Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(7632)

85
6
Medium Cost
Evan7198 icon
Sec5

A Model Context Protocol (MCP) server that provides a standardized interface to PCILeech for DMA-based memory operations, enabling AI assistants to perform memory debugging through natural language commands.

Setup Requirements

  • ⚠️Requires Windows 10/11 (x64) as PCILeech is Windows-specific.
  • ⚠️Requires specialized PCILeech hardware to be properly configured and working.
  • ⚠️Requires Python 3.10+.
  • ⚠️The PCILeech executable must be present in the `pcileech/` directory.
Review RequiredView Analysis
The server's core functionality involves executing the powerful PCILeech DMA tool via `subprocess.run`. While the Python code sanitizes user-provided `address`, `length`, and `data` (hex conversion) and passes arguments as a list (mitigating basic shell injection), the underlying `pcileech.exe` itself grants direct access to memory. Allowing an AI assistant to control such a powerful tool introduces a significant risk of unauthorized access or system modification if the AI is compromised or misaligned. This tool is designed for authorized hardware debugging and security research; its use outside of these controlled contexts is inherently risky.
Updated: 2025-12-10GitHub
85
6
High Cost
automateyournetwork icon

VibeGraphics

by automateyournetwork

Sec9

Generates theme-driven, AI-powered infographics and micro-animations from GitHub repository content (README, source code).

Setup Requirements

  • ⚠️Requires a Google Gemini API Key (paid service) configured as an environment variable.
  • ⚠️Requires internet access to GitHub and Google AI (Gemini, nano banana, Veo) endpoints.
  • ⚠️Relies on Python 3 and specific libraries (google-genai, fastmcp, requests) which are managed by the provided `run.sh` script and virtual environment setup.
Verified SafeView Analysis
The server securely handles GitHub repository URLs by normalizing them before constructing API requests, mitigating direct arbitrary URL injection. Google Gemini API keys are retrieved from environment variables, avoiding hardcoding. Output files are written to a dedicated, UUID-named directory, reducing file system risks. No 'eval' or direct arbitrary command execution from user input is observed. Risks primarily stem from dependencies (requests, google-genai) or the inherent nature of AI model output (e.g., hallucinations).
Updated: 2025-11-28GitHub
85
260
Medium Cost
ktnyt icon

cclsp

by ktnyt

Sec7

MCP server to integrate LLM-based coding agents with Language Server Protocol (LSP) servers for robust symbol resolution and code navigation.

Setup Requirements

  • ⚠️Requires Node.js 18+ or Bun runtime.
  • ⚠️Language servers for target programming languages must be installed separately (though the interactive setup wizard can assist).
  • ⚠️Claude CLI is recommended for MCP integration, but 'npx @anthropic-ai/claude-code@latest' is used as a fallback if the CLI is not found.
Verified SafeView Analysis
The server spawns external LSP server processes and performs file system modifications based on user-provided configuration. While atomic file operations and validation are in place, the 'command' field in the configuration allows arbitrary command execution. Users must ensure that LSP server commands specified in 'cclsp.json' are from trusted sources to prevent malicious code execution. No direct 'eval' or hardcoded secrets were found, and a SECURITY.md file outlines best practices.
Updated: 2025-11-22GitHub
85
556
High Cost
mark3labs icon
Sec9

Provides secure and controlled access to the local filesystem via the Model Context Protocol (MCP) for AI agents and other applications.

Setup Requirements

  • ⚠️Requires explicit specification of allowed directories at startup for security.
  • ⚠️If not using Docker, requires a Go development environment for installation or compilation.
  • ⚠️When using Docker with host filesystem interaction, proper volume mounting is necessary.
Verified SafeView Analysis
The server implements robust path validation including absolute path resolution, explicit allowed directories, and comprehensive symlink resolution with security checks to prevent directory traversal attacks. All file operations leverage this validation. The 'modify_file' tool uses regex, which could theoretically be vulnerable to ReDoS if patterns are untrusted, but this is mitigated by the overall path restrictions. No hardcoded secrets or arbitrary code execution mechanisms ('eval') were found. The server operates with the privileges of its running user, which is standard for local tools.
Updated: 2025-11-24GitHub
85
8
Low Cost
coseto6125 icon
Sec8

Compares prices for products across multiple Taiwanese e-commerce platforms.

Setup Requirements

  • ⚠️Requires Python 3.13 or newer.
  • ⚠️Requires specific configuration for LLM clients (Claude, Gemini, ChatGPT, Perplexity AI) to integrate the MCP server.
  • ⚠️Installation of `never-primp` and its underlying Rust extensions (`never-jscore`, `regex-rs`) might introduce compilation dependencies on certain systems.
Verified SafeView Analysis
The project relies on web scraping techniques (using `never-primp` for impersonated HTTP requests), which are inherently susceptible to upstream website changes. No critical vulnerabilities like `eval`, hardcoded secrets, or direct command injection patterns were identified in the provided source code. The commented-out `playwright` dependency, if activated, would increase resource usage but isn't a direct security risk.
Updated: 2025-12-08GitHub
85
7
Low Cost
akshayaggarwal99 icon

amp

by akshayaggarwal99

Sec8

Provides a persistent, structured memory (Short-Term, Long-Term, and Graph) for AI agents, mimicking a hippocampus for continuous learning and recall.

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️Requires `uv` or `pip` for installation.
  • ⚠️FastEmbed model (BAAI/bge-small-en-v1.5) is downloaded locally on first run.
  • ⚠️Local LLM features (entity extraction, summarization) require a locally running Ollama server with a compatible model (default: gemma3:4b).
Verified SafeView Analysis
The server primarily operates locally, minimizing external network attack surface. It uses `json.loads` for metadata which, if not carefully handled in subsequent processing, could be a vector for injection. However, `sqlite-utils` parameterizes inputs, reducing direct SQL injection risk. No hardcoded secrets or direct `eval` on untrusted input were observed. The default LLM and embedding models run locally via Ollama and FastEmbed, reducing reliance on third-party APIs for core functionality. Data is stored in a SQLite database in the user's home directory.
Updated: 2025-12-13GitHub
85
291
High Cost
mapbox icon

mcp-server

by mapbox

Sec9

Integrates Mapbox's Model Context Protocol (MCP) server with AI agents, enabling them to access Mapbox's location-based tools for geospatial intelligence.

Setup Requirements

  • ⚠️Requires a valid Mapbox Access Token (free tier available for development, but usage costs may apply for high volumes).
  • ⚠️Requires Node.js 22+ LTS or Docker to run the server locally.
  • ⚠️For rich UI embeds, clients must support the MCP-UI specification (e.g., Goose; Claude Desktop, VS Code, Cursor currently do not).
Verified SafeView Analysis
The server uses `zod` for robust input and output schema validation, reducing the risk of malformed data processing. It explicitly handles `MAPBOX_ACCESS_TOKEN` from environment variables or Bearer auth and performs basic JWT format validation. Network requests are managed through an HTTP pipeline with user-agent, retry, and OpenTelemetry tracing policies. No direct use of `eval` or obfuscation was found. Configuration loading from `.env` uses Node.js's `parseEnv`, and OpenTelemetry headers can be loaded from a JSON string in an environment variable (`OTEL_EXPORTER_OTLP_HEADERS`), which assumes the environment variable source is trusted. Overall, the security posture appears strong for a server of this type.
Updated: 2025-12-11GitHub
84
57
Medium Cost
andrlange icon
Sec6

Provides a comprehensive Model Context Protocol (MCP) server for AI agents to access Spring ecosystem documentation, migration guides, code examples, and project initialization metadata.

Setup Requirements

  • ⚠️Requires a PostgreSQL database for persistent storage.
  • ⚠️Requires active internet access to synchronize data from external Spring.io and GitHub APIs.
  • ⚠️Requires OpenJDK 25 and Spring Boot 4.0.0 for compatibility, which are relatively new versions.
Verified SafeView Analysis
The server demonstrates good practices for input validation, parameterized database queries, and securing external API calls by limiting domains. API key management includes hashing. However, the `SecurityConfig` explicitly disables CSRF (`csrf().disable()`). Given the presence of administrative web controllers (`LoginController`, `UsersController`, `SettingsController`), this creates a significant vulnerability for Cross-Site Request Forgery (CSRF) attacks against logged-in administrators, allowing attackers to potentially execute unintended actions.
Updated: 2025-12-13GitHub
84
293
High Cost
chunkhound icon

chunkhound

by chunkhound

Sec7

ChunkHound transforms codebases into searchable knowledge bases for AI assistants, enabling deep semantic and regex-based code research.

Setup Requirements

  • ⚠️API Keys (Paid Services): Requires API keys for OpenAI, VoyageAI, or Anthropic (for semantic search and deep research), which are typically paid services. Local Ollama is an alternative but requires a local setup.
  • ⚠️uv Package Manager: All Python operations (installation, running, testing) are mandated to use 'uv', which users need to install first.
  • ⚠️DuckDB Single-Threaded Constraint: If using DuckDB, concurrent database access is explicitly warned to cause 'segfault/corruption', requiring careful serialization (handled internally).
  • ⚠️PyMuPDF for PDF: PDF parsing functionality depends on 'PyMuPDF' (fitz module), which may require additional installation for full support.
Verified SafeView Analysis
The project uses `subprocess` extensively to interact with external CLIs (e.g., git, codex, claude). While necessary for its functionality, this introduces a dependency on the security of those external tools and the environment they run in. The application correctly avoids hardcoded API keys by relying on environment variables or config files. The MCP server runs locally (default localhost:7474), mitigating direct external network exposure. Database concurrency issues with DuckDB are noted (segfault/corruption), which impacts data integrity/stability but not direct external attack vectors. Terminal input handling for interactive CLI is implemented carefully, but raw input always carries some risk if not robustly sandboxed. The '100% AI-generated' claim is a unique aspect that requires continuous scrutiny for quality and security.
Updated: 2025-12-13GitHub
84
146
Low Cost
JSONbored icon
Sec9

A community-driven directory and platform for discovering, sharing, and managing Claude AI configurations including agents, MCP servers, rules, commands, and hooks, with integrated tools for content generation, image transformation, and analytics.

Setup Requirements

  • ⚠️Requires Node.js >= 22.0.0 and pnpm >= 10.0.0 for local development.
  • ⚠️Requires Deno for full Edge function type-checking and deployment.
  • ⚠️Requires a Supabase project with configured database, URL, Anon Key, and Service Role Key for full functionality and data storage.
Verified SafeView Analysis
The project demonstrates strong security practices including extensive input validation (Zod, custom sanitization), cryptographic comparison for sensitive secrets (e.g., REVALIDATE_SECRET), structured logging of security events, and adherence to server-only code patterns. It utilizes Supabase RLS and segregates service role keys appropriately. Image processing and package generation include size limits and secure file handling. While some internal Edge function API calls use direct string comparisons for secrets, which is a minor concern for robust systems, it's generally considered acceptable for internal service-to-service communication. Overall, it is robustly secured for its purpose.
Updated: 2025-12-14GitHub
84
5
Medium Cost
olibuijr icon

iceland-news-mcp

by olibuijr

Sec3

An MCP server that fetches and provides structured access to the latest Icelandic news from various RSS sources, integrated with a voice-activated AI assistant for news summaries and search.

Setup Requirements

  • ⚠️Requires multiple services to set up: a Node.js MCP server, a Python Whisper STT service, and a SvelteKit web UI.
  • ⚠️Requires a Google API Key for Gemini Live API, which is a paid service (though a free tier may be available). The key is exposed client-side.
  • ⚠️The Python Whisper STT service is designed for GPU (CUDA) for fast inference; performance will be significantly degraded on CPU.
  • ⚠️The web UI and its API proxy hardcode a specific local IP address (`http://192.168.8.191`) for the Whisper STT service, requiring manual adjustment if the service runs elsewhere.
Review RequiredView Analysis
A critical security flaw exists where the `GOOGLE_API_KEY` is fetched by the client-side SvelteKit app via a server endpoint (`/api/google/api-key`). This directly exposes the API key to the browser, making it vulnerable to interception and misuse. Additionally, the Whisper STT service listens on `0.0.0.0` and enables CORS for all origins (`*`), exposing it widely on the local network without restriction. Hardcoded local IP addresses for the Whisper service within the web UI (`http://192.168.8.191:7000` and `:7050`) make deployment brittle and suggest network configuration assumptions. No `eval` or direct system command injection vulnerabilities were found in the provided server-side code.
Updated: 2025-12-03GitHub
84
112
Medium Cost
AgiFlow icon

aicode-toolkit

by AgiFlow

Sec3

A Model Context Protocol (MCP) proxy server that connects to multiple backend MCP servers, loading tools on-demand for progressive tool discovery and significantly reducing initial LLM token usage for AI agents.

Setup Requirements

  • ⚠️Requires Node.js runtime (v12+ recommended, v18+ for latest pnpm)
  • ⚠️Requires a local configuration file (`mcp-config.yaml` or `.json`) to define all connected MCP servers and their capabilities.
  • ⚠️Security relies entirely on the trustworthiness of the `mcp-config.yaml` configuration and its source, as it enables arbitrary command execution and network connections to specified endpoints.
Review RequiredView Analysis
The server's core functionality allows executing arbitrary local commands via `command` and `args` fields in its configuration (`mcp-config.yaml`), and connecting to arbitrary remote URLs. If this configuration file or its parameters can be manipulated by an untrusted AI agent or external input, it poses a severe remote code execution (RCE) risk on the host system. The 'Skills' feature loads markdown files from specified paths, which relies on trusted content to prevent injection.
Updated: 2025-12-12GitHub
PreviousPage 19 of 636Next