Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

35
7
High Cost

ChronoLog

by grc-iit

Sec7

ChronoLog designs and implements a distributed and tiered shared log storage ecosystem with time-based ordering and auto-tiering for high-performance data logging and analysis.

Setup Requirements

  • ⚠️Requires a C++ development environment (compiler, CMake, build tools, etc.).
  • ⚠️Complex dependency management, likely requiring Spack for HPC environments or manual installation of numerous external libraries.
  • ⚠️Deployment involves configuring and orchestrating multiple distributed services (e.g., ChronoKeeper, ChronoStore, ChronoGrapher, ChronoVisor) across a network, not a single standalone application.
Verified SafeView Analysis
ChronoLog is a complex distributed system built primarily with C++, implying significant network interaction and a potential for memory safety vulnerabilities if not meticulously developed and deployed. While no 'eval' or obfuscation is apparent, the nature of a distributed storage system means careful attention to configuration, access control, and network security is critical. Running this system requires understanding its architecture and components.
Updated: 2025-11-18GitHub
35
4
Medium Cost
PancrePal-xiaoyibao icon

get-biji-dev-by-gemini3pro

by PancrePal-xiaoyibao

Sec8

Integrates the Get Notes API with a Model Context Protocol (MCP) server to provide AI-powered knowledge search and recall from multiple knowledge bases.

Setup Requirements

  • ⚠️Requires a valid API key for the 'Get Notes' service (a paid service).
  • ⚠️Requires Node.js (version 18+ is recommended).
  • ⚠️Complex configuration for multiple knowledge bases, either via a 'knowledge_bases.json' file or a large JSON string environment variable.
Verified SafeView Analysis
Configuration via the GET_KNOWLEDGE_BASES environment variable relies on JSON.parse, which could theoretically be a vector for injection if the environment is not controlled by a trusted administrator. API keys are loaded from environment variables or local files and are appropriately masked when listing knowledge bases. Robust rate limiting and retry mechanisms are implemented.
Updated: 2026-01-14GitHub
35
11
Medium Cost
trailofbits icon

slither-mcp

by trailofbits

Sec8

Provides static analysis for Solidity smart contracts using Slither via the Model Context Protocol (MCP), making contract metadata, inheritance, function calls, and security vulnerabilities accessible to LLMs and other tools.

Setup Requirements

  • ⚠️Requires Python 3.11+.
  • ⚠️Requires a Solidity development environment (e.g., Foundry 'forge' or Hardhat 'npx') to be installed and discoverable in the system's PATH for static analysis.
  • ⚠️For specific LLM client integrations (e.g., Claude, Cursor), 'uvx' might be required and configured in the system's PATH.
Verified SafeView Analysis
The server's core functionality relies on executing external tools (Forge, Slither) on user-provided Solidity project paths. While this is inherent to its purpose, it introduces a reliance on the integrity of the project path and the binaries being executed. Input validation is performed for tool parameters, and there are no direct code injection vulnerabilities like 'eval' or arbitrary command execution through tool requests. Opt-out metrics are implemented with explicit privacy filtering, and opt-in enhanced error reporting is clearly documented to transmit sensitive data. The primary risk lies in a user supplying a malicious Solidity project that could exploit local environment vulnerabilities, rather than a flaw in the server's request handling.
Updated: 2025-11-19GitHub
35
3
High Cost
Sec9

An intelligent FastMCP 2 server that converts natural language questions into SQL queries or API requests for any SQL database or OpenAPI-defined API using AI.

Setup Requirements

  • ⚠️Requires an LLM API Key (e.g., OpenAI, OpenWebUI) which might be a paid service.
  • ⚠️Requires specific database drivers (e.g., psycopg2-binary for PostgreSQL, pymysql for MySQL) if not using the default SQLite.
  • ⚠️Requires manual execution of `python generate_schema.py` to create initial database/API context.
Verified SafeView Analysis
The system implements robust multi-layered security: read-only by default, a comprehensive keyword blacklist (e.g., DROP, DELETE, INSERT), explicit SELECT-only enforcement for SQL, checks for multiple statements to prevent SQL injection, and a ResponseSanitizer that hides database internals (SQL queries, table/column names, detailed errors) from end-users in production mode. API mode includes an `unsafe_mode` flag for allowing non-GET requests, making it a conscious configuration choice rather than an oversight. Secrets are managed via environment variables.
Updated: 2025-12-05GitHub
35
1
Medium Cost
Sec9

This server acts as a Model Context Protocol (MCP) intermediary, enabling AI assistants like Antigravity to interact with and manage n8n automation workflows via its REST API.

Setup Requirements

  • ⚠️Requires Node.js v18.0.0 or higher.
  • ⚠️Requires an active n8n instance with a generated API Key and its corresponding URL.
  • ⚠️Specific configuration for Antigravity involves editing `mcp_config.json` with absolute paths, which can be error-prone across different operating systems.
Verified SafeView Analysis
The server loads API credentials (N8N_API_URL, N8N_API_KEY) from environment variables, explicitly checking for their presence. The `.env` file is correctly listed in `.gitignore` to prevent accidental commits of sensitive data. The client uses `encodeURIComponent` for IDs to prevent injection. There are no direct usages of `eval` or obvious malicious patterns. The main security consideration is ensuring the N8N_API_KEY is kept secure in the deployment environment.
Updated: 2025-11-25GitHub
35
8
Medium Cost
hherb icon

biomedmcp

by hherb

Sec8

A biomedical research Model Context Protocol (MCP) server and an autonomous research agent that uses local LLMs to search PubMed and the web for medical questions, providing evidence-based answers with citations.

Setup Requirements

  • ⚠️Requires Python 3.12+
  • ⚠️Requires Ollama to be installed and running locally with a compatible LLM (default: phi4:latest)
  • ⚠️Optional: NCBI API key (set as NCBI_API_KEY environment variable) for higher PubMed API rate limits.
Verified SafeView Analysis
The server uses environment variables for API keys (NCBI_API_KEY) and standard, well-vetted Python libraries (requests, BeautifulSoup, Flask). No 'eval' statements or obvious hardcoded secrets were found. Subprocess execution in local client mode targets a known project script, reducing arbitrary command injection risks. XML parsing for PubMed abstracts uses `xml.etree.ElementTree`, which is generally safe but less robust against deliberately malformed XML (e.g., XXE attacks) than specialized libraries if the source were untrusted; however, PubMed is a trusted source.
Updated: 2025-11-22GitHub
35
6
Medium Cost
aj-geddes icon

terry-form-mcp

by aj-geddes

Sec9

Enables AI assistants to securely execute Terraform commands and leverage LSP-driven code intelligence for infrastructure-as-code management.

Setup Requirements

  • ⚠️Docker is required for the recommended and most secure deployment method.
  • ⚠️Full GitHub integration requires a complex, multi-step GitHub App setup including private keys and installation IDs.
  • ⚠️Users must separately configure cloud provider credentials on the host (e.g., AWS environment variables) for Terraform to interact with actual cloud infrastructure.
Verified SafeView Analysis
The server implements strong security measures including input validation, path traversal protection, command injection prevention, and action whitelisting (blocking 'apply', 'destroy'). Sensitive information is handled via environment variables. Subprocess execution uses `shell=False`. Rate limiting and authentication are implemented. Docker containerization enhances isolation, though explicit network isolation settings for the Docker container itself would further harden the 'no outbound network connectivity' claim.
Updated: 2025-12-04GitHub
35
6
Medium Cost
abhirockzz icon

mcp_cosmosdb_go

by abhirockzz

Sec6

Provides an MCP server for interacting with Azure Cosmos DB databases, containers, and items, primarily intended as a learning and experimental tool for AI tooling.

Setup Requirements

  • ⚠️Requires an active Azure subscription and an Azure Cosmos DB account.
  • ⚠️Authentication with Azure is required, typically via Azure CLI login (`az login`), environment variables (e.g., AZURE_CLIENT_ID, AZURE_TENANT_ID, AZURE_CLIENT_SECRET), or Managed Identity.
  • ⚠️The authenticated identity must have appropriate 'control plane' and 'data plane' permissions on the Azure Cosmos DB account.
Verified SafeView Analysis
The server uses DefaultAzureCredential for robust Azure authentication and does not contain hardcoded production secrets or malicious patterns. However, the README explicitly warns that when deployed as a remote HTTP(s) endpoint, the server lacks client authentication and authorization, making it critically vulnerable if exposed publicly. For local or securely managed deployments (e.g., behind an authenticated API Gateway), the risk is mitigated, but this crucial limitation must be addressed for any public-facing remote use.
Updated: 2026-01-19GitHub
35
5
Medium Cost
RomanEmreis icon

neva

by RomanEmreis

Sec8

Provides a blazingly fast and easily configurable Model Context Protocol (MCP) server and client SDK for Rust, primarily for integrating LLMs with external tools and resources.

Setup Requirements

  • ⚠️Requires `rustc 1.90+` for compilation.
  • ⚠️The project is currently in 'preview' status, meaning breaking changes can be introduced without prior notice, impacting long-term stability and compatibility.
  • ⚠️Requires the `JWT_SECRET` environment variable to be set for authentication, which must be at least 256 bits long for secure operation.
Verified SafeView Analysis
The server implements bearer token authentication and role-based access control (RBAC) for tools, resources, and prompts, as configured via `AuthConfig` in `http/server/auth_config.rs`. Input validation for structured data, specifically for elicitation requests, is handled explicitly. The framework's use of Rust's proc-macros for defining handlers means that developer-provided literal strings and expressions are embedded directly into generated Rust code at compile time. While this shifts potential injection risks to the compile phase (requiring developers to ensure macro inputs are safe), it mitigates runtime dynamic code execution vulnerabilities from unvetted external input. No 'eval'-like runtime execution from untrusted sources is apparent.
Updated: 2025-12-14GitHub
35
6
High Cost

TAMA-MCP

by Gitreceiver

Sec7

An AI-driven command-line interface (CLI) tool for comprehensive task management, featuring task generation and decomposition powered by PRD parsing and dependency tracking.

Setup Requirements

  • ⚠️Requires a DeepSeek (or OpenAI compatible) API key and a configured base URL, which may incur costs for API usage.
  • ⚠️Python 3.12 or newer is recommended for optimal setup and virtual environment management using 'uv'.
  • ⚠️The 'uv' tool must be installed globally to manage virtual environments and package installations for the project.
Verified SafeView Analysis
The primary security consideration is the transmission of Product Requirement Document (PRD) content and task details to an external AI API (DeepSeek/OpenAI compatible). Users must trust the configured DEEPSEEK_BASE_URL and be aware of data privacy implications. The MCP server itself uses stdio for communication, limiting network exposure for its local operations. No 'eval' or obfuscation is apparent from the provided information.
Updated: 2025-11-17GitHub
35
5
Medium Cost
mytechnotalent icon

Local_MCP_Client

by mytechnotalent

Sec6

The client acts as a cross-platform web and API interface for natural language interaction with configurable MCP servers, facilitating structured tool execution and dynamic agent behavior using local LLMs.

Setup Requirements

  • ⚠️Requires Ollama to be installed and 'ollama serve' running locally.
  • ⚠️Requires a local LLM model (e.g., llama3:8b) pulled via Ollama.
  • ⚠️Requires cloning specific MCP server repositories (e.g., MalwareBazaar_MCP, binja-lattice-mcp) to the user's `~/Documents` directory.
  • ⚠️A Binary Ninja API token (BNJLAT) is required for the `binja-lattice-mcp` server, which should be set as an environment variable.
Review RequiredView Analysis
The primary security risk lies in the client's design to execute external commands as defined in `mcp_config.json`. If `mcp_config.json` is untrusted or modified, this could lead to arbitrary code execution on the host system. Additionally, the example `mcp_config.json` hardcodes a placeholder `BNJLAT` (Binary Ninja API token) in the `env` section for one of the MCP servers. While this is an example, it could inadvertently expose sensitive credentials if users copy the example without replacing it with their actual token from an environment variable as recommended by the `README`. The client's own source code does not contain `eval` or obvious obfuscation, but its core function of executing external tools requires careful setup and trust in the configuration and linked MCP servers.
Updated: 2025-11-26GitHub
35
6
Low Cost
SamMorrowDrums icon

mcp-go-starter

by SamMorrowDrums

Sec9

A feature-complete Model Context Protocol (MCP) server template in Go demonstrating tools, resources, and prompts for AI agent interaction.

Setup Requirements

  • ⚠️Requires Go 1.22+
Verified SafeView Analysis
The server is built using standard Go libraries and the official MCP SDK. It supports both stdio and HTTP transports, with the HTTP server binding to localhost by default. There are no hardcoded secrets or 'eval' patterns identified. Dynamic tool loading is used to demonstrate adding functionality at runtime, but the 'bonus_calculator' tool is defined internally, not loaded from an untrusted external source. Elicitation features (form and URL) are part of the MCP protocol and are clearly annotated, providing clients with information about potential external interactions (e.g., opening a feedback URL).
Updated: 2026-01-19GitHub
PreviousPage 141 of 760Next