Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(7632)

89
538
High Cost
spences10 icon
Sec9

Guides LLM-driven problem-solving by breaking down complex problems into manageable steps and recommending appropriate MCP tools at each stage.

Setup Requirements

  • ⚠️Requires an MCP client for configuration and interaction.
  • ⚠️Relies on the LLM client to manage and potentially truncate the 'previous_steps' parameter sent to the tool to avoid exceeding context window limits and high token costs.
  • ⚠️Requires Node.js and npm (via npx) to run.
Verified SafeView Analysis
The server uses standard input/output (stdio) for communication, minimizing network attack surface. It does not contain 'eval' or other direct code execution methods, nor does it hardcode sensitive credentials. Crucially, the server explicitly delegates the execution of recommended tools to the MCP client, preventing the server itself from executing arbitrary external commands. The primary security consideration is client-side responsibility for managing the size of the 'previous_steps' context sent to the server to prevent excessive token consumption.
Updated: 2025-12-14GitHub
89
25
High Cost
VladyslavMykhailyshyn icon

ukrainian-stats-mcp-server

by VladyslavMykhailyshyn

Sec9

Provides AI models with structured access to Ukrainian statistical data from the State Statistics Service of Ukraine via their SDMX API v3, including comprehensive metadata and flexible data retrieval.

Setup Requirements

  • ⚠️Requires Node.js 18 or higher.
  • ⚠️Requires manual configuration in Claude Desktop's `claude_desktop_config.json`.
  • ⚠️Requires internet connectivity to `https://stat.gov.ua` to fetch data.
Verified SafeView Analysis
The server code does not appear to contain malicious patterns, 'eval' usage, or hardcoded sensitive secrets. It acts as a proxy to a public SDMX API, converting XML responses to JSON. The installation script, while performing global npm operations, does not use suspicious commands. All tool arguments are passed directly, not evaluated as code, mitigating injection risks. The `baseURL` for the public Ukrainian Statistics API is hardcoded, which is acceptable for a public, non-credentialed service.
Updated: 2025-11-30GitHub
89
122
Low Cost
m1rl0k icon
Sec8

Context-Engine is a plug-and-play MCP retrieval stack that unifies code indexing, hybrid search, and optional LLM decoding to enable product teams to quickly ship context-aware AI agents for large or fast-changing codebases.

Setup Requirements

  • ⚠️Requires Kubernetes cluster (1.19+), kubectl, and Docker image built/pushed for remote deployment.
  • ⚠️Python 3.x with 'requests', 'urllib3', and 'charset_normalizer' dependencies required for the VS Code extension's client (auto-install to venv supported).
  • ⚠️Requires Qdrant vector database (included in Docker Compose/Kubernetes manifests).
  • ⚠️Llama.cpp local LLM decoder is enabled by default ('REFRAG_DECODER=1') and needs to be running (either as a Docker container or natively on Apple Silicon).
  • ⚠️Using remote LLM providers (GLM, MiniMax) will incur API costs and requires respective API keys (e.g., GLM_API_KEY).
  • ⚠️Path mapping between host and container roots (contextEngineUploader.hostRoot, contextEngineUploader.containerRoot) needs careful configuration for remote indexing.
Verified SafeView Analysis
The system architecture is complex, involving multiple services, file uploads, and external API integrations, which inherently increases attack surface. However, explicit measures are in place: file upload processing (scripts/upload_delta_bundle.py) includes checks for path traversal to mitigate risks, and subprocess execution (e.g., git commands) primarily uses 'shlex.split' or 'asyncio.create_subprocess_exec' to safely handle arguments, avoiding 'shell=True' for untrusted inputs. Authentication is an opt-in feature ('CTXCE_AUTH_ENABLED'), with user and session management handled by a dedicated backend. Production deployments require careful network segmentation due to exposed services (Qdrant, MCP, Llama.cpp, Upload Service). External LLM providers (GLM, MiniMax) require API keys via environment variables, not hardcoded. No obvious 'eval' or intentional obfuscation was detected.
Updated: 2025-12-14GitHub
89
24
Medium Cost
h7lu icon
Sec9

A local RAG (Retrieval-Augmented Generation) server providing semantic and lexical search, and graph-based navigation for RimWorld game source code and XML definitions to AI assistants.

Setup Requirements

  • ⚠️Requires manual export and placement of RimWorld game data (C# source, XML Defs) into a specified directory.
  • ⚠️Requires both .NET 8.0 SDK and Python 3.9+ runtime environments to be installed.
  • ⚠️Requires downloading a large embedding model (e.g., e5-base-v2, multiple GBs) from HuggingFace, which may require git lfs.
  • ⚠️Requires running two separate server processes concurrently (a Python embedding server and a .NET MCP server) for full functionality.
Verified SafeView Analysis
The Python embedding server runs on localhost by default (127.0.0.1:5000), limiting network exposure. API keys for remote embedding services are handled via environment variables or command-line arguments, preventing hardcoding. Input payloads for embedding are structured, reducing injection risks. No 'eval' or obvious malicious patterns were found in the provided Python source code. Assumes the C# component itself is securely written.
Updated: 2025-12-01GitHub
89
28
Low Cost
w31r4 icon

codex-mcp-go

by w31r4

Sec7

Wraps OpenAI's Codex CLI to serve it as an MCP tool for AI clients, enabling multi-turn conversations and sandbox-controlled code execution.

Setup Requirements

  • ⚠️Requires OpenAI's `codex` CLI to be installed globally and configured.
  • ⚠️Requires Go 1.24+ if building from source.
  • ⚠️`OPENAI_API_KEY` is required for the underlying Codex CLI (typically passed via environment variable by the client).
Review RequiredView Analysis
The server acts as a wrapper for the `codex` CLI, passing user-provided prompts as arguments. It incorporates sandbox controls (`read-only`, `workspace-write`, `danger-full-access`) for the underlying `codex` operations. A significant security consideration is the default `yolo=true` flag, which causes the `codex` CLI to execute generated commands without explicit human confirmation. This design, while intended for automated agentic workflows, introduces a risk where a malicious or erroneous AI prompt could lead to unintended actions within the configured sandbox. No direct `eval` or similar dangerous patterns are used within the Go code, nor are there hardcoded sensitive secrets. Path validation for `cd` and `image` parameters is present. The overall security relies heavily on the robustness of the underlying `codex` CLI and the trust in the AI's generated actions when `yolo` is enabled.
Updated: 2025-12-03GitHub
89
1370
Low Cost
rulego icon

rulego

by rulego

Sec4

An independent, high-performance rule engine service designed for orchestrating applications, IoT devices, large AI models, and automating data processing and workflows, often in edge computing environments.

Setup Requirements

  • ⚠️Authentication is disabled by default (`require_auth = false` in `config.conf`), making it insecure for production environments. It must be manually enabled and configured with custom credentials.
  • ⚠️To utilize various extension components (AI, IoT, CI/CD, ETL, FastHTTP), specific `go build -tags` flags are required during compilation. A standard `go build .` won't include all features.
  • ⚠️The `exec_node` component allows running shell commands. Its `cmd_white_list` configuration in `config.conf` must be carefully reviewed and restricted to prevent command injection vulnerabilities, especially if untrusted users can modify rule chains.
Review RequiredView Analysis
CRITICAL RISKS: 1. Arbitrary Code/Command Execution: The service allows defining and executing JavaScript code (via `jsTransform`, `jsFilter`, `jsSwitch` nodes) and shell commands (via `exec_node`). While `exec_node` is mitigated by a `cmd_white_list` configuration parameter, both features, if misconfigured or exploited, pose a significant risk of arbitrary code execution or denial of service. 2. Default Authentication Disabled: By default, `require_auth = false` in `config.conf`, meaning no authentication is enforced. All operations are performed as a default `admin` user. This is a critical security vulnerability for any deployment outside of local development and must be explicitly enabled and configured. 3. Hardcoded/Example Secrets: The `README` provides an example `jwt_secret_key` and `admin=admin` credentials. These must be changed to strong, unique values for any production deployment to prevent unauthorized access. RECOMMENDATIONS: - Enable `require_auth = true` and configure strong, unique user credentials and JWT secret key. - Strictly limit `cmd_white_list` to only essential commands in `config.conf`. - Thoroughly audit and sandbox all user-provided JavaScript code.
Updated: 2025-12-14GitHub
89
26
Low Cost
jtsang4 icon

nettune

by jtsang4

Sec6

Nettune acts as an MCP stdio wrapper for a network diagnostics and TCP optimization tool, enabling AI-assisted configuration of Linux server network settings.

Setup Requirements

  • ⚠️Requires root privileges on the server (sudo).
  • ⚠️Requires manual TLS termination (e.g., nginx reverse proxy) for secure production deployments due to default HTTP communication.
  • ⚠️The server component is designed for Linux systems; client wrapper supports other OS but core optimizations are Linux-specific.
Review RequiredView Analysis
The server component requires root privileges (sudo) to perform system-level modifications (sysctl, qdisc, systemd). While the client wrapper verifies binary downloads using SHA256 checksums and the API key is compared using constant-time operations, the default communication between the client and server uses plain HTTP with Bearer token authentication. This makes API keys vulnerable to sniffing in transit without external TLS termination (e.g., via nginx reverse proxy), which is explicitly warned about in the README. Extensive use of `exec.Command` for system operations is present, but input validation is implemented for qdisc parameters and sysctl keys to mitigate command injection risks.
Updated: 2025-12-14GitHub
89
245
Low Cost
oracle icon

mcp

by oracle

Sec9

Fetches Oracle Cloud Infrastructure (OCI) service pricing from Oracle’s public Price List API (cetools).

Setup Requirements

  • ⚠️Requires Python 3.11+.
  • ⚠️Requires active internet access to reach Oracle's public API endpoints.
  • ⚠️Requires installation of Python packages: fastmcp, httpx, babel, and pycountry.
Verified SafeView Analysis
The server connects to Oracle's public Price List API (cetools) via HTTPS, requiring no local OCI credentials. It is stateless and handles network requests with retries and exponential backoff, making it robust. Currency inputs are validated to ensure they conform to ISO 4217 standards. There are no apparent uses of dangerous functions like 'eval' or patterns that would allow remote code execution. The README emphasizes that it's 'credential-free' and 'stateless'.
Updated: 2025-12-12GitHub
88
22
Low Cost
clumsynonono icon

ethereum-mcp

by clumsynonono

Sec9

Ethereum data analytics for Research Incentive Group (RIG) research, covering Blob, DEX, Staking, MEV, BuilderNet, and L2 MEV metrics.

Setup Requirements

  • ⚠️Requires a Dune Analytics API Key (`DUNE_API_KEY`) to be set in the `.env` file.
  • ⚠️Most data tools require manual configuration of Dune Query IDs in `src/utils/queryConfig.ts` before they can fetch data.
  • ⚠️Requires `npm install` and `npm run build` to be executed once after cloning and after modifying `src/utils/queryConfig.ts`.
  • ⚠️Requires restarting the Claude Desktop application for configuration changes to take effect.
Verified SafeView Analysis
The server acts as a wrapper around the Dune Analytics API, making HTTP requests to `api.dune.com` using an API key. There are no 'eval' or arbitrary code execution vulnerabilities identified within the provided source. Input parameters for Dune queries (`query_id`, `limit`, etc.) are passed to the Dune API, not executed locally. The `DUNE_API_KEY` is loaded from an environment variable, which is good practice. The explicit `execute_query` tool requires user confirmation, mitigating accidental credit consumption.
Updated: 2025-11-27GitHub
88
22
Low Cost
clumsynonono icon

ethereum-dune-mcp

by clumsynonono

Sec9

Ethereum blockchain data analytics and research for RIG (Research Incentive Group), providing metrics on Blob, DEX, Staking, MEV, and L2 activities via Dune Analytics.

Setup Requirements

  • ⚠️Requires a Dune API Key (free registration, but API calls can consume credits).
  • ⚠️Many tools require manual configuration of Dune Query IDs in `src/utils/queryConfig.ts` after finding them on Dune Analytics.
  • ⚠️Requires configuration within `claude_desktop_config.json` with the absolute path to the compiled `index.js` file.
Verified SafeView Analysis
The server loads the Dune API key from environment variables (`.env`), preventing hardcoding of secrets. Most data retrieval uses cached results, which are free. The `execute_query` tool, which can consume Dune API credits, explicitly requires a `confirm: true` argument, adding a layer of protection against unintended API usage and associated costs. No `eval` or other highly dangerous dynamic code execution patterns were found.
Updated: 2025-11-27GitHub
88
377
Low Cost
punkpeye icon
Sec10

A curated list of developer tools, SDKs, libraries, utilities, and resources for building and interacting with Model Context Protocol (MCP) servers.

Verified SafeView Analysis
The provided source code consists solely of markdown files (README.md, CONTRIBUTING.md), which serve as documentation for an 'Awesome List' of MCP developer tools. This repository does not contain executable server code to audit for security risks like 'eval', obfuscation, network vulnerabilities, hardcoded secrets, or malicious patterns. Therefore, it presents no inherent security risks related to running a server. The security of external projects linked within this list is not assessed here.
Updated: 2025-12-10GitHub
88
63
High Cost
ayunis-core icon

ayunis-legal-mcp

by ayunis-core

Sec5

A system for semantic search and retrieval of German legal texts, enabling AI assistants to query legal documents using vector embeddings.

Setup Requirements

  • ⚠️Requires Ollama service running and a specific hardcoded embedding model (ryanshillington/Qwen3-Embedding-4B:latest) must be manually pulled.
  • ⚠️Docker and Docker Compose are essential for orchestrating the multi-service architecture (PostgreSQL, Store API, MCP Server).
  • ⚠️Production deployments critically need to implement authentication, rate-limiting, and change the default PostgreSQL password, as these are known security limitations acknowledged in the project's security policy.
Review RequiredView Analysis
The system explicitly states critical security limitations: no rate limiting on API endpoints (vulnerable to DoS attacks) and no authentication for external access. The default PostgreSQL password is 'postgres_password', which is insecure and must be changed for any deployment beyond local development. Ollama endpoint security is also noted as a responsibility of the deployer. Basic protections like input validation for legal codes (preventing SSRF/injection) and request size limiting are implemented, and detailed error messages are hidden in production.
Updated: 2025-12-11GitHub
PreviousPage 17 of 636Next