Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(7632)

95
231
Medium Cost

tradingview-mcp

by atilaahmettaner

Sec7

Provides real-time cryptocurrency and stock market analysis for traders, analysts, and AI assistants via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires `uv` package manager to be installed first.
  • ⚠️Manual configuration of `claude_desktop_config.json` specific to Claude Desktop is required.
  • ⚠️Relies on external TradingView data sources, which may be subject to rate limits or data availability issues.
Verified SafeView Analysis
Makes external network requests to TradingView and various cryptocurrency exchanges for market data. The 'uv tool run' command executes code directly from a remote GitHub repository, requiring trust in the source. No obvious use of `eval` or obfuscation detected, and it's open-source.
Updated: 2025-11-17GitHub
95
262
High Cost
wshobson icon

maverick-mcp

by wshobson

Sec8

Personal stock analysis MCP server for financial data analysis, technical indicators, and portfolio optimization tools integrated with Claude Desktop.

Setup Requirements

  • ⚠️Python 3.12+ required.
  • ⚠️TA-Lib is a mandatory dependency and can be challenging to install on Windows.
  • ⚠️Requires Tiingo API Key (Free tier available).
  • ⚠️Requires specific configuration for Claude Desktop with `npx mcp-remote`.
Verified SafeView Analysis
The project explicitly targets personal, local use and has removed complex authentication/billing for simplicity. It enforces the use of environment variables for API keys and sensitive data, utilizes SQLAlchemy for SQL injection prevention, and has robust input validation (Pydantic). A detailed `SECURITY.md` outlines practices like secure headers, audit logging, and circuit breakers. Development scripts using `subprocess` or fast startup modes are clearly marked for development-only use and explicitly bypass production checks. No obvious malicious patterns or obfuscation were found.
Updated: 2025-12-08GitHub
95
204
Low Cost
intellectronica icon

skillz

by intellectronica

Sec8

Acts as an MCP server to expose Claude-style skills and their resources as callable tools for AI agents.

Setup Requirements

  • ⚠️Requires Python 3.12+
  • ⚠️Skills must be placed in a designated directory (defaults to `~/.skillz` or specified path)
  • ⚠️Potentially unsafe; skills should be treated as untrusted code and run in sandboxes/containers (as advised by the README)
  • ⚠️Requires an MCP-compatible client to consume the skills
Review RequiredView Analysis
The server uses `yaml.safe_load` for parsing skill metadata, mitigating direct YAML injection risks. It explicitly implements path traversal prevention in resource URIs (e.g., checks for '..') to restrict access. The core functionality is to discover and expose skill definitions and resources; the execution of any bundled helper scripts or code is deferred to the consuming AI client. The README explicitly warns users to treat skills as untrusted code and run in sandboxes/containers, indicating that while the server implements some hardening, the overall system design involves a critical security boundary at the client's execution of skill content.
Updated: 2025-11-26GitHub
95
205
Low Cost
aws icon
Sec9

Provides a client-side bridge for AI applications to connect to AWS-hosted Model Context Protocol (MCP) servers using SigV4 (AWS IAM) authentication, functioning as both a proxy and a programmatic library.

Setup Requirements

  • ⚠️Requires AWS credentials configured (via AWS CLI, environment variables, or IAM roles).
  • ⚠️Requires Python 3.10+ and the 'uv' package manager.
  • ⚠️Requires a remote MCP server URL to connect to.
Verified SafeView Analysis
The server uses `boto3` for AWS SigV4 authentication, which is a standard and trusted library for secure credential handling and request signing. Input parsing is handled by `argparse`, which is robust against common injection attacks. JSON parsing uses the standard `json` library, which is safe. The monkey-patching of `fastmcp` is for error handling, not to introduce new execution paths. There are no `eval` or `exec` calls with user-controlled input, nor any obvious hardcoded secrets. The primary network interaction is proxying to a configured endpoint using authenticated HTTPX clients, which aligns with its intended function.
Updated: 2025-12-12GitHub
95
198
Medium Cost
Sec8

This MCP server provides real-time and historical financial data for stocks and cryptocurrencies, offering search, detailed information retrieval, market overviews, news, and analysis capabilities.

Setup Requirements

  • ⚠️Relies on external financial data APIs (AkShare's sources, OKX, Binance, NewsNow) and requires internet access.
  • ⚠️Smithery deployment requires OAuth authorization or a Smithery API key.
  • ⚠️Docker deployment requires Docker and Docker Compose installed locally.
Verified SafeView Analysis
The project is open-source and includes an MseeP.ai Security Assessment Badge, indicating external verification. It relies on `akshare` and other external financial APIs, which means making network requests to third-party services. Running via `uvx` executes Python code directly, requiring trust in the codebase and its dependencies. Docker deployment offers better isolation.
Updated: 2025-11-17GitHub
95
210
Medium Cost
awslabs icon
Sec9

An open source Model Context Protocol (MCP) server and command-line tool that helps AI coding assistants quickly create baseline AWS IAM policies by analyzing application code locally and fixing AccessDenied errors.

Setup Requirements

  • ⚠️Requires AWS credentials configured (e.g., via AWS CLI) to apply policies or debug AccessDenied errors.
  • ⚠️Building from source requires Rust (latest stable version), Git, and CMake (Windows only).
  • ⚠️Direct installation script (`install.sh`) is supported for MacOS/Linux only.
  • ⚠️Requires specific configuration within AI coding assistants (e.g., Kiro, Claude Desktop) to enable MCP server integration.
Verified SafeView Analysis
The tool performs critical AWS IAM policy creation and modification. However, it incorporates several important security guardrails: - **Same-Account Policy Application**: Policies can only be applied to principals in the same AWS account as the caller. - **Principal Restrictions**: Explicitly disallows modification of root users, AWS service-linked roles, and federated users. - **User Confirmation**: The CLI's `fix-access-denied` command requires an explicit `--yes` flag or interactive TTY confirmation. The MCP server uses elicitation for user confirmation before applying policies. - **Policy Review Recommendation**: The README strongly advises users to review and refine generated policies before deployment. - **Scoped Policy Generation**: Focuses on identity-based policies, explicitly not supporting resource-based policies (e.g., S3 bucket policies), Service Control Policies (SCPs), or permission boundaries, which limits its potential attack surface. - The `install.sh` script might require `sudo` for system-wide installation, which is standard but necessitates trust in the source.
Updated: 2025-12-12GitHub
94
641
Medium Cost
hyperbrowserai icon

mcp

by hyperbrowserai

Sec9

This server provides Hyperbrowser's Model Context Protocol (MCP) interface, offering tools for web scraping, structured data extraction, crawling, and general-purpose browser automation using AI agents like OpenAI's CUA and Anthropic's Claude Computer Use.

Setup Requirements

  • ⚠️Requires a Hyperbrowser API Key (HYPERBROWSER_API_KEY or HB_API_KEY environment variable).
  • ⚠️Certain advanced features (e.g., CAPTCHA solving, Proxies, Batch Scrape, Static IPs) require a paid Hyperbrowser plan.
  • ⚠️Requires Node.js (v18.0.0 or higher).
  • ⚠️An OpenAI API Key (OPENAI_API_KEY environment variable) is required for some features like documentation summarization scripts and AI function calling integrations with OpenAI models.
Verified SafeView Analysis
The server correctly retrieves API keys from environment variables (HYPERBROWSER_API_KEY or HB_API_KEY), preventing hardcoded secrets. External network calls (to Hyperbrowser backend, Bing, OpenAI) are a core part of its functionality and appear well-defined and controlled, not arbitrary. JSON schema compilation via AJV is used for validation and does not pose a direct code execution risk. Relying on external cloud services for browser automation introduces external dependency risks inherent to the architecture, but the server's code itself follows good security practices.
Updated: 2025-11-20GitHub
94
173
Low Cost
bitbonsai icon

mcp-obsidian

by bitbonsai

Sec9

Enables AI assistants to securely and intelligently interact with Obsidian vaults via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Node.js runtime (v18.0.0 or later).
  • ⚠️Requires an absolute path to a valid Obsidian vault directory as a command-line argument.
Verified SafeView Analysis
The server implements strong security measures including explicit path traversal prevention, filtering of sensitive directories (.obsidian, .git, node_modules), extension whitelisting (.md, .markdown, .txt), and frontmatter validation to prevent YAML corruption (blocking functions/symbols). Destructive operations like 'delete_note' require explicit path confirmation. Communication occurs over standard I/O (stdio transport) rather than network ports, which inherently reduces external network attack surface. No 'eval' or other dangerous dynamic code execution patterns are evident. The use of `gray-matter` for YAML handling further isolates potential parsing vulnerabilities.
Updated: 2025-12-08GitHub
94
164
Low Cost
portofcontext icon

pctx

by portofcontext

Sec9

An open-source framework to connect AI agents to tools and Model Context Protocol (MCP) servers, enabling agents to execute sandboxed TypeScript code for efficient, token-reduced task completion and tool orchestration.

Setup Requirements

  • ⚠️Requires `pctx` server to be running separately (`pctx start` or `pctx mcp dev`) for client SDKs to connect.
  • ⚠️External API keys (e.g., `OPENROUTER_API_KEY` for agents, `NASA_API_KEY` for examples, `STRIPE_MCP_KEY` for unified MCP servers) are required for full functionality of integrations.
  • ⚠️Building from source requires a Rust toolchain (though pre-built binaries are available).
Verified SafeView Analysis
The project emphasizes security through isolated Deno sandboxes for code execution, restricting filesystem, environment, and network access (beyond explicitly allowed hosts). It actively prevents hardcoding secrets via a `SecretString` mechanism that supports environment variables, system keychains, and external commands. While running arbitrary, albeit sandboxed, code inherently carries risks, the explicit and well-defined security boundaries, including automatic stdout/stderr capture and host-based fetch controls, are robust.
Updated: 2025-12-12GitHub
94
637
High Cost
apify icon
Sec8

Enables AI agents to integrate with and leverage Apify Actors for web scraping, data extraction, and automation across various online platforms.

Setup Requirements

  • ⚠️Requires Apify API Token. Usage of Apify Actors and platform resources may incur costs.
  • ⚠️Requires Node.js version 20.0.0 or higher.
  • ⚠️Some advanced features, like Skyfire agentic payments mode, require additional billing setup (Skyfire PAY token) and specific client support.
Verified SafeView Analysis
The server requires an `APIFY_TOKEN` for authentication with the Apify platform, which grants access to Apify resources and should be securely managed. The server facilitates tool calls that can interact with external websites (e.g., via `apify/rag-web-browser` or `get-html-skeleton`), which is its intended purpose. Input validation (Zod, AJV) is applied to tool arguments to mitigate malformed requests. No direct `eval` usage or code obfuscation was detected. The Algolia API key for documentation search is public and read-only.
Updated: 2025-12-14GitHub
94
172
Medium Cost
GuDaStudio icon

geminimcp

by GuDaStudio

Sec8

Integrates Google's Gemini CLI with Claude Code as an MCP server, enabling Claude Code to leverage Gemini for AI-assisted programming tasks, with a focus on frontend design.

Setup Requirements

  • ⚠️Requires installed and configured Claude Code
  • ⚠️Requires installed and configured Gemini CLI (implying Gemini's own API key setup)
  • ⚠️Requires 'uv' tool for installation
  • ⚠️Windows users are strongly recommended to run this project in WSL
Verified SafeView Analysis
The server executes the `gemini` CLI via `subprocess.Popen`. It correctly uses `shell=False` to prevent direct shell injection. The `PROMPT` is passed as a distinct argument to the `gemini` command. A `windows_escape` function is implemented for Windows environments, adding a layer of defense against argument parsing issues. The primary security consideration becomes the trustworthiness and security posture of the underlying Gemini CLI and its handling of arbitrary user prompts, rather than direct vulnerabilities within the wrapper itself.
Updated: 2025-12-11GitHub
94
154
High Cost
blueman82 icon

ai-counsel

by blueman82

Sec5

An MCP server enabling multi-model AI deliberation for consensus-driven decision-making, with support for learning from past decisions through a decision graph memory.

Setup Requirements

  • ⚠️Requires Python 3.11+ to run the server.
  • ⚠️Requires at least one configured LLM integration, which can be a CLI tool (e.g., Claude CLI, Codex CLI, Droid CLI, Gemini CLI) or an HTTP service (e.g., Ollama, LM Studio, OpenRouter). Cloud integrations often require paid API keys, and local services require local LLM servers running.
  • ⚠️The 'deliberate' tool requires a 'working_directory' parameter when invoked by an MCP client to enable file access for evidence-based deliberation.
Verified SafeView Analysis
The server employs several security measures, including a whitelist for the 'run_command' tool, file path exclusion patterns (e.g., .git/, node_modules/), and environment variable substitution for API keys. However, the documentation explicitly states a 'known limitation' for the Codex adapter: it 'can access any file regardless of working_directory (no true isolation)'. This is a critical data leakage vulnerability if Codex is used with sensitive project data. Additionally, the Droid adapter's 'Adaptive Permission Strategy' can automatically escalate to 'high' permissions, which, while designed for seamless operation, could pose a risk if not carefully monitored or controlled within untrusted environments.
Updated: 2025-12-09GitHub
PreviousPage 14 of 636Next