Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(7632)

88
20
Low Cost
LunFengChen icon

proxypin-mcp-server

by LunFengChen

Sec9

Integrates ProxyPin with a Large Model IDE via FastMCP, allowing AI to programmatically control and analyze HTTP network traffic.

Setup Requirements

  • ⚠️Requires a pre-compiled or installed ProxyPin instance to be running and listening on an MCP port.
  • ⚠️Requires Python and its dependencies (requests, fastmcp) to be installed.
  • ⚠️Integration with a 'Large Model IDE' supporting the MCP protocol is necessary to utilize its functionality.
Verified SafeView Analysis
The script itself does not contain 'eval', obfuscation, or hardcoded secrets. It acts as a client to a locally or internally running ProxyPin instance via HTTP. The overall security largely depends on the configuration and security posture of the underlying ProxyPin instance and how the 'Large Model IDE' (AI) utilizes these tools. No direct public exposure or common web vulnerabilities originate from this script itself.
Updated: 2025-12-12GitHub
88
201
Medium Cost
Shashankss1205 icon

CodeGraphContext

by Shashankss1205

Sec8

An MCP server that indexes local code into a Neo4j graph database to provide real-time, accurate context and relationship analysis to AI assistants for understanding, writing, and refactoring code.

Setup Requirements

  • ⚠️Requires a running Neo4j database instance (Docker or local binary installation is guided by `cgc setup`).
  • ⚠️Requires `NEO4J_URI`, `NEO4J_USERNAME`, and `NEO4J_PASSWORD` environment variables to connect to Neo4j.
  • ⚠️Indexing packages for specific languages (e.g., Go, JavaScript/TypeScript, Ruby, C/C++) requires their respective language tooling (e.g., `go`, `npm`, `gem`, `pkg-config`) to be installed and accessible in the system's PATH.
Verified SafeView Analysis
The server uses environment variables for Neo4j credentials, which is a good practice. It explicitly disallows write operations (CREATE, MERGE, DELETE, etc.) in `execute_cypher_query_tool` by stripping string literals before checking for forbidden keywords, mitigating Cypher injection risks for read-only queries. The `package_resolver.py` module uses `subprocess.run` to execute external commands (`npm`, `go`, `gem`, `pkg-config`), which introduces an inherent, albeit managed, risk if command arguments are not sufficiently sanitized or if the system's PATH is compromised. The setup wizard (`setup_wizard.py`) may execute `sudo` commands for local binary installations, requiring user trust.
Updated: 2025-11-19GitHub
87
435
Low Cost
director-run icon

director

by director-run

Sec6

Director acts as a gateway that provides 'playbooks' (sets of MCP tools, prompts, and configuration) to AI agents, enhancing their capabilities and facilitating 1-click integrations with clients like Claude, Cursor, and VSCode.

Setup Requirements

  • ⚠️Requires a PostgreSQL database (DATABASE_URL environment variable).
  • ⚠️Requires 'bun' package manager for local development/execution, and Node.js >= 22.0.0.
  • ⚠️Enabling DANGEROUSLY_ALLOW_ARBITRARY_STDIO_SERVERS or DANGEROUSLY_ALLOW_INSECURE_HTTP_SERVERS introduces significant security risks and is not recommended for production or multi-tenant environments.
Verified SafeView Analysis
The server uses strong cryptographic practices for API key encryption (AES-256-GCM) and robust authentication via 'better-auth'. However, it exposes environment variables like `DANGEROUSLY_ALLOW_ARBITRARY_STDIO_SERVERS` and `DANGEROUSLY_ALLOW_INSECURE_HTTP_SERVERS` which, if enabled, can lead to arbitrary code execution (for stdio servers) or Server-Side Request Forgery (SSRF) vulnerabilities (for insecure http servers). These are explicitly warned about in the codebase and documentation, indicating a known risk that users must be aware of during deployment, especially in multi-tenant environments. The `BETTER_AUTH_SECRET` is a critical secret that must be secured.
Updated: 2025-12-13GitHub
87
12
Low Cost
LNS2905 icon
Sec4

Multi-agent task coordination, issue tracking, and file locking to prevent conflicts between AI agents working on a shared codebase.

Setup Requirements

  • ⚠️Requires 'beads' CLI to be installed (pip install beads).
  • ⚠️Requires Node.js 16+ for `npx` command.
  • ⚠️Requires Python 3.8+.
  • ⚠️Optional 'bv' binary (from GitHub releases or Go install) needed for advanced graph analysis features (bv_insights, bv_plan, bv_priority, bv_diff).
  • ⚠️Python 'textual' library is required for the built-in dashboard (pip install textual).
  • ⚠️On Windows, 'pywin32' might be required for daemon named pipe support (pip install pywin32), otherwise it falls back to CLI.
Review RequiredView Analysis
The server's `tool_init` function accepts a `ws` (workspace) argument, which is then passed to `os.path.abspath()` and subsequently used as the `cwd` for `subprocess.run()` calls (e.g., `bd init`). If an untrusted agent can control this `ws` argument, it could potentially direct the server to execute `bd` commands in an arbitrary malicious directory. This poses a supply chain risk if a malicious `bd` binary or other executables were placed there, or an execution context risk if an attacker could control the environment of the `bd` calls. While `normalize_path` is used for file reservations to prevent path traversal within those specific calls, the broader `cwd` context for `bd` commands is vulnerable to manipulation. The server also downloads the optional `bv` binary from GitHub releases via `urllib.request`, relying on the security of the source and network.
Updated: 2025-12-11GitHub
87
14
Medium Cost
greatSumini icon

nanobanana-api-mcp

by greatSumini

Sec5

An MCP server providing image generation and editing capabilities via the Google Gemini API, integrable with various AI coding assistants and IDEs.

Setup Requirements

  • ⚠️Requires a Google API key with access to Gemini models, which needs to be obtained separately.
  • ⚠️Requires Node.js version >= 18.0.0.
Review RequiredView Analysis
The server processes user-provided file paths for image input/output (`path`, `output_path`, `reference_images_path`). While the documentation states 'ABSOLUTE path' and 'Relative paths are NOT accepted', there is no explicit server-side validation in the handlers (e.g., `generate-image.ts`, `edit-image.ts`) to ensure paths are absolute and confined to safe directories. This could lead to path traversal vulnerabilities if a malicious client provides manipulated paths, potentially allowing arbitrary file read/write on the server's filesystem. The Google API key is correctly handled via environment variables or CLI arguments, not hardcoded.
Updated: 2025-11-25GitHub
86
11
High Cost
Kirachon icon

context-engine

by Kirachon

Sec9

Provides a local-first, agent-agnostic Model Context Protocol (MCP) server for semantic code search and prompt enhancement using the Auggie SDK.

Setup Requirements

  • ⚠️Requires Node.js 18+ installed.
  • ⚠️Requires Auggie CLI installed globally (`npm install -g @augmentcode/auggie`).
  • ⚠️Requires Auggie authentication (`auggie login` or `AUGMENT_API_TOKEN` environment variable), which uses Auggie's cloud backend for embeddings and LLM calls, potentially incurring costs.
Verified SafeView Analysis
The project implements robust path validation to prevent traversal attacks, checks for binary content, and supports an 'offline-only' mode to prevent data leakage to remote APIs if explicitly enforced. Authentication is handled via Auggie CLI or environment variables, avoiding hardcoded secrets. Reliance on the Auggie SDK for core context operations implies trust in its security. The setup script uses 'shell: true' for `spawn` but for fixed, non-user-controlled commands.
Updated: 2025-12-13GitHub
86
11
High Cost
FlowLLM-AI icon

finance-mcp

by FlowLLM-AI

Sec2

An intelligent agent toolkit and MCP server for financial deep research scenarios, integrating web scraping, financial data, and LLM-powered agents.

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️Requires installation of Playwright browser binaries (`playwright install`).
  • ⚠️Requires API keys for various paid services: FLOW_LLM_API_KEY (for OpenAI-compatible LLM), DASHSCOPE_API_KEY, TUSHARE_API_TOKEN, TAVILY_API_KEY, BAILIAN_MCP_API_KEY (depending on features used).
Review RequiredView Analysis
The server includes `ExecuteCodeOp` and `HistoryCalculateOp` which execute arbitrary Python code generated by the LLM (`exec_code` function). This is a critical security vulnerability, allowing for arbitrary code execution if the LLM can be prompted to generate malicious code or if inputs are not properly sanitized. While potentially intended for controlled environments, its exposure as an LLM tool poses significant risk. Web scraping (`crawl4ai`) and external API calls (`Tushare`, `Dashscope`, `Tavily`, `Bailian`) involve network interactions, but API keys are handled via environment variables, not hardcoded. The primary risk is the unconstrained code execution capability.
Updated: 2025-12-11GitHub
86
416
Medium Cost
yuniko-software icon

minecraft-mcp-server

by yuniko-software

Sec8

Operates an LLM-powered bot in Minecraft Java Edition, enabling models like Claude to control a character through defined tools and the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Node.js (>= 20.10.0) to be installed.
  • ⚠️Requires a running Minecraft Java Edition (1.21.8 tested) world opened to LAN.
  • ⚠️Requires an MCP-compatible client (e.g., Claude Desktop) to connect and issue commands.
Verified SafeView Analysis
The code uses `stdio-filter.ts` to suppress verbose stdout/stderr output from underlying libraries (e.g., mineflayer), replacing `console.error` with a no-op. While justified for cleaning up logs as stated in the README, this practice can potentially hide critical warnings or errors from the user. No direct 'eval' or obvious hardcoded secrets were found within the provided source. The recommended `npx github:...` deployment method implies trusting the integrity of the remote GitHub repository.
Updated: 2025-12-11GitHub
86
10
Medium Cost
patriciomartinns icon

mcp-pdf-reader

by patriciomartinns

Sec9

Exposes local PDFs for reading, semantic search, chunking, and table extraction to MCP-compatible agents or via a CLI.

Setup Requirements

  • ⚠️Requires Python 3.14+.
  • ⚠️The first semantic search (search_pdf) on a new document or model will trigger a SentenceTransformers model download and embedding generation, which can cause a delay.
  • ⚠️Strongly recommends 'uv' for installation and execution, though standard Python tools might also work.
Verified SafeView Analysis
The server implements strong security measures, notably sandboxing PDF paths to a configurable base directory (defaults to CWD) and strictly validating file extensions to '.pdf'. It does not use 'eval' or other dangerous dynamic code execution. Network activity is limited to downloading SentenceTransformer models from Hugging Face for semantic search. `subprocess.run` is used only in development/testing scripts (`scripts/check.py`) and not in the server's runtime logic, with appropriate security comments (`nosec`). Memory usage is controlled via document and index caching limits.
Updated: 2025-11-27GitHub
86
433
Medium Cost
dbt-labs icon

dbt-mcp

by dbt-labs

Sec7

The dbt MCP (Model Context Protocol) server provides various tools to AI agents to interact with dbt Core, dbt Fusion, and dbt Platform, enabling agents to query metadata, execute CLI commands, manage jobs, and perform data analysis.

Setup Requirements

  • ⚠️Requires Python 3.12+ (for full compatibility with examples)
  • ⚠️Requires 'uv' and 'task' for dependency management and setup
  • ⚠️Requires dbt CLI installed and configured locally for dbt CLI and dbt Codegen tools
  • ⚠️Requires dbt Platform access (DBT_TOKEN or OAuth login) for Semantic Layer, Discovery, Admin API, and Proxied Tools
Verified SafeView Analysis
The server executes dbt CLI commands via `subprocess.Popen`. While `subprocess.Popen` is used with a list of arguments (mitigating direct shell injection), user-controlled arguments like `selector` (for dbt CLI commands) and `sql_query` (for `dbt show`) are passed. This introduces potential risks of command injection into the dbt CLI tool or SQL injection into the connected database if the LLM output for these parameters is not carefully constrained/sanitized. No hardcoded sensitive secrets or direct `eval()` on user input were found. OAuth and API communication rely on standard secure protocols and token-based authentication.
Updated: 2025-12-11GitHub
85
6
Medium Cost
saadmanrafat icon

uv-mcp

by saadmanrafat

Sec7

Manages Python environments and dependencies using uv, providing diagnostics, repair, and package management capabilities for AI assistants.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher to be installed on the system.
  • ⚠️Requires 'uv' package manager to be installed separately and available in the system's PATH. The server provides instructions but does not install 'uv' itself.
  • ⚠️Requires manual configuration in AI client (Gemini CLI, Claude Desktop/Code) to specify the server command and path.
Review RequiredView Analysis
The server executes `uv` commands via `asyncio.create_subprocess_exec` with arguments passed as a list, which prevents typical shell injection. However, several tools (e.g., `diagnose_environment`, `repair_environment`, `add_dependency`, `remove_dependency`) accept an optional `project_path` argument. If an untrusted AI or user can provide an arbitrary `project_path`, this could lead to unintended file system modifications or data exposure outside the intended project directory. Although `pathlib.Path` resolves `..` components, there's no explicit path validation or sandboxing within the server's code to restrict operations to a predefined safe area (e.g., the user's project directory only, not arbitrary system paths). The reliance on the AI client's constraints for `project_path` poses a potential risk.
Updated: 2025-12-14GitHub
85
84
Medium Cost
matlab icon
Sec7

The MATLAB MCP Core Server enables AI applications to start and quit MATLAB, execute MATLAB code, and assess code for style and correctness.

Setup Requirements

  • ⚠️Requires MATLAB (MathWorks) 2020b or later to be installed and accessible (either on system PATH or specified via `--matlab-root` argument).
  • ⚠️For Claude Desktop integration, requires Node.js and a separate Filesystem Server to be installed and configured.
  • ⚠️The server collects anonymized usage data by default; opt-out is available with `--disable-telemetry=true`.
Review RequiredView Analysis
The server's core functionality involves executing arbitrary MATLAB code provided via API calls (`evaluate_matlab_code`, `run_matlab_file`, `run_matlab_test_file`). This feature, while essential for its purpose, inherently carries significant security implications. The `README.md` explicitly warns users to "thoroughly review and validate all tool calls before you run them" and to "Always keep a human in the loop for important actions." The implementation includes `PathValidator` interfaces, suggesting efforts to restrict file system access to allowed directories for script execution and project paths. Telemetry collection is enabled by default but can be disabled via the `--disable-telemetry=true` argument. Communication with MATLAB sessions uses TLS, indicated by `certificatePEM` and `certificateKey` in the `embeddedconnector`.
Updated: 2025-12-11GitHub
PreviousPage 18 of 636Next