Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

33
3
Medium Cost
asachs01 icon

float-mcp

by asachs01

Sec9

Provides a Model Context Protocol (MCP) server for Float.com, enabling AI assistants to manage project management, resource allocation, time tracking, and team coordination.

Setup Requirements

  • ⚠️Requires a Float.com account with API access and a valid API key (potentially a paid service).
  • ⚠️Requires Node.js 22.0.0 or later (for local installation).
  • ⚠️Docker is recommended for deployment and often used in MCP client configurations.
Verified SafeView Analysis
The server securely retrieves the Float API key from environment variables (FLOAT_API_KEY) and implements robust error handling, including rate limiting with exponential backoff. There are no signs of 'eval' or code obfuscation. A minor point is deducted for the 'test-api-key' default in development config, though it's correctly overridden in non-test environments.
Updated: 2025-11-27GitHub
33
3
Medium Cost
yaniv-golan icon

mcp-bash-framework

by yaniv-golan

Sec9

A Bash-based framework for building and running Micro-service Context Protocol (MCP) servers, enabling the creation of custom AI-integrable tools, resources, prompts, and completions.

Setup Requirements

  • ⚠️Requires 'jq' or 'gojq' for full functionality (minimal mode available without it).
  • ⚠️Requires Bash 3.2+ for core features.
  • ⚠️External tools like 'git', 'curl', 'openssl', or domain-specific binaries may be required depending on resource/tool implementations.
Verified SafeView Analysis
The framework demonstrates a high commitment to security, especially for a Bash environment. It features robust environment isolation for subprocesses (tools, providers) to prevent information leakage and privilege escalation. Extensive path validation and root containment checks guard against path traversal. Project-level shell scripts (hooks) are subject to strict ownership and permission checks, mitigating local privilege escalation risks. Input is sanitized, heavily relying on 'jq'/'gojq' for JSON processing to reduce shell injection risks. Remote authentication with constant-time token comparison helps secure proxied deployments. Network policy functions aid in preventing Server-Side Request Forgery (SSRF). 'eval' is explicitly avoided in critical path operations.
Updated: 2026-01-19GitHub
33
1
Medium Cost
jonpspri icon

n7m-mcp

by jonpspri

Sec9

Provides AI assistants with geocoding, reverse geocoding, and OpenStreetMap object lookup capabilities via the Model Context Protocol.

Setup Requirements

  • ⚠️Requires Python 3.12 or newer.
  • ⚠️Relies on external Nominatim API, subject to its fair use policy (1 request per second).
  • ⚠️Requires `uvx` for the fastest setup as an MCP server, or `uv` for local development.
Verified SafeView Analysis
The server uses `httpx` for external API calls to Nominatim, and internally enforces Nominatim's rate limit of 1 request per second. Input parameters are type-hinted and validated using Pydantic models for API responses. No `eval` or obvious obfuscation found. Environment variables are used for configuration, preventing hardcoded secrets. The HTTP client instance is managed correctly for async operations. The primary external dependency is OpenStreetMap's Nominatim service.
Updated: 2025-11-23GitHub
33
2
Medium Cost
tellahq icon

plain-mcp

by tellahq

Sec9

This MCP server provides a comprehensive interface for managing customer support operations, help center content, and customer data within the Plain.com platform.

Setup Requirements

  • ⚠️Requires a Plain.com API key with full API permissions.
  • ⚠️Requires the Bun runtime to be installed.
  • ⚠️Requires specific configuration in Claude Code's ~/.claude.json file.
Verified SafeView Analysis
The server correctly handles API keys via environment variables, avoiding hardcoding. It uses Zod for input validation, which is a strong practice against injection vulnerabilities. All external communication is routed through the official Plain.com TypeScript SDK. No 'eval' or other highly dangerous functions are present. The code follows standard secure coding practices for an API wrapper.
Updated: 2026-01-16GitHub
33
2
Medium Cost
guerinjeanmarc icon

mcp-neo4j-graphrag

by guerinjeanmarc

Sec8

Extends Neo4j with vector search, fulltext search, and search-augmented Cypher queries to build powerful GraphRAG applications.

Setup Requirements

  • ⚠️Requires a running Neo4j database instance.
  • ⚠️Requires the Neo4j APOC plugin for schema discovery (`get_neo4j_schema_and_indexes` tool).
  • ⚠️Requires an API key for the chosen embedding model (e.g., OPENAI_API_KEY) if using a remote/paid provider.
  • ⚠️Default Neo4j connection details (URI, username, password) are insecure and must be overridden for production environments.
Verified SafeView Analysis
The server uses parameterized queries for values in most cases, mitigating standard injection risks. It explicitly checks for and prevents write Cypher queries. It includes robust output sanitization and token-aware truncation to prevent information overload or data leakage. However, the `return_properties` parameter in `vector_search` and `fulltext_search` is directly interpolated into the Cypher query, which is a minor theoretical risk if an LLM generates malicious property names, though property names are generally static schema elements. Additionally, `search_cypher_query` executes raw Cypher (read-only) provided by the LLM, relying on the LLM's adherence to safe patterns, which is a common but inherent risk in LLM agent design. Insecure default Neo4j credentials are a warning, requiring proper environment configuration for production use.
Updated: 2026-01-13GitHub
33
1
Low Cost

mcp-notes

by StarrStack

Sec8

A local server for managing, searching, and organizing personal notes with structured tags and markdown support, integrated with Claude Desktop and a web interface.

Setup Requirements

  • ⚠️Python 3.10 or higher is required.
  • ⚠️Claude Desktop application is required for core MCP server functionality.
  • ⚠️Manual configuration of Claude Desktop is required, specifying the absolute path to `server.py`.
Verified SafeView Analysis
The project involves a local Flask web server and an MCP server. While running locally reduces external network risks, the web interface handles user-provided markdown content, which could potentially expose Cross-Site Scripting (XSS) vulnerabilities if not properly sanitized during rendering. The server does not appear to use 'eval' or other dynamic code execution mechanisms based on the README. Data is stored locally in JSON files.
Updated: 2025-11-17GitHub
33
2
Low Cost
airmcp-com icon

mcp-standards

by airmcp-com

Sec9

A self-learning AI standards system that optimizes context, extracts patterns, and manages Claude's memory and preferences through a cost-efficient model routing architecture.

Setup Requirements

  • ⚠️Requires Node.js and npm to install and run the AgentDB vector store, which is a core component.
  • ⚠️Assumes integration with the Claude Code SDK/environment as it uses `mcp.server` components.
  • ⚠️Utilizes different AI models (Gemini, DeepSeek, Claude) with varying costs, requiring API keys for non-Claude models (e.g., GEMINI_API_KEY) for full cost optimization.
Verified SafeView Analysis
The system demonstrates strong security practices, including explicit path whitelisting for 'CLAUDE.md' file updates and the consistent use of parameterized queries for SQLite interactions, effectively mitigating common vulnerabilities like SQL injection and arbitrary file writes. Reliance on the 'npx agentdb' command, while standard for integrating Node.js CLI tools, introduces a dependency on the supply chain security of the 'agentdb' npm package.
Updated: 2025-11-30GitHub
33
3
Medium Cost
flor3z-github icon

redmine-mcp-server

by flor3z-github

Sec9

Enables AI assistants to interact with Redmine project management systems for issue, project, time, user, and wiki management.

Setup Requirements

  • ⚠️Requires Node.js >= 20.0.0.
  • ⚠️Requires a Redmine instance with REST API access enabled.
  • ⚠️Authentication requires either a Redmine API key or a username and password.
  • ⚠️SSL/TLS configuration (e.g., for self-signed certificates or corporate proxies) may require additional environment variables like REDMINE_SSL_VERIFY or REDMINE_CA_CERT.
Verified SafeView Analysis
The server uses `zod` for robust input validation on all tool arguments, significantly reducing the risk of injection attacks. Sensitive API keys and credentials are handled via environment variables and are not hardcoded. SSL certificate verification and custom CA certificates are supported, enhancing secure communication. The `fs.readFileSync` for `REDMINE_CA_CERT` reads a local file path, which could theoretically be abused if an attacker could control the environment variable; however, this is a standard configuration pattern and not a direct vulnerability in the code itself. Debug logging can expose tool arguments, but this is a configurable log level for development purposes.
Updated: 2025-12-04GitHub
33
3
Medium Cost
CoMfUcIoS icon

obsidian-mcp-sb

by CoMfUcIoS

Sec9

Provides secure, intelligent, read-only access to an Obsidian vault for Large Language Models (LLMs), enabling semantic search, metadata filtering, and summarization.

Setup Requirements

  • ⚠️Requires Node.js version 22.12 or higher to run.
  • ⚠️A '--vault-path' CLI argument pointing to the Obsidian vault's absolute location is mandatory for server operation.
  • ⚠️For full search and filtering functionality, Obsidian notes should adhere to a specific YAML frontmatter structure, including 'tags', 'type', 'status', 'category', 'created', and 'modified' fields. Missing or invalid frontmatter fields will be defaulted.
Verified SafeView Analysis
The server is intentionally designed as read-only, preventing any modifications to the user's Obsidian vault. It communicates via standard I/O (stdio), which limits direct network attack surface. Robust path traversal protection is implemented to ensure file access is restricted to the designated vault directory. File indexing is subject to a configurable maximum file size (default 10MB) to prevent resource exhaustion. All incoming API parameters (e.g., note types, statuses, categories, dates) undergo strict validation to prevent injection or unexpected behavior. No 'eval' or suspicious obfuscation was identified, nor were any hardcoded secrets. SQLite with WAL mode is used for efficient and concurrent database operations.
Updated: 2026-01-19GitHub
33
2
Low Cost
rhobs icon

obs-mcp

by rhobs

Sec3

An MCP (Model Context Protocol) server enabling LLMs to interact with a Prometheus monitoring instance for querying metrics.

Setup Requirements

  • ⚠️Requires a running Prometheus instance (can be local or in-cluster).
  • ⚠️Requires `uv` for evaluation setup (Python package manager).
  • ⚠️Running with `--auth-mode header` (as seen in Kubernetes deployment manifest) effectively disables authentication to Prometheus via the MCP server.
  • ⚠️Development requires Go 1.24+, Docker/Podman, Kind, and kubectl for E2E tests.
Review RequiredView Analysis
The Kubernetes deployment manifest (manifests/kubernetes/03_deployment.yaml) explicitly sets `--auth-mode header` and `--insecure`. Crucially, the source code (pkg/mcp/auth.go:getTokenFromCtx) indicates that user authentication is intentionally disabled in 'header' mode (`return ""`). This means that any client able to reach the MCP server in 'header' mode can execute arbitrary PromQL queries against the configured Prometheus instance without any authentication. This is a severe security vulnerability if the server is exposed. Additionally, the `--insecure` flag disables TLS certificate verification, posing a man-in-the-middle risk. The OpenShift deployment (manifests/openshift/02_deployment.yaml) uses `serviceaccount` mode, which has broader permissions (create/update on `prometheuses/api`) than strictly necessary for a read-only metrics tool, though mitigated by in-cluster RBAC.
Updated: 2026-01-19GitHub
33
2
High Cost

advanced-memory-mcp

by sandraschi

Sec6

An MCP server that integrates personal knowledge management through zettelkasten, knowledge graphs, and experimental Claude Skills with AI clients like Claude Desktop and Cursor IDE.

Setup Requirements

  • ⚠️Requires Python 3.11+.
  • ⚠️Windows bootstrap requires Node.js 18+, Git for Windows, and uv.
  • ⚠️First use of DOCX/EPUB export features will trigger a ~100MB download for Pandoc.
Verified SafeView Analysis
The Windows bootstrap script uses `npx github:`, directly executing remote code, which can be a supply chain risk. Additionally, certain export functionalities trigger a ~100MB auto-download of the Pandoc binary on first use, relying on an external executable.
Updated: 2025-11-17GitHub
33
3
Low Cost
Sec9

An MCP server that provides an LLM with authenticated access to a mold inventory management API, allowing it to retrieve mold data on behalf of a user.

Setup Requirements

  • ⚠️Requires extensive manual Auth0 tenant configuration, including creating applications, defining resource servers, and setting up actions via `auth0-deploy-cli`.
  • ⚠️Specific Auth0 Action secrets (DOMAIN, CLIENT_ID, CLIENT_SECRET) must be configured directly within the Auth0 dashboard for the `MoldInventoryPostUserRegistration` action.
  • ⚠️Requires a Cloudflare KV namespace (`OAUTH_KV`) to be created and its ID configured in `wrangler.jsonc`.
Verified SafeView Analysis
The server implements OAuth 2.0 with PKCE using `oauth4webapi` and `Cloudflare Workers OAuth Provider`, handling authentication and token exchange securely. Sensitive configurations (Auth0 credentials, API base URL) are correctly managed via environment variables and Auth0 Action secrets, avoiding hardcoding. CSRF protection is used for the consent screen, and cookies are handled with `httpOnly` and `secure` flags (conditionally for development). The system relies on a well-configured Auth0 tenant and securely managed environment variables for its security posture. No direct 'eval' or obfuscation found.
Updated: 2025-12-04GitHub
PreviousPage 169 of 760Next