Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(7632)

92
418
Medium Cost
jonigl icon
Sec6

An interactive terminal client for connecting local Ollama LLMs to Model Context Protocol (MCP) servers, enabling advanced tool use and workflow automation.

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️Requires Ollama to be running locally (`ollama serve`).
  • ⚠️Requires MCP servers to be installed and running, or accessible via URL, for tool functionality.
  • ⚠️Installation recommends `uv` package manager, but `pip` also works.
Review RequiredView Analysis
The client's core functionality involves executing external scripts (.py or .js) or commands defined in JSON configuration files, and connecting to arbitrary network URLs specified by the user. This means the client will execute code or connect to services from paths/URLs provided through command-line arguments or configuration files. This design requires a high degree of trust in the MCP servers and configurations provided by the user. Malicious scripts or configurations could lead to arbitrary code execution on the local machine with the user's privileges, or connection to malicious network endpoints. The client itself does not contain obvious vulnerabilities like SQL injection or direct `eval` of untrusted user input, but its operational model inherently grants broad permissions based on user-supplied inputs.
Updated: 2025-12-10GitHub
92
83
High Cost

easy-code-reader

by FangYuan33

Sec8

Provides a Model Context Protocol (MCP) server for AI assistants to intelligently read Java source code from local projects and Maven dependencies, supporting decompilation and multi-module analysis.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Requires Java Development Kit (JDK) 8 or higher for decompilers.
  • ⚠️Requires `uv` package manager (installed via `curl` or `powershell`), or `uvx` must be executable.
  • ⚠️Manual configuration of `--maven-repo` and `--project-dir` paths is required in the MCP client setup for the tool to function correctly.
Verified SafeView Analysis
The tool's core functionality involves reading and potentially decompiling local files from specified project and Maven repository directories. While this is its intended purpose, users should be cautious about granting it access to highly sensitive file system paths via `--project-dir` and `--maven-repo` configurations, and ensure the `easy-code-reader` package itself is sourced from a trusted repository, as `uvx` downloads and executes it. It does not appear to have extraneous network risks or 'eval' vulnerabilities.
Updated: 2025-11-17GitHub
91
200
High Cost

gemini-flow

by clduab11

Sec7

An AI workflow orchestration and execution platform that enables visual programming and integrates with Google's Gemini and Vertex AI services.

Setup Requirements

  • ⚠️Requires a Google Cloud Project with Vertex AI API access enabled (may incur costs for API usage).
  • ⚠️Docker and Docker Compose are required for local setup and execution.
  • ⚠️Node.js (with npm or yarn) is needed for development and building processes.
Verified SafeView Analysis
Network risks are inherent due to client-server architecture and integration with external AI APIs (Gemini, Vertex AI). The presence of a dedicated 'security' directory and Docker security scripts suggests attention to security, but specific code-level vulnerabilities cannot be assessed without access to the codebase. Users should ensure API keys are securely managed.
Updated: 2025-11-18GitHub
91
520
High Cost
TM9657 icon

flow-like

by TM9657

Sec7

A visual workflow automation platform designed to build, execute, and monitor automated workflows with a focus on data lineage, type safety, and AI integration for various deployment environments (desktop, cloud, edge).

Setup Requirements

  • ⚠️Requires Rust toolchain (compiler, cargo) installed.
  • ⚠️Requires Bun runtime for build scripts and frontend bundling (alternative: Node.js + npm install -g bun).
  • ⚠️Requires Tauri system dependencies (OS-specific build tools for desktop applications like WebKit on Linux).
  • ⚠️Requires Protobuf compiler (protoc) for Rust dependencies.
  • ⚠️Local AI model execution (e.g., llama.cpp models) may require Ollama runtime installed and running.
  • ⚠️Cloud AI models and other integrations require API keys for external services (e.g., OpenAI, OpenRouter, GitHub, AWS).
Verified SafeView Analysis
The project leverages Rust and Tauri for its core, offering strong memory safety. It uses established cryptographic libraries (chacha20poly1305, argon2, jsonwebtoken) for app archive encryption and JWT authentication. Authentication relies on JWTs and OAuth, handling API keys through environment variables or secure storage, which is good practice. Extensive third-party API integrations (LLMs, GitHub, Notion, Microsoft Graph, Stripe) introduce external dependencies and require diligent API key management. The workflow execution engine, with its custom node logic, is a critical component where vulnerabilities could arise if custom nodes are untrusted or improperly implemented. Specific attention should be paid to `SQL Filter` inputs in database nodes to prevent SQL injection. Deep linking and custom event sinks expose local services, requiring robust URL and payload validation. Real-time collaboration uses JWT for peer authentication, demanding careful key management. Overall, security is a stated concern with dedicated mechanisms, but the inherent extensibility and broad integrations necessitate caution.
Updated: 2025-12-12GitHub
91
169
Medium Cost
homeassistant-ai icon

ha-mcp

by homeassistant-ai

Sec7

Provides a Model Context Protocol (MCP) server for AI agents to control and query Home Assistant through REST API and WebSocket, offering enhanced smart home automation tools.

Setup Requirements

  • ⚠️Requires a running Home Assistant instance and a long-lived access token (`HOMEASSISTANT_TOKEN`).
  • ⚠️Requires the Home Assistant URL (`HOMEASSISTANT_URL`).
  • ⚠️Advanced tools (e.g., filesystem access, MCP custom component installation) are disabled by default and require specific environment variables to be enabled (e.g., `HAMCP_ENABLE_FILESYSTEM_TOOLS=true`).
  • ⚠️Some tools depend on HACS (Home Assistant Community Store) being installed and configured within Home Assistant.
  • ⚠️Filesystem access tools require the `ha_mcp_tools` custom component to be installed in Home Assistant (can be done via `ha_install_mcp_tools` tool).
Verified SafeView Analysis
The server uses feature flags to disable potentially sensitive tools by default (e.g., filesystem access, HACS component installation). Filesystem operations are delegated to a custom Home Assistant component, leveraging Home Assistant's internal security model, which is a good practice. However, tool call parameters, which might contain sensitive data, are logged internally. While a bug report anonymization guide is provided, internal logging without explicit redaction/masking for parameters is a potential minor data leakage risk. Standard network security (HTTPS, API tokens) is assumed to be managed by the Home Assistant instance.
Updated: 2025-12-14GitHub
91
48
Low Cost
mrexodia icon

zeromcp

by mrexodia

Sec8

A minimal, pure Python Model Context Protocol (MCP) server for exposing tools, resources, and prompts via HTTP/SSE and Stdio transports.

Setup Requirements

  • ⚠️Requires Python 3.11 or newer.
  • ⚠️Basic Python knowledge is needed to define and register functions as tools, resources, or prompts.
  • ⚠️For HTTP transport, a free port must be available.
Verified SafeView Analysis
The server uses Python's built-in `http.server` modules, which are generally safe for controlled environments but may lack advanced production-grade security features. It correctly implements CORS with a sensible default of allowing localhost origins, and configurable options for more restrictive or permissive policies. A `post_body_limit` is in place to prevent overly large payloads. The core logic for dispatching calls to registered functions is safe as it relies on explicit function registration by the developer, not arbitrary code execution. By default, exceptions expose full tracebacks, which is useful for development but should be redacted in production (configurable via `registry.redact_exceptions = True`) to prevent information leakage.
Updated: 2025-12-04GitHub
90
36
High Cost
iconben icon

z-image-studio

by iconben

Sec8

Provides a local image generation toolkit with CLI, Web UI, and MCP server interfaces using the Z-Image-Turbo model, optimized for local hardware (especially Apple Silicon).

Setup Requirements

  • ⚠️Requires Python >= 3.11.
  • ⚠️Image generation is compute-intensive and requires substantial RAM/VRAM; CPU fallback is very slow.
  • ⚠️Models are downloaded from Hugging Face on first use, which can take time and bandwidth.
Verified SafeView Analysis
The server uses FastAPI with basic path traversal protection for file serving and download. LoRA file uploads are restricted by size and file type (.safetensors) and include hash checks for existing files. Database interactions use parameterized queries to prevent SQL injection. No 'eval' or obvious malicious patterns found. Main risks stem from underlying dependencies or user misconfiguration.
Updated: 2025-12-14GitHub
90
42
Medium Cost
iceener icon
Sec4

Manages Google Calendar events, checks availability, and schedules meetings via the Model Context Protocol (MCP) using OAuth 2.1.

Setup Requirements

  • ⚠️Requires a Google Cloud Project with the Calendar API enabled and OAuth 2.0 credentials configured (Client ID, Client Secret, redirect URIs).
  • ⚠️Requires explicit configuration of `OAUTH_REDIRECT_URI` and `OAUTH_REDIRECT_ALLOWLIST` in both the server's environment and the Google Cloud OAuth client settings to avoid redirect_uri_mismatch errors.
  • ⚠️For secure token storage, a 32-byte base64url encryption key must be provided via `RS_TOKENS_ENC_KEY` (Node.js) or `TOKENS_ENC_KEY` (Cloudflare Worker). Without it, OAuth tokens are stored unencrypted.
Review RequiredView Analysis
The server explicitly states that its HTTP/OAuth layer is for development convenience and not production-grade security. Critical security gaps include: 1) The `isAllowedOrigin` function (for origin validation) is a placeholder returning `true` in production, making it vulnerable to CSRF/SSRF unless manually implemented. 2) The `wrangler.toml` defaults `OAUTH_REDIRECT_ALLOW_ALL` to `true`, a severe OAuth vulnerability if not set to `false` in production. 3) While token encryption is available via `RS_TOKENS_ENC_KEY` or `TOKENS_ENC_KEY`, it's optional, and skipping it results in plaintext storage of OAuth tokens, a major security risk. The server uses Zod for input validation and PKCE for OAuth, which are good practices, but the mentioned issues require immediate attention for any remote deployment.
Updated: 2025-12-09GitHub
90
345
Low Cost
agentic-community icon

mcp-gateway-registry

by agentic-community

Sec9

Provides an interface for AI agents and administrators to interact with and manage the MCP Gateway Registry, including registering services, managing agents, configuring access control, and performing semantic tool discovery.

Setup Requirements

  • ⚠️Requires Python 3.12+ (as specified in pyproject.toml)
  • ⚠️Requires external identity provider setup (e.g., AWS Cognito, Keycloak, Microsoft Entra ID) for full authentication functionality.
  • ⚠️Critical environment variables (SECRET_KEY, ADMIN_PASSWORD) must be securely configured; SECRET_KEY is randomly generated on startup if not set, leading to session loss on restart.
  • ⚠️FAISS index and embedding models are loaded from host-mounted volumes; initial setup or regeneration may be required if these are missing or corrupted.
Verified SafeView Analysis
The project demonstrates strong security practices including fine-grained access control (FGAC) for servers/tools, comprehensive redaction/masking of sensitive data in logs (IPs, usernames, API keys, headers), externalized secrets management (SECRET_KEY) for sessions and self-signed JWTs, and support for enterprise-grade authentication providers (Keycloak, Cognito, Entra ID). It also implements basic rate limiting for token generation. Admin credentials for internal APIs (`REGISTRY_USERNAME`, `REGISTRY_PASSWORD`) are sensitive and require secure handling. The integrity of mounted FAISS index and metadata files (user-controlled) is crucial, though these files are less prone to executable code.
Updated: 2025-12-14GitHub
90
289
Medium Cost
DaxianLee icon

cocos-mcp-server

by DaxianLee

Sec1

Enables AI assistants to interact with the Cocos Creator editor through a Model Context Protocol (MCP) server, providing control over scene, node, component, asset, and project operations.

Setup Requirements

  • ⚠️Requires Cocos Creator 3.8.6+ to be installed and running.
  • ⚠️Manual installation involves copying files to the `extensions` directory, running `npm install`, and `npm run build` within the plugin folder.
  • ⚠️The plugin must be enabled and the server started manually from within the Cocos Creator editor's extension panel.
Review RequiredView Analysis
CRITICAL RISK: The `debug_execute_script` tool (found in `source/tools/debug-tools.ts`) allows arbitrary JavaScript code execution within the Cocos Creator editor's scene context via a direct `eval` call. This constitutes a Remote Code Execution (RCE) vulnerability if an AI client is compromised or a malicious prompt is executed. While the server defaults to binding to `127.0.0.1`, the `Access-Control-Allow-Origin: *` header in `source/mcp-server.ts` implies it could be configured for broader network access, escalating the risk significantly. Even with local-only access, this feature could lead to severe compromise of the project or local system if exploited.
Updated: 2025-11-19GitHub
90
38
Medium Cost
aplaceforallmystuff icon

mcp-arr

by aplaceforallmystuff

Sec9

Manages and monitors *arr media applications (Sonarr, Radarr, Lidarr, Readarr, Prowlarr) and provides access to TRaSH Guides via the Model Context Protocol.

Setup Requirements

  • ⚠️Requires Node.js 18+ to be installed.
  • ⚠️At least one *arr media management application (Sonarr, Radarr, Lidarr, Readarr, or Prowlarr) must be running and accessible.
  • ⚠️API keys for each configured *arr application are mandatory environment variables for that service.
Verified SafeView Analysis
The server securely handles API keys via environment variables. It uses standard `fetch` for network requests to *arr applications and GitHub, which is generally safe. No `eval` or code obfuscation found. Network requests are made to legitimate and expected endpoints. Input validation and sanitization appear to be handled by the underlying `@modelcontextprotocol/sdk` and the specific *arr APIs.
Updated: 2025-12-01GitHub
89
451
Low Cost
maquina-app icon

rails-mcp-server

by maquina-app

Sec5

A Ruby implementation of a Model Context Protocol (MCP) server for Rails projects, allowing LLMs to interact with Rails codebases for analysis, exploration, and development assistance.

Setup Requirements

  • ⚠️Requires a functional Ruby and Rails environment on the host system to interact with target Rails projects.
  • ⚠️Users of Ruby version managers (e.g., rbenv, RVM) might need to manually configure client integrations (like Claude Desktop) to use the correct Ruby shim path.
  • ⚠️Requires a `projects.yml` configuration file specifying target Rails projects, or setup via the `rails-mcp-config` TUI; the server will exit if no projects are configured.
Review RequiredView Analysis
The server uses `eval` in the `get_schema` analyzer on introspection results from ActiveRecord, which carries inherent risks if the Rails project or its ActiveRecord extensions are compromised. It also executes direct shell commands (`git ls-files`, `bin/rails runner`) via `Open3.capture3` and backticks. While `execute_ruby` employs extensive sandboxing to restrict file I/O, network, and system calls, this sandboxing does not apply to other analyzers, leaving potential attack vectors. Operating in HTTP mode with `--bind-all` increases the network attack surface, although built-in security features are claimed. The security relies heavily on the trustworthiness of the target Rails project being analyzed.
Updated: 2025-12-11GitHub
PreviousPage 16 of 636Next