Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

95
231
Medium Cost

tradingview-mcp

by atilaahmettaner

Sec7

Provides real-time cryptocurrency and stock market analysis for traders, analysts, and AI assistants via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires `uv` package manager to be installed first.
  • ⚠️Manual configuration of `claude_desktop_config.json` specific to Claude Desktop is required.
  • ⚠️Relies on external TradingView data sources, which may be subject to rate limits or data availability issues.
Verified SafeView Analysis
Makes external network requests to TradingView and various cryptocurrency exchanges for market data. The 'uv tool run' command executes code directly from a remote GitHub repository, requiring trust in the source. No obvious use of `eval` or obfuscation detected, and it's open-source.
Updated: 2025-11-17GitHub
95
204
Low Cost
intellectronica icon

skillz

by intellectronica

Sec8

Acts as an MCP server to expose Claude-style skills and their resources as callable tools for AI agents.

Setup Requirements

  • ⚠️Requires Python 3.12+
  • ⚠️Skills must be placed in a designated directory (defaults to `~/.skillz` or specified path)
  • ⚠️Potentially unsafe; skills should be treated as untrusted code and run in sandboxes/containers (as advised by the README)
  • ⚠️Requires an MCP-compatible client to consume the skills
Review RequiredView Analysis
The server uses `yaml.safe_load` for parsing skill metadata, mitigating direct YAML injection risks. It explicitly implements path traversal prevention in resource URIs (e.g., checks for '..') to restrict access. The core functionality is to discover and expose skill definitions and resources; the execution of any bundled helper scripts or code is deferred to the consuming AI client. The README explicitly warns users to treat skills as untrusted code and run in sandboxes/containers, indicating that while the server implements some hardening, the overall system design involves a critical security boundary at the client's execution of skill content.
Updated: 2025-11-26GitHub
95
255
High Cost
homeassistant-ai icon

ha-mcp

by homeassistant-ai

Sec8

Provides AI agents with complete control over Home Assistant via REST and WebSocket APIs, offering a comprehensive suite of tools for smart home management, automation, and debugging.

Setup Requirements

  • ⚠️Requires an existing and running Home Assistant instance.
  • ⚠️Mandates `HOMEASSISTANT_URL` and `HOMEASSISTANT_TOKEN` environment variables for connection.
  • ⚠️Advanced features like filesystem access or the custom component installer require enabling specific feature flags (`HAMCP_ENABLE_FILESYSTEM_TOOLS`, `HAMCP_ENABLE_CUSTOM_COMPONENT_INTEGRATION`) and potentially installing a custom Home Assistant component via HACS.
Verified SafeView Analysis
The server securely handles Home Assistant API tokens via environment variables and uses encryption for OAuth credentials. Filesystem access tools are explicitly feature-flagged and operate within a well-defined sandbox, blocking path traversal. Jinja2 template evaluation is delegated to Home Assistant's core, offloading potential security risks. The primary 'risk' is the extensive control granted to AI agents over a smart home environment, which is the intended functionality.
Updated: 2026-01-19GitHub
95
198
Medium Cost
Sec8

This MCP server provides real-time and historical financial data for stocks and cryptocurrencies, offering search, detailed information retrieval, market overviews, news, and analysis capabilities.

Setup Requirements

  • ⚠️Relies on external financial data APIs (AkShare's sources, OKX, Binance, NewsNow) and requires internet access.
  • ⚠️Smithery deployment requires OAuth authorization or a Smithery API key.
  • ⚠️Docker deployment requires Docker and Docker Compose installed locally.
Verified SafeView Analysis
The project is open-source and includes an MseeP.ai Security Assessment Badge, indicating external verification. It relies on `akshare` and other external financial APIs, which means making network requests to third-party services. Running via `uvx` executes Python code directly, requiring trust in the codebase and its dependencies. Docker deployment offers better isolation.
Updated: 2025-11-17GitHub
95
258
Low Cost
awslabs icon
Sec7

Generates baseline AWS IAM identity-based policies from application source code (Python, Go, TypeScript) and helps fix AccessDenied errors, primarily for AI coding assistants.

Setup Requirements

  • ⚠️Requires AWS CLI configured with credentials (for policy application actions).
  • ⚠️Requires Rust toolchain for building from source.
  • ⚠️Python uv or pip is the recommended installation method, or curl/wget for direct install script.
  • ⚠️MCP server configuration requires setting AWS_PROFILE and AWS_REGION environment variables.
Verified SafeView Analysis
The tool directly modifies AWS IAM policies in an account via the `apply` command. While it includes guardrails (e.g., account mismatch checks, rejection of root users/service-linked roles, and default confirmation prompts for `fix-access-denied` in CLI), its core function is a high-privilege operation. Policies generated and applied should always be carefully reviewed by a human before deployment to ensure they align with security requirements and the principle of least privilege. The `install.sh` script downloads and executes a binary from GitHub releases, which is a common pattern but presents a supply chain risk if the repository or distribution channel were compromised.
Updated: 2026-01-18GitHub
95
225
Medium Cost
vishalveerareddy123 icon

Lynkr

by vishalveerareddy123

Sec9

Lynkr is an AI orchestration layer that acts as an LLM gateway, routing language model requests to various providers (Ollama, Databricks, OpenAI, etc.). It provides an OpenAI-compatible API and enables AI-driven coding tasks via a rich set of tools and a multi-agent framework, with a strong focus on security, performance, and token efficiency. It allows AI agents to interact with a defined workspace (reading/writing files, executing shell commands, performing Git operations) and leverages long-term memory and agent learning to enhance task execution.

Setup Requirements

  • ⚠️Requires API keys for chosen LLM providers (e.g., DATABRICKS_API_KEY, OPENAI_API_KEY, OPENROUTER_API_KEY, AWS_BEDROCK_API_KEY), many of which are paid services.
  • ⚠️If using a local model (`MODEL_PROVIDER=ollama`, `llamacpp`, or `lmstudio`), the respective local server must be running and accessible.
  • ⚠️If `MCP_SANDBOX_ENABLED=true` (default) and `MCP_SANDBOX_RUNTIME=docker` (default), Docker must be installed and running for sandboxed command execution.
Verified SafeView Analysis
The project demonstrates a robust focus on security. It includes explicit `SHELL_BLOCKLIST_PATTERNS` and `PYTHON_BLOCKLIST_PATTERNS`, and a `SafeCommandDSL` to evaluate shell commands against allowed flags and blocked patterns, specifically disallowing dangerous commands like `rm`, `mv`, `cp`, `chmod`, `sudo`, `reboot`, `shutdown`, and `killall`. The `evaluateToolCall` policy enforces controls on tool usage, including file access (allowed/blocked paths) and Git operations (configurable push/pull/commit permissions). Sensitive content is sanitized using `sanitiseText`. For process execution, a Docker-based sandbox (`src/mcp/sandbox.js`) is configurable to provide isolation, resource limits, and network control. Configuration management (`src/config/index.js`) relies on environment variables, preventing hardcoded secrets. While designed with strong safeguards, any system allowing dynamic code execution by an AI carries inherent residual risk.
Updated: 2026-01-18GitHub
94
9980
Medium Cost
hangwin icon

mcp-chrome

by hangwin

Sec6

Transforms the Chrome browser into an AI-controlled automation tool, enabling large language models to interact with web pages, analyze content, and manage browser functions.

Setup Requirements

  • ⚠️Requires Node.js >= 20.0.0 and pnpm/npm for installation.
  • ⚠️Requires Chrome/Chromium browser.
  • ⚠️Native Messaging Host registration may require administrator/sudo privileges (`mcp-chrome-bridge register --system` or `sudo mcp-chrome-bridge register`).
  • ⚠️pnpm users may need to enable pre/post scripts (`pnpm config set enable-pre-post-scripts true`) if automatic registration fails.
Verified SafeView Analysis
The core functionality involves executing AI-generated or user-provided JavaScript code within the browser (via chrome.scripting.executeScript and `new Function`) and manipulating DOM/network. This inherently carries security risks, as it allows arbitrary code execution and browser control. The `FileHandler` can download files from URLs, which could pose an SSRF risk if the input URL is controlled by a malicious agent, although it generates new filenames and restricts cleanup to a temporary directory. The system offers system-level installation of its native messaging host, requiring administrator/sudo privileges, which is a common but significant permission grant. No obvious hardcoded sensitive secrets were found. The security model relies heavily on the trustworthiness of the AI agent and the inputs it processes, rather than a sandboxed execution environment.
Updated: 2026-01-06GitHub
94
641
Medium Cost
hyperbrowserai icon

mcp

by hyperbrowserai

Sec9

This server provides Hyperbrowser's Model Context Protocol (MCP) interface, offering tools for web scraping, structured data extraction, crawling, and general-purpose browser automation using AI agents like OpenAI's CUA and Anthropic's Claude Computer Use.

Setup Requirements

  • ⚠️Requires a Hyperbrowser API Key (HYPERBROWSER_API_KEY or HB_API_KEY environment variable).
  • ⚠️Certain advanced features (e.g., CAPTCHA solving, Proxies, Batch Scrape, Static IPs) require a paid Hyperbrowser plan.
  • ⚠️Requires Node.js (v18.0.0 or higher).
  • ⚠️An OpenAI API Key (OPENAI_API_KEY environment variable) is required for some features like documentation summarization scripts and AI function calling integrations with OpenAI models.
Verified SafeView Analysis
The server correctly retrieves API keys from environment variables (HYPERBROWSER_API_KEY or HB_API_KEY), preventing hardcoded secrets. External network calls (to Hyperbrowser backend, Bing, OpenAI) are a core part of its functionality and appear well-defined and controlled, not arbitrary. JSON schema compilation via AJV is used for validation and does not pose a direct code execution risk. Relying on external cloud services for browser automation introduces external dependency risks inherent to the architecture, but the server's code itself follows good security practices.
Updated: 2025-11-20GitHub
94
133
Medium Cost
gregorydickson icon

memory-graph

by gregorydickson

Sec9

A graph-based MCP server that provides intelligent memory capabilities for Claude Code, enabling persistent knowledge tracking, relationship mapping, and contextual development assistance.

Setup Requirements

  • ⚠️Requires a compatible database backend (SQLite is default, but others like Neo4j, Memgraph, FalkorDB, Turso, LadybugDB, or a Cloud API require specific installations and configurations).
  • ⚠️Persistent storage in remote Claude Code Web environments requires 'MEMORYGRAPH_API_KEY' or 'MEMORYGRAPH_TURSO_URL' and 'MEMORYGRAPH_TURSO_TOKEN' environment variables.
  • ⚠️Optional Python packages (e.g., 'neo4j', 'falkordb', 'redislite', 'libsql-experimental', 'real_ladybug', 'spacy') are needed for specific backends or NLP features.
Verified SafeView Analysis
Input validation is extensively used for memory and relationship data, preventing common injection vulnerabilities (e.g., SQL injection in SQLite/Turso backends) by using parameterized queries. Sensitive information (API keys, passwords, private keys, emails) is actively redacted from memory content before storage, a strong security feature. Subprocess calls for 'git' operations are controlled and generally safe, but always warrant careful review. Authentication for cloud/multi-tenant modes relies on external configuration (API keys, JWT), whose secure management is external to this component but acknowledged.
Updated: 2026-01-13GitHub
94
638
Medium Cost
laravel icon

mcp

by laravel

Sec7

Facilitates rapid development of Model Context Protocol (MCP) servers for AI client interaction within Laravel applications.

Setup Requirements

  • ⚠️Requires careful configuration of `mcp.redirect_domains` (e.g., `MCP_REDIRECT_DOMAINS` environment variable) if using OAuth. Leaving the default `*` in production is a significant security risk.
  • ⚠️Relies on Laravel Passport for OAuth functionality. If OAuth is desired, Laravel Passport must be installed and configured in the Laravel application.
  • ⚠️The `mcp:inspector` command (for debugging) requires Node.js and npm/npx to be installed on the system.
Verified SafeView Analysis
The framework uses `eval()` strictly within test files for mocking, posing no runtime risk. The primary security concern lies in the default `mcp.redirect_domains` configuration (`*`) in `config/mcp.php`, which, if left unrestricted in production, allows any domain to register as an OAuth client. This could lead to open redirect vulnerabilities and unauthorized access. Developers must explicitly define allowed domains.
Updated: 2026-01-06GitHub
94
173
Low Cost
portofcontext icon

pctx

by portofcontext

Sec9

Facilitates AI agent interaction with tools and MCP servers by providing a sandboxed TypeScript code execution environment, reducing token usage and simplifying API integration.

Setup Requirements

  • ⚠️The `pctx` server binary must be installed and running separately (`brew install pctx` or `curl ... | sh`).
  • ⚠️Python client requires `pctx-client` package and optional extras (e.g., `pip install pctx-client[langchain]`).
  • ⚠️LLM API keys (e.g., OPENROUTER_API_KEY) are often required for agent integration examples and actual LLM interaction.
  • ⚠️External `npm` or `node` environment may be required for `stdio` MCP server configurations (e.g., `@modelcontextprotocol/server-memory` used in examples).
Verified SafeView Analysis
The server executes LLM-generated TypeScript code within an isolated Deno sandbox, strictly limiting filesystem, environment, and network access to only explicitly allowed hosts. It performs static type-checking before execution to prevent common errors. Authentication credentials for upstream MCP servers are managed securely via environment variables, system keychain, or external commands, keeping them hidden from the LLM and the Deno runtime. This design significantly mitigates common code execution and credential exposure risks.
Updated: 2026-01-15GitHub
94
703
Medium Cost
apify icon
Sec8

Enables AI agents (LLMs) to interact with the Apify platform, allowing for web scraping, data extraction, and task automation via Apify Actors, data storage, and documentation search.

Setup Requirements

  • ⚠️Requires an Apify API Token (`APIFY_TOKEN`) for authentication and API calls, which needs to be set as an environment variable or in `~/.apify/auth.json`.
  • ⚠️If 'Skyfire mode' is enabled, the `skyfire-pay-id` input property becomes mandatory for `call-actor` and `get-actor-output` tools, adding a payment setup layer.
  • ⚠️For full integration testing, specific Apify Actors (`apify/rag-web-browser`, `apify/instagram-scraper`, `apify/python-example`) are expected to exist on the target Apify platform.
Verified SafeView Analysis
The server's design inherently grants powerful capabilities (running arbitrary Apify Actors) when provided with an API token. While the Apify platform provides sandboxing for Actors, misuse by a malicious LLM or user with a broadly permissioned token could lead to unintended actions. The server code itself does not show direct signs of 'eval' of untrusted input, obfuscation, or hardcoded sensitive API keys (Segment write keys are present, but less critical). It correctly handles API tokens via environment variables or a secure local file.
Updated: 2026-01-19GitHub
PreviousPage 14 of 760Next