Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(7632)

93
113
Medium Cost
gregorydickson icon

memory-graph

by gregorydickson

Sec8

Provides intelligent, persistent graph-based memory capabilities for AI assistants and coding agents in Claude Code environments.

Setup Requirements

  • ⚠️Requires a configured database backend (SQLite, Neo4j, Memgraph, FalkorDB, Turso, or MemoryGraph Cloud), each with specific environment variables and Python package dependencies. E.g., 'neo4j' package for Neo4j/Memgraph, 'httpx' for Cloud.
  • ⚠️For persistent memory in remote Claude Code Web environments, cloud credentials (MEMORYGRAPH_API_KEY or MEMORYGRAPH_TURSO_URL/TOKEN) are mandatory; otherwise, memories are ephemeral.
  • ⚠️Some advanced features (e.g., NLP entity extraction) may require additional Python libraries like 'spaCy' and its language models.
Verified SafeView Analysis
The server correctly handles sensitive information (API keys, database credentials) via environment variables, avoiding hardcoded secrets. It includes a content sanitization function (`_sanitize_content`) to redact common sensitive patterns (e.g., API keys, passwords, emails) before storing data, which is a good security practice. The server acts as an MCP server, communicating over standard I/O, which is relatively secure. However, its operation relies on connecting to various external or local database backends (Neo4j, Memgraph, FalkorDB, Turso, Cloud) via network connections. The overall security is highly dependent on the secure configuration and management of the chosen backend database. Parameterized queries are used for database interactions, mitigating common injection risks.
Updated: 2025-12-10GitHub
93
105
Low Cost
YuzeHao2023 icon

MCP-oura

by YuzeHao2023

Sec9

An MCP server that provides language models access to Oura API for querying sleep, readiness, and resilience health data.

Setup Requirements

  • ⚠️Requires an Oura API token (Personal Access Token from Oura Developer Portal)
  • ⚠️Requires Python 3.12 or newer
  • ⚠️Uses `uvx` for execution, as demonstrated for Claude for Desktop integration.
Verified SafeView Analysis
The server retrieves API access tokens from environment variables, which is a good security practice. It uses `httpx` for network requests with a defined timeout. Input validation for dates is implemented. There are no obvious signs of 'eval' or other dangerous patterns, nor hardcoded secrets. Error handling is present for API and date parsing issues.
Updated: 2025-11-23GitHub
93
101
Medium Cost
mihaelamj icon

cupertino

by mihaelamj

Sec7

Serves Apple developer documentation and Swift ecosystem content locally to AI agents via the Model Context Protocol, enabling accurate, offline, and structured knowledge retrieval.

Setup Requirements

  • ⚠️Requires macOS 15+ (Sequoia).
  • ⚠️Requires ~2-3 GB of disk space for full documentation download.
  • ⚠️Building from source requires Swift 6.2+ and Xcode 16.0+.
  • ⚠️Fetching Apple sample code from Apple's website (`--type code`) requires Apple ID authentication through Safari.
Verified SafeView Analysis
The installation script (`install.sh`) uses `curl | bash` to download and execute code with `sudo`, which is a common but inherently risky practice. The tool performs extensive web crawling using `WKWebView` and direct downloads from various external sources (Apple, Swift.org, GitHub). This involves processing content from external sources, though limited to well-known documentation. Sensitive data like Apple ID authentication cookies are handled by Safari, not directly by the application, and a `GITHUB_TOKEN` for higher rate limits is expected as an environment variable rather than being hardcoded. The `ReleaseTool` (a maintainer-only separate executable) requires a `CUPERTINO_DOCS_TOKEN` with specific GitHub scopes. The CLI tool itself writes to user-owned directories (`~/.cupertino/`) and does not require elevated privileges post-installation.
Updated: 2025-12-12GitHub
93
125
Medium Cost
agentfront icon

frontmcp

by agentfront

Sec9

A TypeScript-first framework for building Model Context Protocol (MCP) servers, enabling AI models to interact with external systems through typed tools, resources, and prompts, and rendering interactive UI widgets for AI clients.

Setup Requirements

  • ⚠️Requires Node.js 22+.
  • ⚠️Requires Redis for caching, session storage, and specific demo app data persistence.
  • ⚠️Recommended to use `yarn` with `corepack enable` for package management.
Verified SafeView Analysis
The project extensively uses `enclave-vm` for secure sandboxed execution of user-provided UI code (React, MDX, JSX) and `AgentScript` within the `codecall` plugin. It implements AST-based validation, explicitly blocks dangerous globals (`eval`, `Function`, `process.env`), dynamic imports, and `require()` calls to prevent malicious code execution. Cross-Site Scripting (XSS) prevention is evident in UI rendering (e.g., `escapeHtml`). ReDoS protection is applied to regex patterns. Access control mechanisms for tools and self-reference guards are in place for the `codecall` plugin. Sensitive configurations are managed through environment variables (`IDP_PROVIDER_URL`, `MCP_SESSION_SECRET`), which is a standard secure practice.
Updated: 2025-12-14GitHub
93
119
Low Cost
gleanwork icon

remote-mcp-server

by gleanwork

Sec10

Provides metadata for the Glean Remote MCP Server, enabling discovery and integration of enterprise knowledge with AI assistants and developer tools via the Model Context Protocol.

Setup Requirements

  • ⚠️This repository contains only metadata and documentation; the actual Glean MCP Server functionality is proprietary and hosted by Glean, not open source or runnable from this repository.
  • ⚠️Requires an organization-specific Glean MCP server URL and authentication details, which must be obtained through Glean administration and are not configurable directly from this codebase.
  • ⚠️Setting up an MCP client involves configuring dynamic variables like `instance` and `server-name` that are unique to your Glean deployment.
Verified SafeView Analysis
This repository is explicitly a metadata-only repository and does not contain the actual executable server code, which is proprietary and hosted by Glean. Therefore, there are no typical software vulnerabilities like 'eval', obfuscation, network risks (for the server itself), hardcoded secrets, or malicious patterns in the provided source files (which are primarily JSON and Markdown). The `MCP_REGISTRY.md` details a publishing process that involves a private key for DNS authentication, but it correctly advises against committing the key to version control and suggests storing it securely as a secret for CI/CD, which is a best practice. The repository itself poses no direct runtime security risks.
Updated: 2025-12-14GitHub
93
503
Low Cost
vercel icon

mcp-handler

by vercel

Sec8

A Vercel adapter for the Model Context Protocol (MCP), enabling real-time communication between web applications and AI models.

Setup Requirements

  • ⚠️Requires Node.js 18 or later.
  • ⚠️Requires `@modelcontextprotocol/sdk` (peer dependency).
  • ⚠️Requires Next.js 13+ (for Next.js adapter) or Nuxt.
  • ⚠️Requires Redis for Server-Sent Events (SSE) transport functionality.
  • ⚠️User must implement a `verifyToken` function for custom authentication logic when using `withMcpAuth`.
Verified SafeView Analysis
The server uses `execSync` for package installation in its CLI, but with controlled inputs. Deserialization of messages from Redis (`JSON.parse`) could be a vector if Redis is compromised, though it's typically an internal channel. The `withMcpAuth` wrapper delegates token verification to the user, whose implementation will determine the strength of authentication. Overall, generally safe for its intended use, with active maintenance addressing potential issues like memory leaks.
Updated: 2025-11-20GitHub
93
472
Low Cost
getsentry icon

sentry-mcp

by getsentry

Sec9

Sentry's MCP service acts as middleware to the upstream Sentry API, primarily designed for human-in-the-loop coding agents to assist with developer workflows and debugging use cases.

Setup Requirements

  • ⚠️Requires an OpenAI API Key (Paid) for AI-powered search tools (`search_events`, `search_issues`), which will be unavailable without it.
  • ⚠️For local development of the remote server, requires creating a Sentry OAuth App and configuring `SENTRY_CLIENT_ID`, `SENTRY_CLIENT_SECRET`, and a randomly generated `COOKIE_SECRET`.
  • ⚠️For stdio mode, requires generating a Sentry User Auth Token with specific scopes (`org:read`, `project:read`, `project:write`, `team:read`, `team:write`, `event:read`, `event:write`).
Verified SafeView Analysis
The project explicitly addresses critical security concerns, particularly 'Trusted Error Messages Only' to prevent prompt injection vulnerabilities by sanitizing AI-facing error messages. It utilizes a dual OAuth system with PKCE, token encryption, and robust scope enforcement. Secrets are externalized via environment variables. While it uses tools like `tsx` for dynamic execution (common in dev servers), the overall emphasis on secure practices for external API interactions and AI agent communication is strong.
Updated: 2025-12-13GitHub
93
120
Medium Cost

PowerBI-Desktop-MCP

by maxanatsko

Sec10

Enables AI assistants to programmatically interact with Power BI Desktop models for data exploration, analysis, and modification.

Setup Requirements

  • ⚠️Requires Windows 10/11 operating system.
  • ⚠️Requires Power BI Desktop to be installed.
  • ⚠️Requires a compatible AI assistant: Claude Desktop, Claude Code, or VS Code (1.102+) with GitHub Copilot.
Verified SafeView Analysis
The server explicitly states it runs locally, performs zero data collection, tracking, or telemetry, and does not send any data externally. It acts as a local pass-through. The privacy risks lie solely with the AI assistant chosen, which is clearly communicated.
Updated: 2025-11-17GitHub
92
93
Low Cost
mcp-shark icon

mcp-shark

by mcp-shark

Sec8

Aggregate multiple Model Context Protocol (MCP) servers into a single unified interface with a powerful monitoring UI, enabling real-time traffic capture, logging, and AI-powered security analysis.

Setup Requirements

  • ⚠️Requires Node.js 18+ to run the application.
  • ⚠️The 'Smart Scan' feature interacts with an external, potentially paid, AI security analysis service (smart.mcpshark.sh). An API token from this service is required to use the feature, and it will send MCP server metadata to the external service.
  • ⚠️Requires an existing Model Context Protocol (MCP) configuration file (e.g., `~/.cursor/mcp.json`) to function, as it acts as a monitoring proxy for existing MCP server setups, not as a standalone MCP server.
Verified SafeView Analysis
The application functions as a local proxy and monitoring tool for Model Context Protocol (MCP) traffic. It captures and displays all requests/responses between MCP clients and configured servers. A key feature, 'Smart Scan', sends MCP server metadata (such as tool schemas, resource URIs, and prompt arguments) to an external API hosted at `https://smart.mcpshark.sh` for AI-powered security analysis. While this data outflow is explicitly part of a feature, users should be aware that their MCP server configurations are shared with a third-party service. An API token, required for Smart Scan, is stored locally on the user's machine. Configuration files are read from and written to the local filesystem, utilizing Node.js `path.join` and `homedir()` for path resolution, which generally mitigate common path traversal vulnerabilities. The core MCP Shark server is spawned as a child process by the UI server, granting the UI process privileges to execute other programs locally. No direct `eval` calls or intentional code obfuscation were found in the provided source code snippets. The security considerations primarily revolve around the intentional data sharing with the external Smart Scan service and the local file system operations inherent to the tool's design, rather than specific code vulnerabilities.
Updated: 2025-12-06GitHub
92
86
Low Cost
Sec7

Connects AI assistants to OpenTelemetry trace backends for analyzing LLM traces with AI assistance.

Setup Requirements

  • ⚠️Requires Python 3.11 or higher.
  • ⚠️Requires 'pipx' or 'uv' for recommended installation methods.
  • ⚠️Requires a running OpenTelemetry trace backend (e.g., Jaeger, Tempo, or Traceloop), and an API key if using Traceloop.
Verified SafeView Analysis
The server connects to specified OpenTelemetry trace backends (Jaeger, Tempo, Traceloop) and can be configured with an API key for Traceloop. It can also run with an HTTP transport for network access, which would require standard network security practices. There is no indication of 'eval' or obfuscation in the provided README. Sensitive information like API keys must be secured in environment variables or configuration.
Updated: 2025-11-17GitHub
92
67
Medium Cost
Ami3466 icon

tomcp

by Ami3466

Sec8

Transforms any public website into an MCP (Model Context Protocol) server for AI tools and provides a chat interface to query the website's content.

Setup Requirements

  • ⚠️Requires a Cloudflare Workers AI binding (AI) to be configured in wrangler.toml.
  • ⚠️For paid AI models and higher rate limits, a Cloudflare Workers AI API key is required.
  • ⚠️The HTML to Markdown conversion does not execute JavaScript, so Single Page Applications (SPAs) or dynamically loaded content might not be fully captured.
Verified SafeView Analysis
The server sanitizes fetched HTML by removing script and style tags before converting to Markdown, reducing XSS risks to the AI. User API keys for Cloudflare Workers AI are stored locally in the browser and not persisted on the server. Rate limiting is implemented to prevent abuse of free AI tiers. The regex-based HTML to Markdown conversion, while adequate for 'readability parsing', might be brittle with highly complex or malformed HTML compared to a full DOM parser.
Updated: 2025-12-14GitHub
92
75
Medium Cost
nuxt-modules icon

mcp-toolkit

by nuxt-modules

Sec8

Enables Nuxt applications to expose their functionality and data to AI models via the Model Context Protocol (MCP), allowing them to act as extensible AI agents.

Setup Requirements

  • ⚠️Requires Node.js 18+ and pnpm 9.15.0+.
  • ⚠️The `zod` package is a required peer dependency.
  • ⚠️Not compatible with `nuxt generate` as it requires a running server.
  • ⚠️Executing `pnpm run dev:prepare` is necessary to generate type stubs before the first run.
  • ⚠️For full functionality of the documentation or playground apps, environment variables like `AI_GATEWAY_API_KEY` or `GITHUB_CLIENT_ID` might be required.
Verified SafeView Analysis
The module itself employs good practices like TypeScript and Zod for input validation. However, the overall security highly depends on how developers implement their MCP tool, resource, and prompt handlers. Malicious or insecurely written handlers (e.g., executing unsanitized user input) could introduce vulnerabilities. The use of `spawn` with `npx -y` for the DevTools inspector is noted but is a common pattern for development tools and not inherently malicious within this context. No hardcoded secrets were found; sensitive configurations are expected to be provided via environment variables.
Updated: 2025-12-12GitHub
PreviousPage 15 of 636Next