Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(7632)

82
246
High Cost
andrea9293 icon
Sec9

A local-first MCP server for document management, semantic search, and AI-powered document intelligence.

Setup Requirements

  • ⚠️Requires a Google Gemini API Key for AI-powered search (Gemini API usage is a paid service).
  • ⚠️Initial download of embedding models (hundreds of MB) occurs on first use, causing a delay and requiring disk space.
  • ⚠️Node.js version 22.0.0 or higher is recommended for full compatibility.
Verified SafeView Analysis
The server operates locally via stdio transport by default, minimizing external network exposure. It requires `GEMINI_API_KEY` for AI features, which should be handled as a sensitive environment variable. PDF processing utilizes `unpdf` for safe text extraction, mitigating known vulnerabilities. File operations are restricted to designated data and uploads directories, reducing path traversal risks. No explicit use of `eval` or other highly dangerous patterns was identified.
Updated: 2025-12-02GitHub
82
527
High Cost
neondatabase icon

mcp-server-neon

by neondatabase

Sec6

MCP server enabling natural language interaction and management of Neon Postgres databases.

Setup Requirements

  • ⚠️Requires ANTHROPIC_API_KEY (for `mcp-client-cli` usage)
  • ⚠️Requires NEON_API_KEY (for local server operation and API key authentication for remote server)
  • ⚠️Requires Node.js >= v18.0.0
Review RequiredView Analysis
The server implements a full OAuth 2.0 flow and directly executes dynamically generated SQL statements (e.g., `run_sql`, `prepare_database_migration`). While it uses environment variables for secrets and incorporates Sentry for error tracking, the project's README explicitly warns against using it in production environments due to the powerful, LLM-driven database management capabilities that could lead to accidental or unauthorized changes. The dynamic SQL execution, even with temporary branches, introduces inherent risks if LLM inputs are not thoroughly validated or contained. `JSON.parse` is used for parsing tool outputs and plan details, which is generally safe but could be a vector if the source of the JSON can be controlled by a malicious actor.
Updated: 2025-12-12GitHub
82
359
High Cost
SylphxAI icon

pdf-reader-mcp

by SylphxAI

Sec4

Extracts text, images, and metadata from PDF files for AI agent consumption, supporting local files and URLs with parallel processing and content ordering.

Setup Requirements

  • ⚠️Requires Bun runtime (version 2.0.0+ breaking change).
  • ⚠️PDF file size limit of 100MB. Larger PDFs will fail.
  • ⚠️Enables AI agent to request any local file by absolute path or any remote URL, necessitating a highly sandboxed execution environment to mitigate data exfiltration and SSRF risks.
Review RequiredView Analysis
The server allows reading PDF files from arbitrary local absolute paths and fetching PDFs from arbitrary URLs. This presents a significant security risk, as an AI agent could be prompted to perform local file exfiltration (e.g., `/etc/passwd`, `C:\Windows\System32\config.txt`) or Server-Side Request Forgery (SSRF) attacks. While there's a file size limit (100MB) and robust error handling, these capabilities inherently require the server to be run in a highly sandboxed and restricted environment to prevent malicious use. No obvious `eval` or direct `child_process.exec` (beyond its own invocation) or hardcoded secrets were found. Code quality is high (strict TypeScript, linting).
Updated: 2025-12-08GitHub
82
367
Low Cost
Softeria icon
Sec9

An MCP server for interacting with Microsoft 365 and Office services through the Graph API, enabling AI agents to manage emails, calendars, files, and more.

Setup Requirements

  • ⚠️Requires Node.js >= 20 (recommended).
  • ⚠️Initial Microsoft account authentication is required via interactive device code flow, or OAuth 2.0 authorization code flow, or by providing a pre-existing OAuth token.
  • ⚠️Accessing organization/work features (Teams, SharePoint, Shared Mailboxes) requires starting the server with the '--org-mode' flag.
Verified SafeView Analysis
The server uses standard and well-regarded libraries for authentication (@azure/msal-node) and web server functionality (Express.js). Sensitive credentials (client ID, client secret, tenant ID) are configured via environment variables. Token caching uses 'keytar' for secure OS credential storage, with a file-based fallback if 'keytar' is unavailable, which is less secure but documented. Input parameters for Graph API calls are validated using Zod schemas. There are no detected uses of 'eval' or direct execution of user-controlled commands via 'child_process' outside of test scripts. OAuth flows are implemented following standard specifications, and network requests are made to legitimate Microsoft endpoints. Pagination for list operations is capped at 100 pages, preventing excessive resource consumption.
Updated: 2025-12-13GitHub
82
311
Medium Cost
hustcc icon

mcp-mermaid

by hustcc

Sec8

Generate Mermaid diagrams and charts dynamically using AI models, supporting various output formats and styling options.

Setup Requirements

  • ⚠️Requires Playwright Chromium browser to be installed (automatically handled by `postinstall` script, but can be a large dependency).
  • ⚠️Requires Node.js (v18 or newer recommended based on build targets).
  • ⚠️If using SSE or Streamable transport, specific network ports (e.g., 3033, 1122) must be available.
Verified SafeView Analysis
The server uses `mermaid-isomorphic` with Playwright for rendering, which involves launching a headless browser. While `mermaid-isomorphic` is expected to sandbox rendering, potential vulnerabilities could exist if malicious Mermaid syntax can bypass its protections. The file output option writes to `process.cwd()` with a unique filename, reducing direct arbitrary file write risks. CORS is enabled with a wildcard origin for HTTP streamable transport, which is acceptable for a public API but should be considered in specific deployment contexts.
Updated: 2025-11-20GitHub
82
349
Medium Cost
redis icon

mcp-redis

by redis

Sec9

Provides a natural language interface for AI agents to efficiently manage, search, and interact with structured and unstructured data in Redis.

Setup Requirements

  • ⚠️Requires a running Redis server instance.
  • ⚠️Requires Python 3.10 or newer.
  • ⚠️Azure EntraID authentication (if enabled) requires the `redis-entraid` Python package (install with `pip install redis-entraid`).
Verified SafeView Analysis
The server primarily uses environment variables for sensitive configurations like Redis credentials and EntraID authentication details, reducing the risk of hardcoded secrets. It exposes direct Redis commands as MCP tools; while Redis commands themselves can be powerful, the server does not appear to directly execute arbitrary user-provided code (e.g., no 'eval'). Input parsing, like in 'json_set', is handled safely. The 'search_redis_documents' tool performs an HTTP request to a configurable URL, which could be a risk if the URL is misconfigured by the user, but this is an external dependency rather than an inherent vulnerability in the server's core logic. The code appears well-structured and does not contain obvious malicious patterns or obfuscation.
Updated: 2025-11-26GitHub
81
2
Low Cost
savethepolarbears icon

jules-mcp-server

by savethepolarbears

Sec9

An MCP server that enables AI assistants to create, schedule, and manage autonomous coding tasks with Google Jules, bridging its stateless API with local stateful scheduling.

Setup Requirements

  • ⚠️Requires Node.js 18.0.0 or higher.
  • ⚠️Requires a Google Jules API Key, which must be generated externally at jules.google/settings.
  • ⚠️GitHub repositories must be connected to Google Jules via the Jules web UI (jules.google) *before* using this server.
  • ⚠️When configuring in Claude Desktop or similar MCP clients, an *absolute path* to the `dist/index.js` file is required, which is a common source of setup error.
Verified SafeView Analysis
The server demonstrates a strong commitment to security with a 'defense-in-depth' strategy documented in `SECURITY.md`. It correctly handles sensitive information like `JULES_API_KEY` via environment variables. It implements input validation with Zod and enforces a configurable repository allowlist (`JULES_ALLOWED_REPOS`) to prevent unauthorized access. The architecture and code show no signs of 'eval', obfuscation, or malicious patterns. The primary network risk is to the external Google Jules API. The local stdio transport is inherently low risk.
Updated: 2025-12-10GitHub
81
2
Medium Cost
timothywarner-org icon

copilot-memory-store

by timothywarner-org

Sec8

Provides a local JSON memory store for context engineering to enhance GitHub Copilot and other Model Context Protocol (MCP) clients.

Setup Requirements

  • ⚠️Requires DEEPSEEK_API_KEY for LLM-assisted compression (DeepSeek is a paid service).
  • ⚠️Default memory file (project-memory.json) contains demo data, which may need to be deleted or MEMORY_PATH reconfigured for a fresh start.
Verified SafeView Analysis
The MCP server primarily uses stdio for communication, significantly reducing network attack surface. Data is stored locally as plaintext JSON, relying on OS file permissions for access control, and is not encrypted at rest. Optional LLM-assisted compression sends data to the DeepSeek API, requiring an API key via environment variable. The `SECURITY.md` explicitly warns against storing sensitive information in memories, aligning with the local plaintext storage model. No 'eval' or obvious malicious code patterns were found, and input validation with Zod is used for MCP tools.
Updated: 2025-12-14GitHub
81
769
Medium Cost
ArcadeAI icon

arcade-mcp

by ArcadeAI

Sec9

Provides a framework and collection of toolkits for building, deploying, and managing AI-powered tools capable of interacting with various external services, databases, and performing computations.

Setup Requirements

  • ⚠️Most toolkits require external API keys (e.g., Bright Data, Zendesk, LinkedIn) or database connection strings (ClickHouse, MongoDB, PostgreSQL) configured as environment variables or secrets.
  • ⚠️Full functionality for authentication-required tools (e.g., Reddit, LinkedIn, Zendesk) or remote secret management typically requires authenticating with an Arcade platform instance via 'arcade login'.
  • ⚠️Database toolkits require a running instance of the respective database (ClickHouse, MongoDB, PostgreSQL) accessible from the server environment.
Verified SafeView Analysis
The framework demonstrates strong security practices including explicit blocking of dangerous database operations (e.g., no INSERT/UPDATE/DELETE in ClickHouse/Postgres, blocking '$where' operator in MongoDB), mandatory secret/authorization requirements for sensitive tools, and a structured approach to prevent arbitrary code execution. Network requests leverage standard, secure HTTP libraries with proper authentication token handling. Resource server authentication also uses robust OAuth2/JWT validation. No apparent direct 'eval' or malicious code injection vectors for user input were found.
Updated: 2025-12-14GitHub
81
2
High Cost
neverinfamous icon

mysql-mcp

by neverinfamous

Sec8

Enables AI assistants to interact with MySQL databases through the Model Context Protocol.

Setup Requirements

  • ⚠️Requires Node.js 18+ and MySQL 5.7+ or 8.0+ server.
  • ⚠️Tool filtering is recommended (e.g., `--tool-filter`) to stay within AI IDE token limits due to 106 available tools.
  • ⚠️For 'shell' tools (e.g., dump/load), MySQL Shell (mysqlsh) binary must be installed and accessible via `MYSQLSH_PATH` environment variable.
  • ⚠️OAuth 2.0 integration requires external Authorization Server configuration (JWKS URI, Issuer, Audience).
  • ⚠️Separate environment variables are needed for ProxySQL and MySQL Router tools to connect to those services.
Verified SafeView Analysis
The server implements strong security measures including SQL injection prevention via parameterized queries, OAuth 2.0 authentication and authorization, and sensitive data redaction in logs. Docker images are built with non-root users and automated scanning. The `mysqlsh_run_script` tool allows arbitrary code execution (JS, Python, SQL) and requires 'admin' scope, posing a significant risk if this scope is not tightly controlled. Some tool-specific connection configurations (e.g., for ProxySQL, MySQL Router) use hardcoded default credentials if environment variables are not provided, which could be a risk if not overridden in production.
Updated: 2025-12-14GitHub
81
355
Medium Cost
utensils icon

mcp-nixos

by utensils

Sec3

Provides accurate, real-time information about NixOS packages, configuration options, Home Manager settings, nix-darwin configurations, and package version history to AI assistants, preventing hallucinations.

Setup Requirements

  • ⚠️Requires Python 3.11+
  • ⚠️Users of Nix/NixOS might encounter Nix sandbox errors and need to run with `--option sandbox relaxed` or set `sandbox = relaxed` in `nix.conf`.
Review RequiredView Analysis
CRITICAL: The `NIXOS_AUTH` tuple containing username and password (`"aWVSALXpZv", "X8gPHnzL52wFEekuxsfQ9cSh"`) is hardcoded directly in `mcp_nixos/server.py`. While these credentials appear to be for a public Elasticsearch backend (`search.nixos.org`) and are likely read-only, hardcoding any credentials is a severe security vulnerability as it exposes them to anyone with access to the source code, preventing secure rotation and management. The server makes HTTP requests to various external services, including `search.nixos.org`, `nix-community.github.io`, `nix-darwin.github.io`, and `nixhub.io`. Relying on external, potentially untrusted HTML content for parsing (using BeautifulSoup) can introduce risks if the parsing logic is not robust against malformed or malicious data, though BeautifulSoup is generally resilient. User inputs are embedded in Elasticsearch queries (e.g., `wildcard` queries) which, while generally safer when built via dictionaries, could theoretically be resource-intensive or expose edge cases if not rigorously validated. No `eval` or similar dangerous execution patterns were found.
Updated: 2025-12-03GitHub
81
2
Medium Cost
krzyzanowskim icon

XcodeDocsMCP

by krzyzanowskim

Sec9

Serves as an MCP server for querying Apple developer documentation and SDK symbols directly from a local Xcode installation.

Setup Requirements

  • ⚠️Requires macOS 14.0+
  • ⚠️Requires Xcode with command line tools installed
  • ⚠️Requires Swift 6.0+
Verified SafeView Analysis
The server primarily relies on executing standard macOS command-line tools (mdfind, grep, xcrun swift-symbolgraph-extract) using Swift's Process API. This method safely separates arguments and mitigates shell injection risks. It operates locally via stdin/stdout, posing no direct network security risks. File system access is restricted to standard Xcode/SDK paths and secure temporary directories. The primary consideration is potential resource exhaustion from overly broad or complex queries to system tools, which is inherent to the tool's functionality and not a security vulnerability.
Updated: 2025-12-01GitHub
PreviousPage 21 of 636Next