Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

35
6
Medium Cost
Shen-Ming-Hong icon

singular-blockly

by Shen-Ming-Hong

Sec7

An MCP (Model Context Protocol) server for the Singular Blockly VSCode extension, providing tools for querying Blockly block definitions, platform configurations (Arduino/ESP32), workspace states, and facilitating code generation and embedded device programming in an educational context.

Setup Requirements

  • ⚠️Requires PlatformIO CLI to be installed for Arduino projects.
  • ⚠️Requires a Python environment and `mpremote` installed (or will attempt to install it via pip) for MicroPython projects.
  • ⚠️This is a component of a VSCode extension and is not designed to run standalone; it expects to be launched by a VSCode host and interact within a VSCode workspace context.
Verified SafeView Analysis
The server uses `child_process.exec` and `child_process.spawn` to interact with external tools like PlatformIO CLI, Python, and mpremote for compiling code and uploading to microcontrollers. It also uses `new Function()` to parse internal JavaScript localization files. While these are privileged operations and can introduce risks if not carefully handled, they appear to be justified by the extension's core functionality and used with arguments derived from internal configurations or validated user inputs. File system access is scoped to the user's workspace and extension directories. No hardcoded secrets or obvious arbitrary code execution vulnerabilities from external inputs were identified in the MCP tool definitions.
Updated: 2026-01-19GitHub
35
5
Medium Cost
ProjectAtlantis-dev icon

atlantis-mcp-server

by ProjectAtlantis-dev

Sec7

An MCP (Model Context Protocol) server for hosting and managing dynamic Python functions and third-party MCP tools, enabling AI agents to discover and utilize shared capabilities across a network.

Setup Requirements

  • ⚠️Requires Python 3.12+ (3.13 noted as 'iffy')
  • ⚠️Requires Node.js and npx for the MCP client bridge (`atlantis-mcp`)
  • ⚠️Requires uv/uvx for installing and running third-party MCP servers
  • ⚠️Requires an account with `www.projectatlantis.ai` and associated email/API key for cloud connection
  • ⚠️User must NOT hardcode API keys or sensitive data in dynamic function files, as `_function_get` can expose entire file contents.
Verified SafeView Analysis
The server binds to localhost (127.0.0.1) by default, minimizing direct external attack surface. External access occurs via an outbound Socket.IO connection to a trusted Atlantis cloud server. Internal functions (`_function*`, `_server*`, `_admin*`) are restricted to the owner. Localhost connections are treated as the owner for convenience, granting them full privileges. CRITICAL RISK: The `_function_get` tool can return the *entire source file* of a dynamic function, not just the function itself. This exposes all code, imports, comments, and potentially hardcoded sensitive data (e.g., API keys, credentials) within that file. The `@copy` decorator allows non-owners to retrieve source code based on visibility rules (`@public` or `@protected`). The `README_SECURITY.md` explicitly warns against hardcoding secrets, recommending environment variables instead. Users must diligently follow this best practice to prevent credential exposure. The `_admin_pip_install` tool allows the owner to install arbitrary Python packages, posing a risk if the owner account is compromised. The security model relies heavily on the trust of the host machine and the Atlantis cloud server, assuming they are not compromised or spoofing parameters. Overall, while network-level defenses are strong, the dynamic code execution and source code retrieval mechanisms introduce significant risks if best practices for secrets management are not strictly followed by the user.
Updated: 2026-01-18GitHub
35
5
High Cost
zapier icon

zapier-mcp

by zapier

Sec1

This repository provides plugins, skills, and commands for AI agents, specifically Claude, to enable sophisticated workflow automation and integration with 8,000+ apps via Zapier's Model Context Protocol (MCP) for engineering tasks like Jira management, git operations, and code reviews.

Setup Requirements

  • ⚠️Requires `jq` and `make` to build plugins locally.
  • ⚠️Requires a Claude Pro/Team account with Skills enabled.
  • ⚠️Requires Zapier MCP connected to Claude, along with appropriate app connections (e.g., Jira) configured within Zapier.
Review RequiredView Analysis
CRITICAL: The `code-review` skill's `allowed-tools` explicitly lists `Bash(rm -rf:*)`. This grants the AI agent the capability to execute `rm -rf` with arbitrary arguments. While the skill's documented intent is to use `git worktree remove` for cleanup (a safer, more controlled command), the direct `rm -rf` capability presents a severe security risk. An AI agent could potentially be prompted or misinterpret a situation, leading to unintended and destructive file system operations on the host machine. This is an extremely dangerous permission for an AI to possess. No hardcoded secrets were found, and network calls are to a known Zapier endpoint, but the `rm -rf` capability overrides other safety measures.
Updated: 2025-12-12GitHub
35
4
Medium Cost
abdebek icon

MCPify

by abdebek

Sec7

Exposes ASP.NET Core endpoints and OpenAPI specifications as Model Context Protocol (MCP) tools for AI assistants.

Setup Requirements

  • ⚠️Requires .NET 8.0, 9.0, or 10.0 SDK.
  • ⚠️When using Stdio transport, `dotnet run` is not recommended due to build logs corrupting the MCP protocol; `dotnet publish` and running the executable DLL directly is preferred.
  • ⚠️The default `Demo:StateSecret` (a placeholder) must be changed to a secure, unique value for any production or shared environment.
Verified SafeView Analysis
The server provides a robust framework for integrating existing APIs with MCP, including a fully functional OAuth 2.0 Authorization Server powered by OpenIddict. It implements key security features like RFC 8707 resource parameters, JWT token validation, and scope enforcement. However, the default `Demo:StateSecret` in `appsettings.json` is a hardcoded placeholder (`CHANGE_THIS_TO_A_SECURE_SECRET_IN_PRODUCTION_12345`) which poses a significant security risk if not changed in production environments. While `AllowedHosts: "*"` is present, it's often acceptable for internal services if other network controls are in place. No `eval` or obvious malicious patterns were found in the truncated source code.
Updated: 2026-01-18GitHub
35
5
Medium Cost
balldontlie-api icon

mcp

by balldontlie-api

Sec8

Provides a Model Context Protocol (MCP) server for accessing comprehensive sports data and analytics from the BALLDONTLIE API across 18 major sports and leagues.

Setup Requirements

  • ⚠️Requires a BALLDONTLIE API Key for authentication, obtained by signing up on their platform.
  • ⚠️Requires Node.js runtime version 18.0.0 or higher.
Verified SafeView Analysis
The server acts as a proxy, forwarding the client's API key (received via Authorization header) to the backend BALLDONTLIE API. This is a standard pattern for MCP servers integrating with external APIs. While `inputSchema` definitions are present, runtime validation against these schemas does not appear to be explicitly performed within the tool handlers before calling the backend API, which could lead to unnecessary backend calls or less precise error reporting. One specific tool (`nba_get_leaders`) implements pagination client-side by fetching the entire dataset from the upstream API for each call, then slicing it. This can lead to increased network usage and memory consumption on the MCP server and the backend API, especially with large datasets or frequent requests with small `per_page` values, potentially causing operational inefficiencies or hitting rate limits faster than expected. No direct hardcoded secrets, obfuscation, or malicious patterns were found in the provided code.
Updated: 2026-01-19GitHub
35
4
Low Cost
gazzadownunder icon

MCP-OAuth-Compliance

by gazzadownunder

Sec9

A web-based tool for testing MCP server OAuth compliance with various RFCs (9728, 8414, 7591, 9068, 7519, 7515), OAuth 2.1, and the MCP 2025-11-25 specification.

Setup Requirements

  • ⚠️Requires Node.js v18.0.0 or higher.
  • ⚠️Requires manual browser interaction for interactive OAuth flow tests.
  • ⚠️The tool allows HTTP connections to non-localhost MCP servers only if 'Allow HTTP MCP Connection' is explicitly enabled in settings.
Verified SafeView Analysis
The project is a compliance tester, which inherently requires some flexibility regarding security checks (e.g., allowing self-signed certificates by default for testing). This behavior is well-documented, generates warnings, and can be overridden for strict enforcement. There are no indications of 'eval', obfuscation, hardcoded secrets (user-provided secrets are expected for the systems being tested), or other malicious patterns. Network risks related to HTTP connections to non-localhost servers are mitigated by requiring an explicit configuration option ('allowHttpMcpConnection'). Overall, it appears safe for its intended purpose of testing compliance.
Updated: 2026-01-13GitHub
35
1
Medium Cost
mattwilkerson1121 icon

ga-ai-mcp-server

by mattwilkerson1121

Sec8

This server allows AI agents to query Google Analytics 4 data (reports, traffic sources, demographics, etc.) via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires a Google Analytics 4 property with API access enabled.
  • ⚠️Requires a Google Cloud service account with Analytics Data API enabled and 'Viewer' (or higher) access to the GA4 property.
  • ⚠️Service account JSON key file (`credentials.json` or `asidatakpiskey.json`) must be securely generated and its absolute path configured via `GOOGLE_APPLICATION_CREDENTIALS` environment variable (or within `claude-config.json`).
  • ⚠️When using with Claude Desktop, absolute paths for Node.js executable, `src/index.js`, and `credentials.json` must be correctly updated in `claude-config.json`.
Verified SafeView Analysis
The server uses Google's official client libraries for GA4, which are generally secure. Credential handling relies on a service account JSON key file. While `src/index.js` has a default local path (`asidatakpiskey.json`), the recommended and documented approach through `.env` or `claude-config.json` is to use the `GOOGLE_APPLICATION_CREDENTIALS` environment variable pointing to the absolute path of the key file. This allows for secure storage of credentials outside the project directory. No `eval` or obvious malicious patterns were found. Network exposure is limited as it's an MCP server over stdio, not an HTTP server.
Updated: 2025-11-26GitHub
35
4
Medium Cost
Sec9

A Model Context Protocol (MCP) server for converting 29+ file formats (e.g., PDF, Office, images, audio) to clean, structured Markdown, designed for integration with AI workflows and MCP clients like Claude Desktop.

Setup Requirements

  • ⚠️Requires numerous external Python dependencies (e.g., for PDF, Excel, Audio) beyond base installation, often requiring multi-step `pipx inject` commands for full functionality.
  • ⚠️Explicitly states no OCR support for images despite `pytesseract` dependency being listed in installation scripts, meaning image-based text will not be extracted.
  • ⚠️Known limitations from the upstream `MarkItDown` library include `UnicodeDecodeError` for some Markdown files and `BadZipFile` for corrupted Office documents, which the server cannot fully mitigate.
Verified SafeView Analysis
The server demonstrates robust security measures, including comprehensive input validation (path traversal, dangerous XML/JSON/CSV patterns), base64 content validation with size limits, explicit output sanitization (Unicode, output size limits), `hmac.compare_digest` for timing attack prevention, `threading`-based timeouts, and `sys.setrecursionlimit` to prevent recursion bombs. It enforces 'safe working directories' to restrict file system access. Error messages are sanitized to prevent information disclosure. While highly secure, no system is perfectly impenetrable, and reliance on an external MarkItDown library for core conversion means some vulnerabilities might theoretically exist within that dependency.
Updated: 2025-12-08GitHub
35
5
High Cost
SeanPedersen icon

youtube-transcript-mcp

by SeanPedersen

Sec9

Enables LLM chat applications to summarize or analyze content from YouTube videos by providing their transcripts.

Setup Requirements

  • ⚠️Requires Claude Desktop to be installed and running.
  • ⚠️Requires `uv` for dependency and environment management.
  • ⚠️Manual path `$INSERT_PATH` replacement is required in the MCP JSON configuration.
Verified SafeView Analysis
The server's core functionality relies on the `youtube-transcript-api` library, which is widely used and generally trusted. The provided code does not introduce new security vulnerabilities. URL parsing is done with a specific regex pattern, mitigating some input risks. No 'eval' or similar dangerous patterns are used.
Updated: 2025-11-27GitHub
35
6
Medium Cost
scenic-contrib icon

scenic_mcp_experimental

by scenic-contrib

Sec4

Enable AI assistants to interact with Scenic GUI applications for automated testing, AI-driven development workflows, and accessibility.

Setup Requirements

  • ⚠️Requires both an Elixir/Erlang runtime (v1.14+/OTP 24+) and Node.js (>=18.0.0) environment.
  • ⚠️The `scenic_mcp` library must be added as a local dependency (`{:scenic_mcp, "../scenic_mcp"}`) in the Scenic application's `mix.exs` as it is not yet published to Hex.
  • ⚠️The target Scenic application requires specific configuration, including named viewport (`:main_viewport` by default) and driver (`:scenic_driver` by default) processes.
  • ⚠️TypeScript dependencies must be installed and built (`npm install && npm run build`) from the `scenic_mcp` directory before use.
Verified SafeView Analysis
The server explicitly states that it binds to `localhost` only, which limits external network exposure. However, it operates with **no authentication, no authorization, and no encryption** over TCP. This means any local process or malicious local user can fully control the target Scenic application without credentials. It is explicitly designed for 'development and testing environments only' and not recommended for production use. The code itself does not appear to contain malicious patterns or `eval` of arbitrary user input, relying on structured JSON commands.
Updated: 2025-11-29GitHub
35
6
Medium Cost
Sec8

This server provides AI assistants with comprehensive access to Grafana UI components, documentation, stories, design system tokens, and dependency analysis to aid in building observability interfaces, dashboards, and data visualization components.

Setup Requirements

  • ⚠️Requires Node.js version >=18.0.0.
  • ⚠️GitHub API rate limits apply (60 requests/hour) without a personal access token; a token (GITHUB_PERSONAL_ACCESS_TOKEN or GITHUB_TOKEN) is highly recommended for higher limits (5000 requests/hour).
  • ⚠️Can optionally be configured to use a local clone of the Grafana repository, which requires manual cloning and path specification (GRAFANA_REPO_PATH environment variable or --grafana-repo-path CLI option).
Verified SafeView Analysis
The server primarily reads public GitHub repository content or a user-specified local file path. It uses `axios` for external network requests to trusted GitHub domains and `fs` for local file system access. Input paths (component names, repository path) are expected from user arguments and are validated with Zod, mitigating simple path traversal, but careful usage of user-provided paths is always a consideration. No direct 'eval' or malicious patterns were identified. GitHub API tokens are handled via environment variables or CLI arguments, not hardcoded.
Updated: 2026-01-13GitHub
35
3
High Cost
boldare icon

mcp-farmer

by boldare

Sec8

CLI tool for managing, analyzing, and scaffolding Model Context Protocol (MCP) servers, with AI-assisted features for tool generation and probing.

Setup Requirements

  • ⚠️Node.js >= 20 required
  • ⚠️Requires a supported ACP agent (e.g., OpenCode, Claude Code, Gemini CLI, GitHub Copilot CLI) for 'grow' and 'probe' commands
  • ⚠️Internet connection required for remote server interactions, API spec fetching, and package installations
Verified SafeView Analysis
The project uses standard Node.js practices for network requests (fetch) and child process management (spawn, exec). No 'eval' calls were found within the codebase for dynamic code execution. No obvious hardcoded secrets. The tool's design allows users to specify arbitrary URLs or local commands (via `--`) to interact with external MCP servers or local processes, which introduces inherent risk if the user targets untrusted sources. However, this functionality is documented and central to interacting with stdio-based MCP servers. The 'vet' command includes checks for 'dangerous tools' and 'PII handling' within the *target* MCP server's capabilities, indicating a security-conscious design for the overall ecosystem.
Updated: 2026-01-19GitHub
PreviousPage 145 of 760Next