Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

94
151
Medium Cost
six2dez icon

burp-mcp-agents

by six2dez

Sec9

Connects Burp Suite MCP Server to AI backends (Codex, Gemini, Ollama, LM Studio) for assisted, non-destructive vulnerability analysis using real Burp traffic.

Setup Requirements

  • ⚠️Requires Burp Suite MCP Server extension to be installed and enabled.
  • ⚠️Requires Caddy reverse proxy to normalize traffic headers for stable SSE connectivity.
  • ⚠️Requires a specific AI backend (Codex, Gemini, Ollama, or LM Studio) to be installed and configured, often with local models downloaded or cloud accounts authenticated.
Verified SafeView Analysis
The system is explicitly designed for local, trusted use and warns against exposing the Caddy proxy (listening on 127.0.0.1:19876) externally. All direct agent-to-Burp/LLM communication components bind to localhost by default. Cloud backends (Codex, Gemini) will transmit prompts and tool call details to their respective external APIs, but the raw Burp traffic is processed locally by the agents before being summarized for the LLM. The LM Studio default API key 'lm-studio' is a placeholder for a local server and not a sensitive secret. No 'eval' or obvious obfuscation detected.
Updated: 2026-01-19GitHub
94
419
Low Cost
whillhill icon

mcpstore

by whillhill

Sec2

Orchestrate Microservice Context Protocol (MCP) services and adapt them for integration with various AI frameworks like LangChain, managing tools and their lifecycle.

Setup Requirements

  • ⚠️Requires Python 3.9+.
  • ⚠️Optional Redis instance required if `external_db` is configured, along with `pip install mcpstore[redis]`.
  • ⚠️Local services configured via `command` require the specified executables (e.g., `npx`) to be available in the server's environment.
Review RequiredView Analysis
The API endpoint `/for_store/add_service` (and similarly for agents) allows adding services by providing a `command` and `args` field. This enables direct remote code execution (RCE) on the host system if the API is exposed to untrusted clients. The default CORS setting `allow_origins=['*']` further widens the attack surface. There is no explicit sandboxing for these local command executions in the provided source code.
Updated: 2026-01-12GitHub
94
229
Low Cost
aws icon
Sec8

Facilitates secure communication between Model Context Protocol (MCP) clients and AWS-hosted MCP servers by handling AWS IAM (SigV4) authentication.

Setup Requirements

  • ⚠️Requires pre-configured AWS credentials (CLI, environment variables, or IAM roles) for SigV4 authentication to function.
  • ⚠️Requires Python 3.10+ and the `uv` package manager for execution.
  • ⚠️An existing, accessible Model Context Protocol (MCP) server, preferably secured with AWS IAM, is necessary as an upstream endpoint.
Verified SafeView Analysis
The project leverages standard AWS SDKs (boto3, botocore) for secure SigV4 authentication, reducing common credential-handling risks. It includes a `ToolFilteringMiddleware` to disable tools requiring write permissions, enhancing security. Input validation is performed for CLI arguments. A monkey patch to `fastmcp` exists to fix a specific error propagation issue, which is a controlled modification for protocol correctness. No direct `eval` or `exec` usage was found. Potential network risks could arise if configured with an untrusted upstream MCP endpoint that exploits `httpx`'s default `follow_redirects` or sends excessively large/malformed error responses, though these are standard HTTP client behaviors. Overall, security is well-considered, but proper AWS IAM configuration and trusted upstream services are critical.
Updated: 2026-01-19GitHub
94
158
Low Cost
gleanwork icon

remote-mcp-server

by gleanwork

Sec9

This repository provides metadata for registering the Glean Remote MCP Server with the Model Context Protocol (MCP) registry, enabling AI assistants and developer tools to securely access enterprise knowledge.

Setup Requirements

  • ⚠️The actual Glean MCP Server functionality is proprietary and hosted by Glean; this repository only contains metadata for its registry entry.
  • ⚠️To publish updates to the MCP registry from this repository, the 'mcp-publisher' CLI tool must be installed, and a hex-encoded Glean domain private key is required for authentication.
  • ⚠️Using the Glean MCP Server requires an organization-specific Glean instance URL and OAuth 2.0 authentication, configured via Glean's external documentation.
Verified SafeView Analysis
The repository explicitly states it is 'metadata-only' and does not contain the actual MCP server functionality, which is hosted by Glean and not open source. Therefore, a security audit of the actual server's runtime code (e.g., checking for 'eval', obfuscation, network risks) cannot be performed from this repository's source. The repository itself primarily contains JSON configuration and documentation. It details a secure publishing process for metadata to the MCP registry, including strong warnings against committing private keys to version control and requiring DNS-based authentication. Given this context, the repository itself demonstrates good security practices for its stated purpose as a metadata and release configuration repository.
Updated: 2026-01-19GitHub
94
167
High Cost
Mng-dev-ai icon

claudex

by Mng-dev-ai

Sec5

Self-hosted Claude AI chat interface with sandboxed code execution, offering a full IDE experience and support for multiple AI providers and extensible agents/skills.

Setup Requirements

  • ⚠️Requires Docker for local sandbox execution and all core services.
  • ⚠️Requires API keys for paid AI model providers (e.g., Anthropic, OpenRouter, Z.AI) to enable AI functionality.
  • ⚠️Requires significant system resources (minimum 4GB RAM/2 CPU/40GB Storage, recommended 8GB+ RAM/4+ CPU/80GB+ Storage) for stable operation, especially with Docker sandboxes.
Review RequiredView Analysis
The core functionality of Claudex relies on executing user-provided code in sandboxed environments, which inherently carries risks. For the Docker sandbox provider, the `api` and `celery-worker` services run with `privileged: true` and mount `/var/run/docker.sock` from the host. This grants these containers root access to the host's Docker daemon, a critical security vulnerability if the application or a component within the sandbox is compromised. While necessary for the sandbox to create isolated containers, it effectively means that a successful exploit of the application could lead to root access on the host machine. The `SECRET_KEY` has a default value for development only, and the documentation correctly warns about using a strong, unique key in production. Marketplace plugins involve downloading and potentially executing external code, which requires trust in the plugin source and vigilance against supply chain attacks. Overall, the direct Docker daemon access is the most significant concern, making it suitable only for trusted, isolated deployment environments.
Updated: 2026-01-19GitHub
93
4167
Low Cost
wgpsec icon

ENScan_GO

by wgpsec

Sec4

An OSINT (Open Source Intelligence) tool for gathering comprehensive corporate information from various public data sources, primarily for security assessments (HW/SRC scenarios).

Setup Requirements

  • ⚠️Requires manual configuration of API cookies for various data sources (e.g., Aiqicha, Tianyancha, KuaiCha) in `config.yaml`.
  • ⚠️Use of the program may lead to account anomalies or bans on target platforms.
  • ⚠️Go version >= 1.22.1 is required for building.
  • ⚠️All HTTPS requests are vulnerable to Man-in-the-Middle attacks due to disabled certificate verification.
Review RequiredView Analysis
The tool explicitly disables TLS certificate verification (`InsecureSkipVerify: true`) for all HTTPS connections. This is a critical vulnerability that makes all network communications susceptible to Man-in-the-Middle (MiTM) attacks, compromising data integrity and confidentiality. While the tool's intended use is OSINT, this fundamental flaw severely undermines the security of its operations. Configuration values for sensitive items like API cookies are read from a YAML file, `config.yaml`, which should be secured.
Updated: 2026-01-05GitHub
93
524
Low Cost
TensorBlock icon

awesome-mcp-servers

by TensorBlock

Sec10

A comprehensive collection of Model Context Protocol (MCP) servers, standardizing AI application context provision.

Verified SafeView Analysis
This repository is a static collection of markdown files listing Model Context Protocol (MCP) servers. It does not contain executable server code that runs within this repository itself. Therefore, there are no inherent security risks from the repository's content. Security concerns would arise from interacting with the *listed* third-party MCP servers, which is outside the scope of analyzing this specific repository.
Updated: 2026-01-19GitHub
93
489
Medium Cost
jonigl icon
Sec7

An interactive terminal client for connecting local Ollama LLMs to Model Context Protocol (MCP) servers, enabling advanced tool use and workflow automation for local LLMs.

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️Requires Ollama to be running locally.
  • ⚠️Requires the 'uv' package manager for installation from source or using 'uvx'.
  • ⚠️Auto-discovery of servers from Claude's configuration is macOS-specific.
Verified SafeView Analysis
The client allows executing external MCP server scripts (Python or JavaScript) and connecting to arbitrary HTTP/SSE server URLs. While the client's own code appears robust, the core functionality involves launching external processes (`subprocess.run` in dev scripts, `os.system` for console clearing is benign) or connecting to user-defined network endpoints. The primary security risk stems from configuring or connecting to untrusted MCP servers or server configurations, as these can execute arbitrary commands or interact with external services. The Human-in-the-Loop (HIL) feature provides a crucial mitigation by allowing users to review and approve tool executions before they run, but this does not cover the initial launch of potentially malicious server scripts.
Updated: 2026-01-18GitHub
93
779
Medium Cost
erwinkramer icon

bank-api

by erwinkramer

Sec9

A design reference project for building a compliant and modern bank API, exposed via Model Context Protocol.

Setup Requirements

  • ⚠️.NET 10 SDK is required.
  • ⚠️Docker runtime must be running to utilize Aspire orchestration and its dashboard.
  • ⚠️Relies on Aspire for development bootstrapping and orchestration, requiring familiarity with Aspire concepts.
  • ⚠️Integrating with Claude requires specific `claude_desktop_config.json` configuration for the `mcp-remote` client.
Verified SafeView Analysis
The project demonstrates a strong commitment to API security and compliance by adhering to OWASP API Security Top 10, OpenAPI Specification, and data protection regulations (GDPR, CCPA). It implements JSON Web Signature (JWS) for response signing and JSON Web Key Sets (JWKS) for validation. Multiple authentication methods (API Key, JWT, OpenID Connect, OAuth2) are supported. Configuration values for Entra ID are present in appsettings.json, which are public IDs, but for a production setup, secret management would be ideal for sensitive identifiers. No 'eval', obfuscation, or malicious patterns were identified.
Updated: 2026-01-18GitHub
93
120
Medium Cost

PowerBI-Desktop-MCP

by maxanatsko

Sec10

Enables AI assistants to programmatically interact with Power BI Desktop models for data exploration, analysis, and modification.

Setup Requirements

  • ⚠️Requires Windows 10/11 operating system.
  • ⚠️Requires Power BI Desktop to be installed.
  • ⚠️Requires a compatible AI assistant: Claude Desktop, Claude Code, or VS Code (1.102+) with GitHub Copilot.
Verified SafeView Analysis
The server explicitly states it runs locally, performs zero data collection, tracking, or telemetry, and does not send any data externally. It acts as a local pass-through. The privacy risks lie solely with the AI assistant chosen, which is clearly communicated.
Updated: 2025-11-17GitHub
92
194
Low Cost
dorcha-inc icon

orla

by dorcha-inc

Sec6

Orla acts as a runtime for Model Context Protocol (MCP) servers, enabling the execution of lightweight open-source AI agents and command-line tools locally.

Setup Requirements

  • ⚠️Requires Go 1.25+ to build from source.
  • ⚠️Requires Ollama for local LLM inference (installed by default, but can be skipped for remote Ollama setup).
  • ⚠️Requires Git for installing tools from the official registry.
Verified SafeView Analysis
The server's core functionality involves executing arbitrary user-defined tools from the filesystem. While `os.OpenRoot` is used to prevent path traversal when loading manifests and parsing shebangs within tool directories, there is no built-in sandboxing for the tools themselves. This means a malicious or improperly configured tool could potentially perform actions outside its intended scope on the host machine. The `SECURITY.md` explicitly states: 'orla executes tools from the filesystem. Ensure tools are from trusted sources.' When running in HTTP mode, there is no built-in authentication, requiring users to manage network-level access and firewall rules if exposed. No hardcoded secrets were identified.
Updated: 2026-01-07GitHub
92
88
High Cost
Shelpuk-AI-Technology-Consulting icon

kindly-web-search-mcp-server

by Shelpuk-AI-Technology-Consulting

Sec7

Provides web search with robust, LLM-optimized content retrieval from various sources (StackExchange, GitHub, Wikipedia, arXiv, and general webpages) for AI coding assistants.

Setup Requirements

  • ⚠️Requires at least one search provider API key: `SERPER_API_KEY`, `TAVILY_API_KEY`, or `SEARXNG_BASE_URL`.
  • ⚠️A Chromium-based browser (Chrome/Chromium/Edge/Brave) must be installed locally for universal HTML content retrieval; `KINDLY_BROWSER_EXECUTABLE_PATH` may be needed.
  • ⚠️Python 3.13+ is required (Python 3.14 is supported, but advanced PDF features may be disabled due to `onnxruntime` availability).
Verified SafeView Analysis
The server uses `subprocess.create_subprocess_exec` to run a headless Chromium browser for universal HTML scraping, which is standard for browser automation but introduces a larger attack surface. The `--no-sandbox` option for Chromium can be enabled via environment variable, reducing browser isolation. Sensitive API keys are loaded from environment variables, which is standard but requires secure environment management. Input parsing for `SEARXNG_HEADERS_JSON` includes JSON validation to prevent arbitrary code execution. Efforts are made to ensure proxy settings do not interfere with local connections and to clean up temporary directories.
Updated: 2026-01-18GitHub
PreviousPage 15 of 760Next