Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

33
2
Medium Cost
DosiBridge icon

agent-tool

by DosiBridge

Sec6

A full-stack AI agent platform offering conversational AI with RAG, multi-LLM support, and extensible tooling via Model Context Protocol (MCP) servers.

Setup Requirements

  • ⚠️Requires API keys for major LLM providers (e.g., OpenAI, DeepSeek, Google Gemini, Groq, Firecrawl) for full functionality, which may incur costs.
  • ⚠️A PostgreSQL database (version 15+) is required.
  • ⚠️Initial database setup requires running `docker exec -it agent-backend python init_db.py` after the services are up.
  • ⚠️Hardcoded default security keys in `docker-compose.yml` MUST be changed for any production or public-facing deployment.
Review RequiredView Analysis
The `docker-compose.yml` file contains hardcoded default passwords for PostgreSQL (`POSTGRES_PASSWORD: 1234`) and a default JWT secret (`JWT_SECRET_KEY: "your-secret-key-change-in-production-use-strong-random-key"`). While the project explicitly states these should be changed for production and provides a script (`generate_keys.py`) to do so, their presence as defaults is a critical security vulnerability for easy deployment. The system also allows users to configure and connect to external MCP servers, introducing a potential attack surface for SSRF or other network-based attacks if malicious URLs are provided, though `httpx` with timeouts is used for connection testing. The `eval` function is used for mathematical expression evaluation within restricted namespaces, which is a justified and controlled use.
Updated: 2025-12-12GitHub
33
1
Medium Cost
davidwarshawsky icon

mcp-server-jupyter

by davidwarshawsky

Sec9

Transforms Jupyter notebooks into a reliable, stateful, and secure backend API for AI agents, facilitating data analysis, scientific computing, and visualization through controlled execution and inspection.

Setup Requirements

  • ⚠️Requires Python 3.10, 3.11, or 3.12.
  • ⚠️Docker is recommended for sandboxed kernel execution in production environments.
  • ⚠️Python dependencies such as `jupyter_client`, `nbformat`, `ipykernel`, `mcp_sdk`, and `psutil` must be installed in the server's environment.
  • ⚠️A session token (MCP_SESSION_TOKEN) is automatically generated and printed to stderr on server startup for secure client connections; this must be passed by clients.
  • ⚠️For static rendering of Plotly and Bokeh visualizations, `kaleido` and `matplotlib` (Agg backend) respectively should be installed in the kernel environment.
  • ⚠️Disk space for the 'assets' directory is proactively managed, but excessive large outputs can still consume significant storage.
Verified SafeView Analysis
The server implements comprehensive security measures including Pydantic-validated input, robust Docker sandboxing (seccomp, capability dropping, read-only rootfs, network isolation), entropy-based secret redaction, structured audit logging, atomic notebook writes, and backpressure for DoS prevention. It also features UUID-based zombie kernel reaping and explicitly removed insecure checkpointing mechanisms. Token-based authentication (MCP_SESSION_TOKEN generated at runtime) is enforced, and a configurable package allowlist (MCP_PACKAGE_ALLOWLIST) prevents supply chain attacks. Path traversal is strictly prevented for both notebook and asset access. While highly hardened, the 'auto_analyst' prompt example, if executed literally by an agent, might bypass the server's package allowlist by directly using `subprocess.check_call` for `pip install`, though the dedicated `install_package` tool is secure.
Updated: 2026-01-19GitHub
33
2
Medium Cost
hyperpolymath icon

poly-git-mcp

by hyperpolymath

Sec6

Provides Model Context Protocol (MCP) tools for AI assistants to manage Git repositories, issues, pull requests, and CI/CD across GitHub, GitLab, Gitea, and Bitbucket platforms.

Setup Requirements

  • ⚠️Requires Deno runtime (v2.0+) to be installed.
  • ⚠️Requires GitHub CLI (gh), GitLab CLI (glab), and Gitea CLI (tea) to be installed and properly authenticated for their respective functionalities.
  • ⚠️Bitbucket API tools require setting `BITBUCKET_USERNAME` and `BITBUCKET_APP_PASSWORD` environment variables, recommending a dedicated app password with limited scope.
Verified SafeView Analysis
The server executes external CLI commands (gh, glab, tea) and makes API calls (Bitbucket) using Deno's --allow-run and --allow-net permissions. It constructs command arguments by concatenating user-provided inputs, which, while passed as an array (mitigating shell injection in Deno), means the server delegates powerful actions based on client input. The security boundary relies heavily on the user's local Git forge authentication (e.g., GITHUB_TOKEN, GitLab/Gitea CLI logins, Bitbucket app passwords). Users must ensure tokens have minimal necessary scopes, carefully review tool calls from MCP clients, and understand that the MCP client can perform any action allowed by the provided credentials. No hardcoded secrets were found, and the code does not use `eval` or obfuscation.
Updated: 2026-01-19GitHub
33
3
Medium Cost
VladislavAntonyuk icon

AICalendar

by VladislavAntonyuk

Sec8

Provides an AI-powered cross-platform calendar application for intelligent scheduling and event management.

Setup Requirements

  • ⚠️Requires Azure Active Directory (B2C) setup for authentication.
  • ⚠️Requires an AI service API key and endpoint (e.g., Azure OpenAI, OpenAI) for the AI Scheduling Assistant.
  • ⚠️Requires .NET 8 SDK and optionally Azure Developer CLI (azd) for streamlined deployment to Azure.
Verified SafeView Analysis
The client-side `appsettings.json` contains hardcoded Azure AD B2C ClientId and Authority, which is a minor security concern for a public repository, although common for client development defaults. Server-side `appsettings.json` files correctly use empty placeholders for sensitive AI and Azure AD credentials, expecting them to be provided via environment variables or secure configuration during deployment. Local development uses HTTP endpoints, which is acceptable for a dev environment. The project uses Azure Developer CLI (`azd`) which encourages secure cloud deployment practices.
Updated: 2026-01-16GitHub
33
2
Medium Cost
surajfale icon

git-mcp-server

by surajfale

Sec7

Automates conventional Git commits, changelog updates, and optional pushes, primarily for AI assistants to generate commit messages based on code changes.

Setup Requirements

  • ⚠️Requires an OpenAI API Key (paid service) if AI generation is enabled (default).
  • ⚠️Requires Git to be installed and configured (user name, email) on the host machine.
  • ⚠️If cloning remote repositories via SSH, an SSH key must be configured (`GIT_SSH_KEY_PATH` environment variable) or an SSH agent must be running. Host key checking is disabled by default.
Verified SafeView Analysis
The server's Git operations disable SSH host key checking (`StrictHostKeyChecking=no`, `UserKnownHostsFile=/dev/null`), which makes it vulnerable to Man-in-the-Middle (MITM) attacks if the remote Git server is compromised or spoofed. Sensitive credentials like `OPENAI_API_KEY` and Git authentication details are loaded from environment variables, which is a good practice, but still requires secure management by the user. The `RepositoryManager` creates temporary workspaces for cloning remote repositories and performs file system operations (`shutil.rmtree`) within its designated `workspace_dir`.
Updated: 2025-11-23GitHub
33
2
Low Cost
WebMCP-org icon

mcp-ui-webmcp

by WebMCP-org

Sec9

Facilitates bidirectional AI interaction with embedded web applications, enabling dynamic tool registration and rich UI display within AI assistants.

Setup Requirements

  • ⚠️Requires Node.js 24.3.0+ and pnpm 10.14.0+.
  • ⚠️Deployment requires a Cloudflare account.
  • ⚠️The chat-ui (which acts as the AI client) requires an external AI provider API key (e.g., Anthropic, potentially paid).
  • ⚠️E2E tests must be run locally before PR submission, as they don't run in CI due to network restrictions.
Verified SafeView Analysis
Development configurations (CORS: '*', allowedOrigins: ['*']) are explicitly identified as needing to be tightened for production in `ARCHITECTURE.md` and `README.md`. No hardcoded secrets were found in the provided code; sensitive information is expected to be managed via Cloudflare secrets or gitignored `.vars.local` files. The `remoteDom` UI resource type allows execution of JavaScript provided by the server within the client iframe, which is a powerful feature requiring careful server-side control over content. `rawHtml` is mentioned as 'sandboxed for security', implying sanitization handled by the underlying MCP UI client library.
Updated: 2025-11-23GitHub
33
1
Medium Cost

Turn a static website into an AI-accessible knowledge base for search and content retrieval via the Model Context Protocol.

Setup Requirements

  • ⚠️Requires a Cloudflare account and manual creation of an R2 bucket.
  • ⚠️A separate build-time adapter (e.g., for Hugo, Astro, or generic Markdown) is required to generate the `search-index.json` file.
  • ⚠️The generated `search-index.json` must be manually uploaded to the Cloudflare R2 bucket after each content update.
Verified SafeView Analysis
The server is explicitly designed for public content only and implements no authentication, making all indexed content publicly accessible via MCP tools. The R2 bucket is private but its contents are served directly. No 'eval', obfuscation, hardcoded secrets, or obvious malicious patterns were found in the server's source code. Security depends on appropriate use (i.e., not for private/sensitive content).
Updated: 2026-01-19GitHub
33
3
High Cost
Sec8

Augments AI coding assistants with advanced research capabilities including batch web search, Reddit analysis, intelligent web scraping, and AI-powered deep research and synthesis.

Setup Requirements

  • ⚠️Requires multiple external API keys (Serper, Scrape.do, OpenRouter, Reddit) which may have free tiers but can incur costs with heavy usage, especially OpenRouter (pay-as-you-go) and Scrape.do (credits).
  • ⚠️Setting up Reddit API credentials (Client ID and Secret) requires creating a 'script' type app on Reddit's platform.
  • ⚠️Requires Node.js version 20.0.0 or higher.
Verified SafeView Analysis
The server uses standard environment variables for all API keys, preventing hardcoded secrets. It communicates via standard I/O (`StdioServerTransport`), which significantly limits the external attack surface compared to a network-exposed server. The `deep_research` tool's file attachment feature allows reading local files based on user-provided absolute paths. While this is a core functionality for a coding agent to provide context (e.g., code snippets for debugging), it presents a potential risk if the calling LLM or user provides malicious paths, potentially exposing local file content. However, the server's implementation processes these files for informational context (e.g., in a code block), not execution, and includes `existsSync` checks. No `eval` or obvious obfuscation was found. Overall, the server appears reasonably secure for its intended use within an LLM agent context.
Updated: 2026-01-18GitHub
33
1
Low Cost
Sec9

Provides semantic search over documentation using Google's Gemini File Search API, returning AI-generated answers with source citations.

Setup Requirements

  • ⚠️Requires a `GEMINI_API_KEY` from Google AI Studio.
  • ⚠️Requires pre-existing Gemini FileSearchStores; a separate indexing pipeline (e.g., GitHub Actions or custom script) must be set up and maintained to populate these stores.
  • ⚠️Project is built with Node.js/TypeScript, though `npx` simplifies execution without a local Node.js setup if using the pre-built version.
Verified SafeView Analysis
The server makes outbound network requests to the Gemini File Search API. It requires a `GEMINI_API_KEY`, which should be securely managed as an environment variable or via client configuration. There are no indications of 'eval' or obfuscation, and it explicitly states it does not interact with local files or git repos, reducing local risks.
Updated: 2025-11-17GitHub
33
3
Low Cost
ezhuk icon

bacnet-mcp

by ezhuk

Sec7

A Model Context Protocol (MCP) server that enables LLM agents to monitor and control BACnet-compatible Building Automation and Industrial Control Systems.

Setup Requirements

  • ⚠️Requires Python 3.13 or newer.
  • ⚠️Requires an OpenAI API Key (paid) if using the provided LLM agent examples.
  • ⚠️Requires access to a functional BACnet device or emulator for practical use.
Verified SafeView Analysis
The server's core functionality involves reading from and writing to physical BACnet devices. While the code itself does not contain obvious vulnerabilities like 'eval' or hardcoded secrets, and offers an optional AuthKit provider for authentication, deploying this server without proper network segmentation, robust authentication/authorization, and LLM agent guardrails could lead to significant physical security and operational risks. Unauthorized access or uncontrolled LLM actions could result in unintended changes to building systems.
Updated: 2026-01-17GitHub
33
2
Medium Cost
hyperpolymath icon

poly-cloud-mcp

by hyperpolymath

Sec7

Provides a unified Model Context Protocol (MCP) server for managing cloud resources across AWS, Google Cloud, Azure, and DigitalOcean, primarily enabling AI assistants to interact with these providers via their CLI tools.

Setup Requirements

  • ⚠️Requires Deno Runtime (v2.0+)
  • ⚠️Requires installation and configuration of AWS CLI, gcloud CLI, Azure CLI, and/or DigitalOcean CLI for respective provider tools to function.
  • ⚠️Needs explicit `--allow-run` permission for Deno, enabling external command execution.
Verified SafeView Analysis
This MCP server explicitly requires Deno's `--allow-run` permission to execute external cloud CLI commands (aws, gcloud, az, doctl). This grants the server (and any client controlling it) the ability to run arbitrary commands on the host system. The security boundary is therefore the host's configured cloud CLI credentials. The project transparently warns about this and recommends using minimal IAM permissions, separate credentials, avoiding admin access, and reviewing tool calls. No direct hardcoded secrets or 'eval' are observed in the provided code, but the inherent nature of wrapping powerful CLIs with `--allow-run` demands extreme caution.
Updated: 2026-01-17GitHub
33
1
Low Cost
trek-boldly-go icon

actual-budget-mcp-server

by trek-boldly-go

Sec8

A Model Context Protocol (MCP) HTTP server that exposes Actual Budget API functionality as streamable tools and resources for AI agents.

Setup Requirements

  • ⚠️Requires Actual Budget credentials: ACTUAL_SERVER_URL, ACTUAL_PASSWORD, ACTUAL_SYNC_ID are mandatory for connecting to an Actual Budget instance.
  • ⚠️Requires Node.js version 18 or higher to run.
  • ⚠️Authentication (MCP_AUTH_MODE) defaults to 'bearer' (requiring MCP_BEARER_TOKEN) or can be configured for 'oauth' (requiring multiple MCP_OAUTH_*-prefixed environment variables) or 'none' (insecure for production).
Verified SafeView Analysis
The server correctly uses environment variables for sensitive credentials (e.g., Actual API details, OAuth client secrets, bearer tokens). OAuth token introspection is implemented using standard methods. A `MCP_DANGEROUSLY_ALLOW_INSECURE_ISSUER_URL` flag exists to permit HTTP OAuth issuers, but it's explicitly marked for dev-only use and logs a warning. The primary security risks stem from misconfiguration (e.g., weak bearer tokens, disabling authentication, or using insecure OAuth settings in production) rather than inherent vulnerabilities in the provided source code. No 'eval' or obfuscation found. External dependencies (Actual server, Keycloak) security is critical but outside this scope.
Updated: 2025-12-14GitHub
PreviousPage 170 of 760Next