Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

34
4
Medium Cost
lancejames221b icon

agent-hivemind

by lancejames221b

Sec9

Provides distributed memory storage and synchronization for Claude and AI agents, offering tools for storing, searching, and retrieving memories, managing workflows, and securing credentials across multiple machines.

Setup Requirements

  • ⚠️Requires Node.js for `npx @modelcontextprotocol/server-http` client (for remote machines)
  • ⚠️Requires Python 3.x and various Python packages (FastAPI, Uvicorn, Redis, ChromaDB, Pandas, Numpy, Aiohttp, BeautifulSoup4, cryptography, asyncpg, sklearn, etc.)
  • ⚠️Requires Redis for caching and synchronization
  • ⚠️Requires ChromaDB for semantic memory search
  • ⚠️Requires PostgreSQL for the Vault component (src/vault/database_manager.py)
  • ⚠️Critical environment variables `HAIVEMIND_JWT_SECRET` (or `MCP_HTTP_JWT_SECRET`) must be set for JWT authentication
  • ⚠️Tailscale is recommended for network connectivity
Verified SafeView Analysis
The HTTP MCP server (src/http_mcp_server.py) implements robust security measures including JWT authentication, restricted allowed MCP methods, a blocklist for dangerous tool names (e.g., 'file', 'exec', 'shell', 'command'), request size limits, and hardened CORS. While an `eval()` call exists in a basic Python template (src/marketplace_templates.py) for a `calculate` tool, the main HTTP server explicitly blocks tools related to arbitrary code execution or file operations, significantly mitigating this risk at the network boundary. Encryption in the vault is handled by `cryptography.hazmat.primitives` (AES-256-GCM, Scrypt) and passwords by `bcrypt`. Overall, there is a strong and explicit focus on security.
Updated: 2026-01-19GitHub
34
3
Low Cost

mcp-mobile-server

by cristianoaredes

Sec6

Transforms AI assistants into a mobile development powerhouse, automating workflows and integrating cross-platform tools for Flutter, Android, and iOS development.

Setup Requirements

  • ⚠️Requires Node.js 18.0+ and npm or yarn installed.
  • ⚠️Requires pre-installed mobile development SDKs (Flutter, Android SDK, or Xcode for iOS) for full functionality.
  • ⚠️Limited support on Windows (marked with ⚠️).
Verified SafeView Analysis
The server runs local system commands (e.g., `flutter`, `android_sdk`, `xcode`) based on AI input via JSON-RPC. While it claims 'commands validated and sandboxed', running arbitrary external tools on the local machine always carries inherent risk if the input is not sufficiently sanitized or if vulnerabilities exist in the invoked tools or the server itself. Interaction with `npx` also introduces third-party code execution.
Updated: 2025-11-17GitHub
34
4
Medium Cost
Sec3

Enables AI assistants to monitor, manage, and interact with Veeam Backup & Replication environments using natural language through the Model Context Protocol.

Setup Requirements

  • ⚠️Insecure SSL Configuration: Explicitly disables HTTPS certificate validation (`rejectUnauthorized: false`), making it unsuitable for secure production environments without modification.
  • ⚠️Hardcoded Credentials: Requires editing `auth-tool.js` to embed Veeam server credentials, which is a significant security risk. No mechanism for `.env` file loading for these defaults is present in the provided code.
  • ⚠️Veeam Backup & Replication REST API Access: Requires an existing and accessible Veeam B&R server with its REST API enabled (default port 9419) and valid Veeam user credentials.
Review RequiredView Analysis
CRITICAL: The code explicitly sets `rejectUnauthorized: false` for HTTPS requests, which disables SSL certificate validation. This makes the communication vulnerable to Man-in-the-Middle (MITM) attacks and is highly insecure for any production or sensitive environment. CRITICAL: The `auth-tool.js` file contains hardcoded default credentials (host, username, password) and the README encourages users to modify this file directly with their credentials. This is a severe security anti-pattern; credentials should be stored securely, ideally using environment variables or a dedicated secret management system, not directly in source code.
Updated: 2025-12-14GitHub
34
3
Medium Cost
KevinRabun icon

FedRAMP20xMCP

by KevinRabun

Sec9

An MCP server for FedRAMP 20x compliance analysis, providing automated code and infrastructure scanning, evidence automation, and documentation tools.

Setup Requirements

  • ⚠️Requires 'tree-sitter' language bindings (e.g., tree-sitter-python, tree-sitter-c-sharp) for advanced AST analysis across supported languages.
  • ⚠️Excel export functionality requires the 'openpyxl' Python package.
  • ⚠️Word document generation requires the 'python-docx' Python package.
  • ⚠️GitHub Personal Access Token (GITHUB_TOKEN) is recommended for higher API rate limits when fetching CVE data.
  • ⚠️Relies on the 'FastMCP' framework, implying a specific Python environment setup.
Verified SafeView Analysis
The server performs static analysis (SAST-like) and Infrastructure as Code (IaC) scanning for FedRAMP 20x compliance. It leverages Abstract Syntax Tree (AST) parsing (using Tree-sitter) and regex for multi-language (Python, C#, Java, TypeScript) and IaC (Bicep, Terraform) analysis. External CVE data is fetched from GitHub Advisory Database and NVD. No hardcoded secrets were found in the provided code snippets of the server itself; its analyzers are designed to detect them in the *analyzed* code. No use of 'eval' or obvious obfuscation. The primary risk involves the reliability and integrity of external CVE data sources.
Updated: 2026-01-13GitHub
34
1
High Cost
Sec9

Provides access to Reve Create - an image generation model from Reve via Replicate, generating high-quality images with accurate text rendering and optional image editing capabilities through the Model Context Protocol.

Setup Requirements

  • ⚠️Requires Node.js 18 or higher.
  • ⚠️Requires a Replicate API token (a paid service).
  • ⚠️Requires setting the `REPLICATE_API_TOKEN` environment variable.
Verified SafeView Analysis
The server handles API keys via environment variables, specifically `REPLICATE_API_TOKEN`. It downloads images from URLs provided by the Replicate API, saving them to a local 'images' directory relative to the process's current working directory. While the source of the image URL (Replicate) is assumed trusted, a compromise of the external API could theoretically lead to downloading malicious content. The server code itself does not use 'eval' or contain other obvious malicious patterns or hardcoded secrets. File operations for image saving include basic error handling.
Updated: 2025-11-24GitHub
34
4
High Cost
LumeAiChat icon

n8n-skills

by LumeAiChat

Sec10

Provides expert guidance for an AI assistant to build and manage n8n workflows, covering JavaScript and Python code, expressions, validation, node configuration, and architectural patterns, with a focus on AI agents within n8n.

Setup Requirements

  • ⚠️Requires an external n8n-mcp MCP server to be installed and configured for the full functionality described by these skills, as this codebase primarily provides guidance for interacting with it.
  • ⚠️Requires access to Claude Code, Claude.ai, or Claude API to utilize these skills as an AI assistant, as indicated in CLAUDE.md.
  • ⚠️The main README.md contains generic installation instructions for executable files (.exe, .app), which are misleading for this project as it is designed as a collection of AI skills/documentation.
Verified SafeView Analysis
The provided source code consists entirely of markdown documentation files designed to train an AI assistant on n8n workflow development. It does not contain executable server-side code, dependencies, or direct runtime vulnerabilities. The content within the documentation actively promotes good security practices for building n8n workflows (e.g., using parameterized SQL queries, avoiding hardcoded credentials, and recommending read-only database access for AI tools). Therefore, there are no inherent security risks in the provided source code itself.
Updated: 2026-01-19GitHub
34
3
Medium Cost
masaki39 icon

marp-mcp

by masaki39

Sec7

An MCP server that enables LLMs to create and edit Marp presentations with AI assistance using structured layouts.

Setup Requirements

  • ⚠️Requires an MCP client (e.g., an LLM agent) to interact with it.
  • ⚠️Requires Node.js (v18.0.0 or higher) and npm/npx to run.
  • ⚠️File path inputs for tools assume absolute paths and trust in the calling client to not specify malicious paths.
Verified SafeView Analysis
The server uses file system operations (read/write) on paths provided directly by the client (filePath parameter in tools). While the schema descriptions specify 'Absolute path to the Marp markdown file', there is no explicit path sanitization to prevent potential path traversal if a malicious or compromised MCP client were to provide an adversarial path (e.g., '../../../../etc/passwd'). This relies on the integrity of the client (LLM agent) to provide safe inputs. No 'eval' or other direct code execution patterns were found. Child process execution is limited to internal test suites.
Updated: 2025-12-14GitHub
34
3
High Cost
Tommertom icon

sonos-ts-mcp

by Tommertom

Sec8

Control Sonos multi-room audio systems via Model Context Protocol (MCP) for AI-driven home automation and smart audio experiences.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid) or Google Generative AI API Key (Paid/Free Tier) for AI-powered features.
  • ⚠️Sonos devices must be on the same local network, and SSDP multicast discovery may be blocked by firewalls or network configurations (manual IP addition is a fallback).
  • ⚠️Many music services require account linking through the Sonos mobile app, not programmatically; attempts to browse/play from these without prior app setup will yield empty results or errors.
Verified SafeView Analysis
The server opens an HTTP listener for UPnP NOTIFY callbacks, which is a network exposure point, though it filters requests by method and path. Arguments from the MCP client are passed to internal service methods; input validation and XML escaping are present for many parameters, reducing direct injection risks. No obvious hardcoded secrets or malicious patterns were found. The use of external AI SDKs introduces third-party dependency risks.
Updated: 2025-11-27GitHub
34
4
High Cost
alaa-nadi icon

UI-TARS-desktop

by alaa-nadi

Sec2

A GUI Agent application allowing users to control their computer and perform tasks using natural language, leveraging Vision-Language Models (VLMs) and Multi-Channel Processing (MCP) for interaction.

Setup Requirements

  • ⚠️Requires Node.js >= 20 and pnpm >= 9.
  • ⚠️Requires various API keys for VLM providers (e.g., OPENAI_API_KEY, AZURE_OPENAI_API_KEY, ANTHROPIC_API_KEY, GEMINI_API_KEY, MISTRAL_API_KEY, TAVILY_API_KEY, BING_SEARCH_API_KEY) depending on the chosen model/service.
  • ⚠️On macOS, requires explicit system permissions for screen capture and accessibility to function fully (especially for 'nutjs' operator).
  • ⚠️Requires Chrome browser to be installed for 'browser' operator functionality.
Review RequiredView Analysis
The `ui-tars-desktop` application has critical Electron security vulnerabilities including: 1) `preload/index.ts` directly exposes `ipcRenderer` methods to the renderer process (`contextIsolation` bypassed for `window.electron`), allowing potential full Node.js API access if a script is injected. 2) `apps/ui-tars/src/main/window/ScreenMarker.ts` creates new `BrowserWindow` instances with `nodeIntegration: true` and `contextIsolation: false`, making these windows highly vulnerable to arbitrary code execution. 3) `apps/ui-tars/src/main/window/createWindow.ts` uses `sandbox: false`. The `agent-tars-app` part, while using `contextIsolation: true` and Content Security Policy, sets `webSecurity: false` for its main window, allowing unrestricted cross-origin requests which is a significant risk. The integration with `mcp-servers/commands` package allows execution of arbitrary shell commands, posing a severe risk if LLM output is not perfectly sanitized. File system access (`ipcRoutes/filesystem.ts`) can be configured via `setAllowedDirectories`, but improper configuration or bypass could lead to unauthorized file operations. `shell.openExternal` and `shell.openPath` calls can open arbitrary URLs or local files from agent actions.
Updated: 2025-12-15GitHub
34
4
Medium Cost
Sec7

A TypeScript/Node.js backend server application, likely intended for deployment on a serverless platform like Koyeb.

Setup Requirements

  • ⚠️Node.js runtime required.
  • ⚠️pnpm package manager required.
  • ⚠️TypeScript compilation will occur or be required if `pnpm start` doesn't handle it.
Review RequiredView Analysis
Cannot inspect code for 'eval' or obfuscation without file contents. General server risks apply, including potential network exposure depending on configuration. Dependencies listed in `package.json` and `pnpm-lock.yaml` should be audited for known vulnerabilities.
Updated: 2025-11-18GitHub
34
2
Medium Cost
olaservo icon

skilljack-mcp

by olaservo

Sec9

An MCP server that enables LLMs to dynamically discover, load, and use Agent Skills from local directories.

Setup Requirements

  • ⚠️Requires Node.js >= 18.0.0.
  • ⚠️Best experience requires an MCP client supporting `tools/listChanged` notifications (e.g., Claude Code).
  • ⚠️On Windows, forward slashes must be used in paths when configuring skill directories, especially with MCP Inspector.
Verified SafeView Analysis
The server implements strong defenses against common file-related vulnerabilities: - Path traversal is prevented using `fs.realpathSync` and `path.resolve` to ensure all file accesses remain within the configured skill directories. - Symlinks are explicitly checked and rejected (`stat.isSymbolicLink()`) to prevent escape attacks. - File reads are limited by `MAX_FILE_SIZE` (default 1MB, configurable via `MAX_FILE_SIZE_MB` environment variable) to mitigate denial-of-service or memory exhaustion risks. - Directory recursion depth is limited (`MAX_DIRECTORY_DEPTH` = 10) to prevent deep traversal attacks. - Input validation for tool arguments is performed using Zod schemas. The server operates via `StdioServerTransport`, limiting direct external network exposure. Skills themselves are treated as trusted content; the primary risk would be if malicious content were *placed within* a trusted skill directory by an attacker with local access. Overall, well-secured for its intended purpose.
Updated: 2026-01-18GitHub
34
4
Low Cost
AnnieBabs icon

Create-MCP

by AnnieBabs

Sec8

Generates Model Context Protocol (MCP) server projects through a command-line interface.

Setup Requirements

  • ⚠️Requires Node.js version 18 or higher.
  • ⚠️Requires a Node.js package manager (npm, yarn, pnpm, or bun).
  • ⚠️Familiarity with the Model Context Protocol (MCP) is essential for developing with the generated server.
Verified SafeView Analysis
The tool utilizes `execSync` and `spawn` to run package manager commands, a common practice for CLI generators but one that carries inherent risks if not rigorously controlled. Robust input validation is applied to project and component names, effectively mitigating direct command injection vulnerabilities. No hardcoded secrets or overt malicious patterns were detected in the provided source code. The use of `shell: true` with `spawn` on Windows is noted, which is a standard but slightly higher-risk execution method compared to non-shell alternatives.
Updated: 2026-01-19GitHub
PreviousPage 149 of 760Next