Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

91
48
Low Cost
mrexodia icon

zeromcp

by mrexodia

Sec8

A minimal, pure Python Model Context Protocol (MCP) server for exposing tools, resources, and prompts via HTTP/SSE and Stdio transports.

Setup Requirements

  • ⚠️Requires Python 3.11 or newer.
  • ⚠️Basic Python knowledge is needed to define and register functions as tools, resources, or prompts.
  • ⚠️For HTTP transport, a free port must be available.
Verified SafeView Analysis
The server uses Python's built-in `http.server` modules, which are generally safe for controlled environments but may lack advanced production-grade security features. It correctly implements CORS with a sensible default of allowing localhost origins, and configurable options for more restrictive or permissive policies. A `post_body_limit` is in place to prevent overly large payloads. The core logic for dispatching calls to registered functions is safe as it relies on explicit function registration by the developer, not arbitrary code execution. By default, exceptions expose full tracebacks, which is useful for development but should be redacted in production (configurable via `registry.redact_exceptions = True`) to prevent information leakage.
Updated: 2025-12-04GitHub
90
1386
High Cost
isaacphi icon
Sec3

Serves as an MCP (Model Context Protocol) gateway, enabling LLMs to interact with Language Servers (LSPs) for codebase navigation, semantic analysis, and code editing operations.

Setup Requirements

  • ⚠️Requires a separate Language Server (e.g., gopls, rust-analyzer, pyright, typescript-language-server, clangd) to be installed and available in the system's PATH.
  • ⚠️C/C++ (clangd) language server requires pre-generation of 'compile_commands.json' for the workspace.
  • ⚠️Requires manual configuration within an MCP client (e.g., Claude Desktop) to specify the workspace directory and LSP command.
Review RequiredView Analysis
CRITICAL: The server exposes tools like 'edit_file' and 'rename_symbol' that directly accept 'filePath' arguments from MCP clients (potentially LLMs). The source code does NOT appear to sanitize or confine these 'filePath' arguments to the configured '--workspace' directory. This creates a critical vulnerability where a malicious or unconstrained LLM could perform arbitrary file writes, deletions, or renames on the host system outside the intended workspace. Similarly, 'definition', 'references', 'diagnostics', and 'hover' tools, which also accept 'filePath', could lead to arbitrary file reads and information disclosure. The 'lspCommand' to run the underlying Language Server is specified at startup, making it a configuration risk rather than a direct runtime injection vulnerability.
Updated: 2026-01-01GitHub
90
43
Low Cost
agentsdance icon

agentx

by agentsdance

Sec7

A unified CLI tool for managing MCP (Model Context Protocol) servers and skills across multiple AI coding agents like Claude Code, Codex, Cursor, Gemini CLI, and OpenCode.

Setup Requirements

  • ⚠️Go 1.25+ required for building from source.
  • ⚠️Node.js with npm required for MCP server execution (via npx).
  • ⚠️Git required for cloning skill and plugin repositories.
Verified SafeView Analysis
The project executes external commands such as `git clone`, `npx`, `brew`, and `go install` for its core functionality. While these commands are generally used for legitimate purposes, they inherently introduce a security surface. `git clone` is performed into temporary directories which is good practice. `npx` executes packages from the npm registry, requiring trust in those packages. Update checks involve fetching from GitHub API and raw content, and the tool can prompt or execute self-upgrade commands which might involve privilege escalation depending on the user's setup. No explicit 'eval' or malicious patterns were identified, nor were hardcoded secrets found in the truncated source.
Updated: 2026-01-19GitHub
90
564
Medium Cost
TM9657 icon

flow-like

by TM9657

Sec8

Flow-Like is a visual workflow automation platform that focuses on building AI-powered workflows, data integration, and business process automation with transparency and type safety.

Setup Requirements

  • ⚠️Building from source requires Rust, Bun, Tauri, and Protobuf to be installed.
  • ⚠️The model evaluator (Python component) requires Python dependencies like `requests`, `huggingface-hub`, `pandas`, `pyarrow`.
  • ⚠️Full AI functionality for local models might require a local Ollama instance running.
  • ⚠️Many AI model providers (e.g., OpenRouter, OpenAI) require paid API keys for their services.
  • ⚠️Self-hosting a full backend requires significant infrastructure setup, including PostgreSQL, S3-compatible object storage, and potentially Redis, Docker, or Kubernetes.
Verified SafeView Analysis
The project uses Rust for its core backend, which generally offers strong memory safety. External APIs (OpenRouter, Hugging Face, OpenAI, etc.) are heavily relied upon, introducing supply chain risks if compromised. Build scripts utilize `execSync` but are used in a controlled build context, not runtime. Sensitive API keys and credentials are properly configured via environment variables (e.g., `OPENROUTER_API_KEY`, `EXECUTION_KEY`). Production deployments, particularly on Kubernetes, emphasize strong isolation (e.g., Kata Containers), network policies, and workload identity over static keys, indicating a focus on security for the deployed 'MCP Server' components. The Python `model-evaluator` is a local utility, not a directly exposed server endpoint, reducing its direct attack surface.
Updated: 2026-01-17GitHub
90
42
Medium Cost
iceener icon
Sec4

Manages Google Calendar events, checks availability, and schedules meetings via the Model Context Protocol (MCP) using OAuth 2.1.

Setup Requirements

  • ⚠️Requires a Google Cloud Project with the Calendar API enabled and OAuth 2.0 credentials configured (Client ID, Client Secret, redirect URIs).
  • ⚠️Requires explicit configuration of `OAUTH_REDIRECT_URI` and `OAUTH_REDIRECT_ALLOWLIST` in both the server's environment and the Google Cloud OAuth client settings to avoid redirect_uri_mismatch errors.
  • ⚠️For secure token storage, a 32-byte base64url encryption key must be provided via `RS_TOKENS_ENC_KEY` (Node.js) or `TOKENS_ENC_KEY` (Cloudflare Worker). Without it, OAuth tokens are stored unencrypted.
Review RequiredView Analysis
The server explicitly states that its HTTP/OAuth layer is for development convenience and not production-grade security. Critical security gaps include: 1) The `isAllowedOrigin` function (for origin validation) is a placeholder returning `true` in production, making it vulnerable to CSRF/SSRF unless manually implemented. 2) The `wrangler.toml` defaults `OAUTH_REDIRECT_ALLOW_ALL` to `true`, a severe OAuth vulnerability if not set to `false` in production. 3) While token encryption is available via `RS_TOKENS_ENC_KEY` or `TOKENS_ENC_KEY`, it's optional, and skipping it results in plaintext storage of OAuth tokens, a major security risk. The server uses Zod for input validation and PKCE for OAuth, which are good practices, but the mentioned issues require immediate attention for any remote deployment.
Updated: 2025-12-09GitHub
90
289
Medium Cost
DaxianLee icon

cocos-mcp-server

by DaxianLee

Sec1

Enables AI assistants to interact with the Cocos Creator editor through a Model Context Protocol (MCP) server, providing control over scene, node, component, asset, and project operations.

Setup Requirements

  • ⚠️Requires Cocos Creator 3.8.6+ to be installed and running.
  • ⚠️Manual installation involves copying files to the `extensions` directory, running `npm install`, and `npm run build` within the plugin folder.
  • ⚠️The plugin must be enabled and the server started manually from within the Cocos Creator editor's extension panel.
Review RequiredView Analysis
CRITICAL RISK: The `debug_execute_script` tool (found in `source/tools/debug-tools.ts`) allows arbitrary JavaScript code execution within the Cocos Creator editor's scene context via a direct `eval` call. This constitutes a Remote Code Execution (RCE) vulnerability if an AI client is compromised or a malicious prompt is executed. While the server defaults to binding to `127.0.0.1`, the `Access-Control-Allow-Origin: *` header in `source/mcp-server.ts` implies it could be configured for broader network access, escalating the risk significantly. Even with local-only access, this feature could lead to severe compromise of the project or local system if exploited.
Updated: 2025-11-19GitHub
90
173
High Cost
blueman82 icon

ai-counsel

by blueman82

Sec6

Enables multi-model AI deliberations to reach true consensus through iterative debate and refine positions across multiple rounds, supporting evidence-based decision-making with historical memory.

Setup Requirements

  • ⚠️Requires Python 3.11+.
  • ⚠️Requires at least one AI CLI tool (e.g., Claude, Codex) or local LLM runtime (e.g., Ollama, LM Studio) or cloud API key (e.g., OpenRouter, OpenAI) to function.
  • ⚠️Local models (Ollama, LM Studio) require 7B-8B+ parameters for reliable structured output and vote formatting.
  • ⚠️Configuration in `config.yaml` is critical for model adapters and features like decision graph memory and early stopping.
  • ⚠️Setting `working_directory` is crucial for tools to access user files securely; without it, requests will fail validation.
  • ⚠️The Codex adapter has a known limitation where it can access files outside the `working_directory` parameter due to a lack of true isolation, posing a security risk.
Verified SafeView Analysis
The system generally implements good security practices, including whitelisted commands for the `run_command` tool, path exclusion patterns (`.git/`, `node_modules/`, `transcripts/`) to prevent context contamination, and `working_directory` isolation for most CLI adapters. API keys are handled via environment variables. However, a critical limitation is explicitly noted for the `CodexAdapter`, which 'can access any file regardless of working_directory (no true isolation)'. This means models using the Codex adapter could potentially read files outside the intended project scope, posing a significant security risk despite other safeguards. `eval` is not found, and network risks are controlled through adapter design.
Updated: 2026-01-10GitHub
90
37
Medium Cost
AlexGladkov icon

claude-in-mobile

by AlexGladkov

Sec2

Provides a unified API to automate UI interactions and controls on Android devices (via ADB), iOS Simulators (via simctl), and Desktop applications (Compose Multiplatform) using natural language commands from an AI agent like Claude.

Setup Requirements

  • ⚠️Requires ADB (Android Debug Bridge) installed and in PATH for Android automation.
  • ⚠️Requires macOS with Xcode installed and an iOS Simulator for iOS automation.
  • ⚠️Requires macOS (Windows/Linux support planned) and JDK 17+ for building and running the Desktop companion app. Desktop automation also requires accessibility permissions on macOS.
  • ⚠️The desktop companion app needs to be built (`npm run build:desktop` or `npm run build:all`) prior to use.
Review RequiredView Analysis
The server's design inherently executes commands on the host system and connected devices. Several tools (`shell`, `launch_desktop_app`, `tap` and `swipe` for iOS, and macOS `WindowManager` operations) leverage `child_process.execSync`, `child_process.spawn`, Python scripts, and AppleScript directly with arguments derived from user input (tool parameters). Without robust, explicit sanitization of these parameters before execution, there is a critical risk of command injection, allowing arbitrary code execution on the host machine or connected devices if a malicious actor or an unconstrained AI model can craft specific input strings.
Updated: 2026-01-19GitHub
90
507
Low Cost
getsentry icon

sentry-mcp

by getsentry

Sec8

A middleware server designed to optimize Sentry API access for human-in-the-loop coding agents, focusing on developer workflows and debugging use cases.

Setup Requirements

  • ⚠️Requires OpenAI API Key for AI-powered search tools (search_events, search_issues).
  • ⚠️Requires a Sentry User Auth Token with specific scopes (org:read, project:read/write, team:read/write, event:write) for the `stdio` transport mode.
  • ⚠️For local development of the remote server, requires creating a Sentry OAuth Application to obtain a Client ID and Secret, and generating a `COOKIE_SECRET`.
Verified SafeView Analysis
The project demonstrates strong awareness and active mitigation of prompt injection vulnerabilities in AI agent interactions, explicitly warning against returning untrusted error messages. It utilizes a robust dual OAuth architecture with PKCE, token encryption, and granular scope enforcement for secure client-server and server-Sentry API authentication. Secrets are managed via environment variables. The explicit warning about prompt injection and the detailed error handling philosophy are strong positives, indicating an understanding of these risks. Relaxed linting for `noExplicitAny` and `noDangerouslySetInnerHtml` in `biome.json` is noted.
Updated: 2026-01-19GitHub
89
384
Medium Cost
docfork icon

docfork

by docfork

Sec9

Provides live-synced, context-aware, and version-accurate documentation to AI models, preventing hallucinations and context bloat for developer tasks.

Setup Requirements

  • ⚠️Requires a Docfork API Key (free tier available, paid tiers for higher usage/features).
  • ⚠️Relies on an external Docfork API (`https://api.docfork.com/v1`) for documentation content, requiring internet connectivity.
  • ⚠️Requires Node.js >=18 and pnpm >=9 for local development/installation.
Verified SafeView Analysis
The server demonstrates good security practices by loading sensitive keys (e.g., CLIENT_IP_ENCRYPTION_KEY, DOCFORK_API_KEY) from environment variables or CLI arguments, not hardcoding them. It uses the `jose` library for secure JWT validation and the `crypto` module for client IP encryption (if configured). Request body size is limited, and IP address handling accounts for proxies. Hardcoded OAuth discovery URLs are public and appropriate. A minor concern is that client IP encryption falls back to plain text if the key is misconfigured, which could expose client IPs if encryption is intended but setup incorrectly, though this is a configurable choice.
Updated: 2026-01-18GitHub
89
1006
High Cost
steipete icon

claude-code-mcp

by steipete

Sec3

Acts as an MCP server to enable LLMs to run Claude Code CLI in one-shot mode, bypassing permissions for complex coding, file system, Git, and terminal operations.

Setup Requirements

  • ⚠️Requires Node.js v20 or later.
  • ⚠️Requires Claude CLI to be installed globally.
  • ⚠️A crucial one-time setup is required: run the Claude CLI manually with '--dangerously-skip-permissions', log in, and accept its terms for non-interactive use.
Review RequiredView Analysis
The server explicitly uses the '--dangerously-skip-permissions' flag for the Claude CLI, which is its intended functionality. This bypasses all interactive permission prompts from Claude Code, giving it full access to the system (file operations, git, terminal). While intended for power users, it means a malicious or unconstrained LLM prompt could execute arbitrary and potentially destructive commands without further human confirmation. The security relies heavily on the trustworthiness and sandboxing of the LLM generating the prompt and the underlying Claude CLI itself.
Updated: 2026-01-01GitHub
89
25
High Cost
VladyslavMykhailyshyn icon

ukrainian-stats-mcp-server

by VladyslavMykhailyshyn

Sec9

Provides AI models with structured access to Ukrainian statistical data from the State Statistics Service of Ukraine via their SDMX API v3, including comprehensive metadata and flexible data retrieval.

Setup Requirements

  • ⚠️Requires Node.js 18 or higher.
  • ⚠️Requires manual configuration in Claude Desktop's `claude_desktop_config.json`.
  • ⚠️Requires internet connectivity to `https://stat.gov.ua` to fetch data.
Verified SafeView Analysis
The server code does not appear to contain malicious patterns, 'eval' usage, or hardcoded sensitive secrets. It acts as a proxy to a public SDMX API, converting XML responses to JSON. The installation script, while performing global npm operations, does not use suspicious commands. All tool arguments are passed directly, not evaluated as code, mitigating injection risks. The `baseURL` for the public Ukrainian Statistics API is hardcoded, which is acceptable for a public, non-credentialed service.
Updated: 2025-11-30GitHub
PreviousPage 17 of 760Next