dynamically imports modules. This creates a critical vulnerability: if an attacker can gain write access to `/data/apps/agents/src` (e.g., through container compromise or misconfigured volumes), they can inject malicious Python modules, leading to arbitrary code execution on the server. Proper container security and access controls are paramount to mitigate this specific risk. Other aspects like Neo4j credential handling via environment variables and controlled tool execution (using `getattr` on predefined methods) are more secure.
Updated: 2025-11-27GitHub
36
5
High Cost
nvdigitalsolutions icon

mcp-ai-wpoos

by nvdigitalsolutions

Sec8

Provides a stable API and server framework for integrating AI models and tools into WordPress, enabling advanced AI assistant capabilities and workflow automation.

Setup Requirements

  • ⚠️Requires PHP 7.4+ and WordPress 6.0+.
  • ⚠️Most core AI functionalities require paid API keys for external providers (e.g., OpenAI, Gemini, Anthropic, Huggingface).
  • ⚠️Local LLM support requires local Ollama or LM Studio servers running.
  • ⚠️Persistent chat transcripts and advanced CPT features strongly depend on the JetEngine plugin (Custom Content Types and Data Stores modules).
  • ⚠️Some tools require Node.js, Python, or specific WordPress plugins (e.g., WooCommerce, Elementor, Rank Math, WPCode).
Verified SafeView Analysis
Comprehensive multi-layered security including robust authentication (WordPress nonces, custom bearer tokens, Auth0, mesh keys, guest tokens), detailed access control, input sanitization, encryption (AES-256-CBC), and internal compliance features (ISO 27001 audit/training, asset/supplier security, nefarious usage monitoring). Potential areas requiring continuous vigilance include the custom JWT validation implementation and sandboxing of external Node.js/Python subprocess execution for certain tools, though mitigations are present. The project uses `hash_equals` for key comparisons and explicit `Cache-Control` headers for REST API responses.
Updated: 2026-01-19GitHub
36
2
Medium Cost
M3-Technology-Group icon

qrwc-svelte-mcp

by M3-Technology-Group

Sec8

This MCP server assists LLMs in building Svelte UI components that interact with Q-SYS systems by providing tools to discover Q-SYS components and controls, documentation resources, and optimized prompts.

Setup Requirements

  • ⚠️A Q-SYS Core IP address is required as the first command-line argument; only hardware and VCore are supported, not emulation.
  • ⚠️Q-SYS components must have 'Script Access' property set to 'All' or 'External' in Q-SYS Designer.
  • ⚠️The Q-SYS Remote WebSocket Control (QRWC) service must be enabled on the core via Core Manager.
Verified SafeView Analysis
The server uses `process.argv` to obtain the Q-SYS Core IP address, which is then used to establish a WebSocket connection. While the connection is handled robustly (closing on completion), the underlying Q-SYS QRWC protocol currently lacks authentication, meaning anyone with network access to the core (and the MCP server) could retrieve component/control information. This is a characteristic of the QRWC protocol itself, not a flaw in this MCP server's code. No 'eval' or malicious patterns were found. The tool is designed to connect to a user-specified trusted Q-SYS core.
Updated: 2025-11-25GitHub
36
2
Low Cost

Builds an MCP server to integrate AI agents with Gmail for reading unread emails, generating AI-powered replies, and sending emails.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid Service)
  • ⚠️Requires Gmail App Password (Gmail 2-Step Verification must be enabled)
  • ⚠️Requires `uv` for dependency management
Verified SafeView Analysis
The server correctly uses environment variables (`.env`) for sensitive information like email credentials and OpenAI API keys, preventing hardcoding. It leverages Google App Passwords for Gmail access, which is a more secure practice than using the primary account password. The README explicitly mentions `ALLOWED_ORIGINS` for GitHub Codespaces, indicating an awareness of network access controls. Standard `smtplib` and `imaplib` are used for email communication. No `eval` or obvious malicious patterns were found.
Updated: 2025-12-08GitHub
36
1
Low Cost
belvg-public icon

belvg_mcp_auth

by belvg-public

Sec7

Simplifies authentication for PrestaShop's Micro-Commerce Protocol (MCP) server for development and testing environments by replacing OAuth2 with a bearer token system.

Setup Requirements

  • ⚠️Intended for development, testing, and educational purposes ONLY; explicitly warns against production use without additional security layers due to bypassing standard OAuth2.
  • ⚠️Requires PrestaShop 8.0 or higher.
  • ⚠️Requires the official `ps_mcp_server` module to be installed, but it does not need to be configured/onboarded via PS Accounts.
  • ⚠️Requires `composer install --no-dev` to install dependencies after uploading to the modules directory.
Verified SafeView Analysis
The module explicitly warns that it is for 'DEVELOPMENT USE ONLY' and bypasses standard OAuth2 security protocols. It should not be used in a production environment without strict IP restrictions or additional security layers. The implementation itself uses cryptographically secure token generation (`random_bytes`) and sanitizes database inputs (`pSQL`), preventing common vulnerabilities like SQL injection. No 'eval', obfuscation, hardcoded secrets, or directly malicious patterns were found. The lower score reflects the inherent security reduction by design for its stated purpose (developer convenience) rather than flaws in its implementation.
Updated: 2025-11-26GitHub
36
8
High Cost

Enhances sequential thinking and complex problem-solving through a multi-agent system, supporting revisions and branching paths.

Setup Requirements

  • ⚠️Requires DeepSeek API Key for LLM functionality (DeepSeek is a paid service).
  • ⚠️Requires Exa API Key for the Researcher agent to perform web research.
  • ⚠️Requires Python 3.10+.
Verified SafeView Analysis
The server uses standard Python practices for loading environment variables and logging. It logs to the user's home directory ('.sequential_thinking/logs/'), which is a safe practice. No 'eval' or other direct code injection vulnerabilities were found. Communication is via stdio, as expected for MCP servers, reducing external network attack surface.
Updated: 2026-01-19GitHub
PreviousPage 132 of 760Next