Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

34
1
Low Cost
PierrunoYT icon

fal-reve-mcp-server

by PierrunoYT

Sec8

Provides a Model Context Protocol (MCP) server for generating high-quality text-to-image outputs using the FAL AI Reve model.

Setup Requirements

  • ⚠️Requires Node.js 18 or higher.
  • ⚠️Requires a FAL AI API key, which incurs costs for image generation.
  • ⚠️If installing locally, requires `npm install` and `npm run build` after cloning.
Verified SafeView Analysis
The server handles API keys robustly by checking for `FAL_KEY` environment variable and providing an error message if missing, rather than crashing. Local file writing for generated images is protected by sanitizing filenames and creating directories safely, mitigating path traversal. The `downloadImage` function fetches images from URLs provided by the FAL AI API. While the URLs are not directly user-controlled in this flow, a theoretical (though unlikely) risk of Server-Side Request Forgery (SSRF) could exist if the FAL AI service itself were compromised to return malicious internal network URLs. No 'eval' or other highly dangerous dynamic code execution patterns are observed. The `cost_class` and `avg_tokens_per_call` refer to the textual input/output between the MCP client and this server, not the underlying (and potentially higher) cost of the FAL AI image generation itself.
Updated: 2025-11-24GitHub
34
5
Low Cost
rohitsoni007 icon

mcp-gearbox-cli

by rohitsoni007

Sec9

A command-line interface (CLI) tool for setting up Model Context Protocol (MCP) servers for various AI agents, handling download, configuration, and removal of server settings.

Setup Requirements

  • ⚠️Requires Python 3.11+.
  • ⚠️The `uv` package manager is recommended for installation and dependency management.
  • ⚠️Some underlying MCP servers, if installed via this tool, might require `Node.js`/`npm` (`npx`) or `uv` (`uvx`).
Verified SafeView Analysis
The tool uses `subprocess.run` to check for installed CLI agents, with hardcoded commands, mitigating the risk of arbitrary code execution. Network requests (`httpx`) are made to trusted GitHub and MCP API endpoints for downloading server configurations. File operations are scoped to user/project configuration directories and temporary files. No explicit hardcoded secrets are present; GitHub tokens are read from environment variables if provided, but are not actively used for current core functionality (downloading public server lists). `truststore` is used for SSL context.
Updated: 2025-11-20GitHub
34
5
High Cost
AutodeskFusion360 icon

FusionMCPSample

by AutodeskFusion360

Sec2

Provides an HTTP API for Fusion 360, enabling AI assistants to programmatically interact with CAD models, execute scripts, retrieve design information, and capture screenshots.

Setup Requirements

  • ⚠️Requires Fusion 360 to be installed and running.
  • ⚠️The server binds to `localhost:9100`; this port must be available.
  • ⚠️Requires specific client-side configuration (e.g., Cursor, Claude with `mcp-remote` and Node.js) to connect to the local MCP server.
Review RequiredView Analysis
The `execute_api_script` tool allows arbitrary Python code execution within the Fusion 360 environment via `app.executeTextCommand('Python.Run "{temp_file}"')`. This means any client capable of calling this endpoint (e.g., an AI assistant) can execute any code, including file system access, network requests, and manipulation of the Fusion 360 application. While this is an intentional feature for the add-in's purpose of AI control, it represents a significant security risk from a general software perspective. The server binds to `localhost:9100`, limiting direct external network exposure, but a compromised local process or misuse by the AI could still lead to system compromise or data loss. No hardcoded secrets or obvious obfuscation found.
Updated: 2026-01-06GitHub
34
2
Low Cost

This package provides a GitHub API client for integration with an MCP (Model Context Protocol) server, enabling automation of GitHub tasks.

Setup Requirements

  • ⚠️Requires a GitHub Personal Access Token (PAT) for authentication, which must be set as an environment variable (GITHUB_TOKEN).
  • ⚠️The PAT needs specific scopes depending on the operations performed (e.g., 'repo' for repository management, 'workflow' for GitHub Actions, 'admin:repo_hook' for webhooks, 'admin:org' for organization operations).
  • ⚠️This project is a library providing the MCPServer class, not a standalone executable server. There is no direct 'run server' command; it's designed to be integrated into another application that calls its `handleRequest` method.
Verified SafeView Analysis
The code itself follows good security practices by recommending environment variables for tokens and using a reputable API client library (@octokit/rest). Method dispatching is explicit, preventing arbitrary code execution. The main security considerations are external to the code: users must securely manage their GitHub Personal Access Token and grant only the minimal required scopes, as explicitly warned in the documentation.
Updated: 2025-11-20GitHub
34
3
High Cost
northernvariables icon

CanadaGPT

by northernvariables

Sec4

Provides an LLM-powered conversational interface and knowledge graph for Canadian federal parliamentary and legal information, including MPs, bills, votes, debates, lobbying, and financial data.

Setup Requirements

  • ⚠️Requires a running Neo4j database instance (local or cloud) with a specific schema deployed (17 constraints, 23 indexes).
  • ⚠️Requires a PostgreSQL database for the OpenParliament data dump (1.3GB download and load via `scripts/setup_openparliament_db.sh`).
  • ⚠️Requires a Supabase project for user authentication, chat history, billing, and API key management, involving significant database setup and migrations.
  • ⚠️Requires API keys for external services like Anthropic, OpenAI, and CanLII (optional for legal data).
Review RequiredView Analysis
The project demonstrates strong intentions for security, including DoS prevention, robust API key management (SHA-256 hashing, tiered permissions), rate limiting, error sanitization, and mandatory GCP Secret Manager integration for production. However, several critical security tasks are explicitly listed as 'REMAINING TASKS' in the 'SECURITY_IMPLEMENTATION.md', such as full authentication integration into the GraphQL server, IP whitelisting for GraphiQL, and Neo4jGraphQL authorization. Furthermore, placeholder passwords like 'REDACTED_NEO4J_PASSWORD' are present as default values in environment variable lookups and Docker configurations, posing a significant risk if not overridden, particularly in non-production environments.
Updated: 2026-01-19GitHub
34
4
High Cost
Sec7

A high-performance, clustered key-value store with various interfaces (HTTP, WS, SSE) and a UI, designed to function as an MCP server for Agentic AI and LLM workflows.

Setup Requirements

  • ⚠️Requires Docker for local development and deployment.
  • ⚠️Requires Kubernetes (Minikube/Helm) for clustered deployments.
  • ⚠️Multiple environment variables must be correctly configured for inter-service communication and observability tools.
  • ⚠️For local Kubernetes environments like Minikube, Docker images need to be pre-loaded into the cluster's image registry due to `imagePullPolicy: Never` for some deployments.
Verified SafeView Analysis
Environment variables are used for service endpoints (e.g., AERON_CACHE_API, JAEGER, PROMETHEUS, AERON_CACHE_WS_API, AERON_CACHE_SSE_API), which is a good practice to avoid hardcoding sensitive information. Basic input validation for `cacheId` is present in the UI. However, the `cache-ui/nextjs/next.config.ts` explicitly sets `eslint: { ignoreDuringBuilds: true, }`, which is a significant code quality and potential security risk as it can suppress important warnings that might indicate vulnerabilities or bad practices. The `cache-mcp` component relies on a third-party Docker image (`ghcr.io/brizzai/auto-mcp:latest`), requiring trust in its security and maintenance. No direct `eval` or similar dangerous patterns were observed in the provided snippets.
Updated: 2026-01-17GitHub
34
3
Medium Cost
trevorsandy icon

ai-suite

by trevorsandy

Sec7

An end-to-end suite for self-hosting AI agents, LLMs, and automation workflows locally or in the cloud.

Setup Requirements

  • ⚠️Requires extensive manual generation and configuration of numerous secure secrets and passwords in the `.env` file.
  • ⚠️Complex Docker/GPU setup with different profiles (Nvidia, AMD, CPU) and host vs. containerized Ollama configurations, requiring specific command-line flags.
  • ⚠️Post-installation configuration required within n8n (webhook URLs, API keys, credentials for Ollama, Qdrant, Postgres, Google Drive) and Open WebUI (copying Python function code, setting webhook/API URLs).
Verified SafeView Analysis
The project uses Docker Compose to isolate services, and `docker-compose.override.private.yml` binds ports to localhost (127.0.0.1) for local deployments, enhancing security. However, for 'public' deployments, the `README.md` explicitly warns that `ufw` does not shield Docker-published ports, requiring careful network configuration (e.g., all traffic through Caddy on 443). The `suite_services.py` attempts to generate a `searxng` secret key, but if this fails, a default 'ultrasecretkey' is used. The `n8n_Pipeline.py` uses `aiohttp.ClientSession(trust_env=True)` which could be a risk if the host environment variables are compromised. The project provides comprehensive instructions for securing credentials, but the sheer number of required secrets increases the potential for misconfiguration by the user.
Updated: 2026-01-19GitHub
34
1
Medium Cost
everruns icon

fetchkit

by everruns

Sec9

AI-friendly web content fetching and HTML conversion, designed for consumption by Large Language Models.

Setup Requirements

  • ⚠️Requires Rust toolchain (cargo) for building/installation.
  • ⚠️The provided LangChain example requires OPENAI_API_KEY (paid service).
Verified SafeView Analysis
The server appears well-structured with no immediate signs of 'eval', obfuscation, or hardcoded secrets. It implements URL filtering, which is a good security practice. Custom HTML parsing and base64 decoding are potential, though minor, attack surfaces if bugs were present; however, they are designed for content processing rather than arbitrary code execution. Network risks are inherent to web fetching but seem handled by strict timeouts and error handling.
Updated: 2026-01-18GitHub
34
3
Medium Cost
LogicStamp icon

logicstamp-mcp

by LogicStamp

Sec9

Provides AI assistants with structured access to React/TypeScript codebases through LogicStamp Context's analysis engine, enabling safe analysis, modification, and verification of code.

Setup Requirements

  • ⚠️Requires LogicStamp Context CLI to be installed globally (`npm install -g logicstamp-context`).
  • ⚠️Requires Node.js >= 18.18.0 (Node 20+ recommended).
  • ⚠️The `projectPath` parameter is CRITICAL and REQUIRED for `logicstamp_refresh_snapshot` and `logicstamp_compare_snapshot` tools; omitting it can cause hangs.
Verified SafeView Analysis
The server is designed as a 'thin read-only wrapper' and communicates via stdio, meaning no network ports are opened. It relies on the `stamp context` CLI for core analysis, which includes 'Automatic Secret Protection' (replacing secrets with 'PRIVATE_DATA' in generated context, not modifying source files). Commands executed via `child_process.exec` are carefully constructed with predefined flags and use `projectPath` as the working directory, mitigating direct command injection. Path resolution via `path.resolve` helps prevent path traversal within the specified `projectPath`. The server's operations are confined to the provided project directory.
Updated: 2026-01-17GitHub
34
5
High Cost
Sec7

A multi-agent LLM orchestration platform for IT incident investigation and customer support, integrating various LLM providers, external services (New Relic, Sentry, AWS ECS, AWS RDS, MCP tools), and RAG capabilities via Fastify API or Slack bot.

Setup Requirements

  • ⚠️Requires AWS credentials configured with appropriate permissions for Bedrock, ECS, RDS, CloudWatch, Performance Insights, and OpenSearch.
  • ⚠️Requires at least one LLM provider (e.g., AWS Bedrock, OpenAI, Groq, or local Ollama) configured and accessible.
  • ⚠️Requires external services like Redis (for chat history), Qdrant (vector database), Unstructured API (for document loading), and various Model Context Protocol (MCP) servers (Brave Search, Context7, Kubernetes) to be running and configured for full functionality.
  • ⚠️For multi-agent features, API keys/tokens for New Relic, Sentry, and GitHub are necessary for their respective expert agents to operate.
Review RequiredView Analysis
The server employs structured output parsing (Zod) for LLM responses, which significantly mitigates arbitrary code execution via prompt injection. Fastify security plugins (helmet, cors, rate-limit) are in place, and secrets are managed via configuration files/environment variables. However, the multi-agent system's primary '/investigate' endpoint accepts freeform user queries. If an LLM is jailbroken, it could potentially generate malicious New Relic Query Language (NRQL) or CloudWatch Logs Insights queries, even if the SELECT clauses are fixed. These queries, if crafted maliciously, could lead to information disclosure from connected observability platforms or AWS resources. The system actively interacts with sensitive external APIs (AWS, New Relic, Sentry, GitHub), requiring robust authentication and least-privilege configurations for all external services.
Updated: 2026-01-17GitHub
34
3
Medium Cost
jhomen368 icon

overseerr-mcp

by jhomen368

Sec9

Provides AI assistants with direct integration to Overseerr for automated media discovery, requests, and management within a Plex ecosystem.

Setup Requirements

  • ⚠️Requires a running Overseerr instance (self-hosted or managed).
  • ⚠️Requires Node.js 18.0 or higher.
  • ⚠️Mandatory environment variables: OVERSEERR_URL and OVERSEERR_API_KEY must be configured.
Verified SafeView Analysis
The project demonstrates a very strong security posture. It uses environment variables for sensitive data (API keys) and implements robust input validation for both the Overseerr URL and API key format. Automated security scanning (Dependabot, CodeQL, Trivy) is integrated into the CI/CD pipeline, and Docker images are hardened (non-root user, multi-stage builds, Alpine base, dumb-init). No 'eval' or other obviously dangerous patterns were found in the provided source code. Error handling for API calls is structured.
Updated: 2026-01-14GitHub
34
4
Low Cost

Serves as a Model Context Protocol (MCP) gateway, enabling generative AI applications to interact with backend systems like Apache OFBiz through dynamically loaded tools and RESTful APIs.

Setup Requirements

  • ⚠️Requires an Apache OFBiz instance (or similar REST API backend) with the `rest-api` plugin installed.
  • ⚠️Sensitive configuration details and access tokens are stored directly in `config.json` by default, which is not ideal for production secret management.
  • ⚠️Requires Node.js and npm for building and running the server.
Review RequiredView Analysis
The server dynamically loads tools from a configurable `toolsFolderPath` using `await import(toolPath)`, which poses a significant Remote Code Execution (RCE) risk if an attacker can write to this directory or if the folder is not strictly controlled. The default CORS origin in `config.json` is set to `*`, which should be restricted for production. Sensitive tokens and client secrets (`BACKEND_ACCESS_TOKEN`, `MCP_SERVER_CLIENT_ID`, `MCP_SERVER_CLIENT_SECRET`) are stored in `config.json` (as updated by `update_token.sh`), which is less secure than using environment variables or a dedicated secrets manager. Additionally, the `openid-client` library uses `allowInsecureRequests` for discovery, which could introduce a risk if the configured authorization server URL is not HTTPS.
Updated: 2026-01-19GitHub
PreviousPage 151 of 760Next