Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

35
6
Low Cost
Sec8

Provides tea information as a Model Context Protocol (MCP) server for AI/LLM clients, primarily for learning and understanding the MCP specification.

Verified SafeView Analysis
The server uses standard Go libraries and JSON-RPC 2.0 for communication. It includes basic security headers (X-Content-Type-Options, X-Frame-Options, X-XSS-Protection) and configurable timeouts for HTTP connections, which mitigates some common network risks. Request handling dispatches to predefined methods, preventing dynamic code execution from arbitrary input. CORS is set to `Access-Control-Allow-Origin: *`, which is permissive but common for local/development servers. No obvious hardcoded secrets or malicious patterns were found. For production use, further hardening (e.g., stricter CORS, authentication) would be necessary, though the project explicitly states it's for learning purposes.
Updated: 2026-01-16GitHub
35
5
Medium Cost
Sec3

Provides a JSON-RPC bridge for x32dbg/x64dbg, allowing external automations to inspect and control a debugged process without direct UI interaction.

Setup Requirements

  • ⚠️Requires x64dbg or x32dbg to be installed and running, as it functions as a plugin.
  • ⚠️Windows-only due to extensive use of Windows API and Winsock.
  • ⚠️Requires a C++ development environment (CMake, Visual Studio 2022) for building.
Review RequiredView Analysis
The server lacks any authentication or authorization mechanisms, binding to 0.0.0.0 (all network interfaces) by default. This exposes powerful debugger control capabilities to anyone who can connect to the TCP port, making it highly vulnerable if deployed in an untrusted network environment. While the JSON-RPC commands themselves are designed for debugger interaction, the absence of access control presents a critical security risk.
Updated: 2025-11-22GitHub
35
4
Medium Cost
dirmacs icon

ares

by dirmacs

Sec8

A production-grade agentic chatbot server with multi-provider LLM support, tool calling, Retrieval Augmented Generation (RAG), and advanced research capabilities.

Setup Requirements

  • ⚠️Requires a local Ollama server running with a compatible LLM (e.g., 'ministral-3:3b') for default LLM functionality.
  • ⚠️Mandatory environment variables (JWT_SECRET, API_KEY) must be set for the server to start, even in development.
  • ⚠️For UI development, requires Rust toolchain (with wasm32-unknown-unknown target), Trunk bundler, and Node.js/npm for Tailwind CSS.
Verified SafeView Analysis
The server demonstrates good security practices by requiring critical secrets (JWT_SECRET, API_KEY) via environment variables and offering configurable CORS and rate limiting. There is no direct use of 'eval' or similar dynamic code execution within the core Rust backend. Tool execution is managed through a registry of pre-defined Rust traits, and external tools via MCP are handled by the 'rmcp' crate which focuses on inter-process communication rather than arbitrary code execution within the server. However, the system's flexibility in loading dynamic configurations (TOON files) for user-created agents and their tool definitions could introduce risks if these configuration files are not securely managed or sourced from untrusted origins. The default rate limiting is disabled, which is not recommended for production without re-enabling.
Updated: 2026-01-16GitHub
35
4
Low Cost

EveOnlineMCP

by unclemusclez

Sec9

Provides a local, multi-character MCP server to securely access and proxy the EVE Online ESI API with OAuth authentication and automatic token refresh.

Setup Requirements

  • ⚠️Requires an EVE Online Developer Application with CLIENT_ID and CLIENT_SECRET, which must be configured in a `config.py` file (copied from `config.py.example`).
  • ⚠️The `fastmcp` dependency may require specific installation instructions beyond a simple `pip install`; users should consult FastMCP documentation.
  • ⚠️Python 3.8 or higher is required.
Verified SafeView Analysis
The server uses standard OAuth2 PKCE flow for authentication and stores sensitive tokens securely in a local SQLite database. It runs as a local server, reducing external attack surface. Key security relies on the user's secure handling of their EVE Online developer app CLIENT_ID/CLIENT_SECRET and the local file system's security for the SQLite database.
Updated: 2025-11-17GitHub
35
5
Medium Cost
yshalsager icon

mcp-4get

by yshalsager

Sec9

An MCP server providing LLM clients seamless access to the 4get Meta Search engine API for web, image, and news searches.

Setup Requirements

  • ⚠️Requires Python 3.13+
  • ⚠️Requires uv for dependency management and running
  • ⚠️Relies on the external 4get.ca API, which may require an optional pass token for rate-limited instances.
Verified SafeView Analysis
The server uses standard HTTP client libraries (httpx) with connection pooling and timeout handling. Configuration is loaded from environment variables, avoiding hardcoded secrets. Input parameters are handled via `httpx.QueryParams` and normalized, reducing direct injection risks. Custom error handling and retry logic enhance resilience. No direct 'eval' or similar dangerous functions were found. Input validation for configuration values is also implemented.
Updated: 2026-01-17GitHub
35
1
Medium Cost

mcpac

by sh1nduu

Sec3

Empowers AI agents to interact with Model Context Protocol (MCP) servers by generating type-safe TypeScript/JavaScript interfaces for their tools and providing a secure execution environment.

Setup Requirements

  • ⚠️Requires Bun >= 1.0 at execution time (current limitation).
  • ⚠️MCP servers must be actively running and reachable during the `mcpac generate` step for type definition creation.
  • ⚠️Requires `npx` to be available for running STDIO-based MCP servers (e.g., `@modelcontextprotocol/server-filesystem`).
Review RequiredView Analysis
This tool executes arbitrary TypeScript/JavaScript code, which can interact with the host system's filesystem, network, and resources. It explicitly warns against running untrusted code and highlights the risks of MCP servers themselves. While it includes a capability-based permission system (`--grant` flags) to control tool access, it remains a high-risk tool if misused. Use with extreme caution and only with trusted code.
Updated: 2025-11-18GitHub
35
1
High Cost
null-runner icon

chrome-mcp-docker

by null-runner

Sec9

Provides a persistent, stable Chrome DevTools environment for AI coding assistants to perform UI debugging and web interactions.

Setup Requirements

  • ⚠️Requires Docker Desktop (or Docker Engine) to be installed and running.
  • ⚠️The official Docker MCP Gateway has known bugs affecting custom servers; standalone installation (using 'docker run' directly) or a patched Gateway fork is recommended.
  • ⚠️When configuring for Windows/WSL, catalog paths in `~/.claude.json` must use Windows-style paths (e.g., `C:\Users\...`) with double backslashes for escaping.
Verified SafeView Analysis
The server runs inside a Docker container and connects to a separate Chrome container. It uses `puppeteer-core` to interact with Chrome via the DevTools Protocol (CDP). The `Host` header spoofing (setting 'Host: localhost' when connecting to Chrome) is a necessary workaround for Docker's networking on `host.docker.internal` and is not a general security vulnerability. The `page.evaluate()` function is used internally by specific tools (e.g., `get_computed_styles`, `scroll`) for controlled operations, not exposed as a generic `eval` tool, limiting direct arbitrary code execution. Chrome runs with `--no-sandbox` in Docker, which is common but reduces internal browser isolation if a Chrome vulnerability were exploited. Overall, the design prioritizes isolated and controlled browser interaction.
Updated: 2025-12-10GitHub
35
31
Medium Cost
Tommertom icon

awesome-ionic-mcp

by Tommertom

Sec7

Acts as an intelligent server for AI assistants to access Ionic Framework and Capacitor component definitions, plugin documentation, code examples, and execute CLI commands for mobile app development.

Setup Requirements

  • ⚠️Requires GITHUB_TOKEN environment variable for full functionality, otherwise GitHub API rate limits will be hit during startup when fetching community and CapGo plugin data.
  • ⚠️Puppeteer launches a visible browser window (`headless: false`) for some documentation lookups, requiring a graphical environment or Xvfb if run on a headless server.
  • ⚠️Requires active internet connection for initial data loading and most documentation lookups.
Verified SafeView Analysis
The server executes Ionic and Capacitor CLI commands using `execa` (via `npx`). Input arguments for these commands are sanitized to prevent shell metacharacters. Commands are intended to be restricted to `npx @ionic/cli` and `npx @capacitor/cli`. A critical bug exists in `src/tools/ionic-cli/cli-utils.ts::validateCommand` where the `npx` package validation incorrectly targets the `'-y'` argument instead of the actual CLI package (`@ionic/cli` or `@capacitor/cli`). This bug would currently prevent `npx` commands from executing successfully if strictly enforced. If this bug were fixed to correctly validate only `npx @ionic/cli` and `npx @capacitor/cli`, the command execution would be considered reasonably secure against arbitrary shell injection for the intended CLIs. The server also uses Puppeteer to scrape official documentation sites, launching a browser (often in `headless: false` mode, meaning visible) which increases the attack surface, but it is used against known, trusted URLs specified in the code. No hardcoded secrets or 'eval' were found.
Updated: 2026-01-04GitHub
35
6
High Cost
chronosphereio icon

chronosphere-mcp

by chronosphereio

Sec8

The Chronosphere MCP server acts as an intermediary, exposing Chronosphere monitoring data (logs, metrics, traces, events) and configuration as tools for AI applications and agents.

Setup Requirements

  • ⚠️Requires a Chronosphere API Token or OAuth configuration for backend authentication.
  • ⚠️Requires a Chronosphere Organization Name for API endpoint construction.
  • ⚠️Relies on 'unstable' Chronosphere APIs which are not recommended for production use and may change without warning.
  • ⚠️Requires a YAML configuration file to define server transports (stdio, SSE, HTTP) and Chronosphere API details.
Verified SafeView Analysis
The server uses standard practices for loading credentials (API tokens, OAuth) via configuration files and environment variables, avoiding hardcoding. It integrates with OpenTelemetry for tracing and metrics, enhancing operational visibility without introducing direct security flaws. A dynamic tool disabling mechanism via HTTP headers (`X-Chrono-MCP-Disable-Tools`) allows administrators to limit exposed functionality. However, a notable risk is the explicit reliance on 'unstable' Chronosphere APIs, which are marked as experimental and subject to breaking changes without notice. While the MCP server itself handles these calls securely, unexpected behavior or changes in the underlying unstable APIs could indirectly lead to operational issues or unintended data exposure if not managed carefully by Chronosphere.
Updated: 2026-01-15GitHub
35
6
Medium Cost
exasol icon

mcp-server

by exasol

Sec9

Provides an LLM access to the Exasol database via MCP tools, enabling metadata browsing, SQL query execution, and BucketFS file system interaction.

Setup Requirements

  • ⚠️Requires an Exasol database to connect to, configured via environment variables.
  • ⚠️Specific Python version constraint (>=3.10,<3.14).
  • ⚠️`uv` package is required for recommended installation/execution methods.
  • ⚠️Extensive environment variable configuration if using advanced features like OAuth2 or SaaS for authentication and/or BucketFS access.
Verified SafeView Analysis
The project demonstrates strong security awareness. It explicitly handles secrets via environment variables, with sensitive data masked in logs. SQL queries are rigorously validated using `sqlglot` to prevent injection, with DML/DDL operations requiring user elicitation and confirmation. Identifiers are properly quoted to prevent injection. The HTTP server explicitly checks for authentication by default, mitigating unauthorized access. File system operations on BucketFS also use elicitation and path validation.
Updated: 2026-01-16GitHub
35
6
Low Cost
Fluid-AI icon

fluidmcp

by Fluid-AI

Sec9

Orchestrates Model Context Protocol (MCP) servers and LLM inference engines (like vLLM) via a unified FastAPI gateway, enabling dynamic management, tool invocation, and multi-model LLM serving.

Setup Requirements

  • ⚠️Requires Python 3.9+ to run.
  • ⚠️For LLM features, vLLM must be separately installed (`pip install vllm>=0.6.0`).
  • ⚠️A CUDA-capable GPU is strongly recommended for vLLM to function efficiently.
  • ⚠️A Hugging Face Hub token (set as `HUGGING_FACE_HUB_TOKEN`) is required for accessing gated LLM models.
  • ⚠️Requires a running MongoDB instance for persistent configuration and logging by default; otherwise, data is lost on server restart. Persistence can be enforced with `--require-persistence`.
  • ⚠️Careful management of ports is necessary to avoid conflicts when running multiple MCP servers or LLM models simultaneously.
Verified SafeView Analysis
The server includes robust validation against command injection (e.g., whitelisting commands, stripping dangerous shell patterns in arguments) and MongoDB injection (sanitizing input). It supports configurable bearer token authentication for its management API and explicit warnings for insecure CORS settings. While running external processes inherently carries some risk, the implemented input validation and whitelisting significantly mitigate common vulnerabilities.
Updated: 2026-01-19GitHub
35
3
High Cost

Hosts isolated Strands AI agents in Docker containers, managing their lifecycle, persistence, and tool access.

Setup Requirements

  • ⚠️Requires Docker to be running for agent isolation and execution.
  • ⚠️Requires AWS credentials configured with access to Amazon Bedrock (Claude models) for default LLM functionality.
  • ⚠️Requires Python 3.11+.
Review RequiredView Analysis
The system design grants autonomous AI agents extensive capabilities including direct `shell` command execution and `python_repl` code execution, with `BYPASS_TOOL_CONSENT` explicitly enabled. This means agents can perform arbitrary actions within their mounted Docker volumes and interact with specified external services (like GitHub) without human confirmation. While intentional for agent autonomy, this presents a significant security risk if an agent misbehaves, is compromised, or misinterprets a task, potentially leading to unintended modifications to its workspace or data leakage via configured tools. Users must exercise extreme caution and ensure high trust in the AI's prompts and capabilities.
Updated: 2026-01-13GitHub
PreviousPage 140 of 760Next