Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

81
2
Medium Cost

continue-snyk-mcp

by chipper-teapot

Sec9

Integrates Snyk security scanning and automated vulnerability patching into the Continue AI coding assistant workflow.

Setup Requirements

  • ⚠️Requires Snyk CLI to be installed globally.
  • ⚠️Requires Snyk CLI to be authenticated (`snyk auth`) with a Snyk account.
  • ⚠️Requires a Continue-compatible LLM to be configured and running (e.g., OpenAI API Key, local Ollama).
Verified SafeView Analysis
The MCP server acts as a local bridge to the Snyk CLI. Security relies on the trustworthiness of the Snyk CLI and the user's understanding of its data transmission policies (e.g., source code analysis sent to Snyk's cloud). The setup is transparent and does not introduce additional inherent vulnerabilities beyond the intended use of Snyk.
Updated: 2025-11-17GitHub
81
632
High Cost
rusiaaman icon

wcgw

by rusiaaman

Sec4

Empowering chat applications to code, build, and run on your local machine by providing tightly integrated shell and code editing tools.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid) or Anthropic API Key (Paid)
  • ⚠️Requires `uv` for easy installation (manual installation needed if not globally available)
  • ⚠️Requires `screen` for multiplex terminal features (optional, but used by default for better experience)
  • ⚠️Requires Python 3.11+
Review RequiredView Analysis
The server's core functionality, the 'BashCommand' tool, executes arbitrary shell commands directly via `pexpect.spawn`. While the project explicitly warns users ('do not allow BashCommand tool without reviewing the command'), implements `assert_single_statement` to prevent simple multi-statement injections, and includes file protection mechanisms (e.g., requiring a read before edit, tracking read ranges and file hashes), it still represents a significant security risk. If an attacker or an uncontrolled LLM gains access, they could execute malicious commands, leading to data loss, unauthorized access, or system compromise. The provided 'modes' (e.g., 'architect' for read-only) offer some mitigation, but the 'wcgw' mode has no restrictions.
Updated: 2026-01-16GitHub
81
2
Medium Cost
Aman-CERP icon

amanmcp

by Aman-CERP

Sec9

High-performance local text embedding for codebases using MLX on Apple Silicon, serving as a component within the AmanMCP local RAG system.

Setup Requirements

  • ⚠️Requires macOS with Apple Silicon (M1/M2/M3/M4) CPU architecture.
  • ⚠️Requires Python 3.9+ runtime environment.
  • ⚠️Needs approximately 5GB of free disk space for the 8B model.
  • ⚠️Performs a large model download (~4.5GB for 8B model) on the first run.
Verified SafeView Analysis
The server's core functionality is local processing of code for embeddings. Models are downloaded from HuggingFace (a generally trusted source for ML models) and stored locally. The server binds to 0.0.0.0 by default, making it accessible from the local network, but it's intended for local use. Logging is well-structured, with health checks excluded from file logs to reduce noise. No explicit 'eval' or directly malicious patterns are observed in the provided code snippets. Overall, it adheres to a privacy-first, local-only philosophy.
Updated: 2026-01-17GitHub
81
136
Medium Cost
Agentic-Web-Interfaces icon

concierge

by Agentic-Web-Interfaces

Sec6

A framework for building and serving agentic workflows, enabling autonomous agents to interact with application services through structured stages and tasks.

Setup Requirements

  • ⚠️Requires Python 3.9+
Verified SafeView Analysis
The server uses FastAPI and a custom `LanguageEngine` to process incoming JSON requests from agents. User-provided arguments for task execution (`args` in `method_call`) are passed directly as `**kwargs` to the underlying Python task functions. While Pydantic schemas are generated for LLM prompting, there is no explicit runtime validation within the framework's execution path to ensure these `args` strictly conform to the task's schema before execution. This means the security and input validation are primarily reliant on the individual task implementations and Python's native argument handling. For the provided simple demo tasks, this does not pose an immediate threat. However, for custom tasks, developers must implement robust input validation to prevent potential vulnerabilities if unexpected or malicious data is passed.
Updated: 2026-01-17GitHub
81
2
Low Cost
copyleftdev icon

toon-mcp

by copyleftdev

Sec9

Provides TOON format encoding/decoding as an MCP or HTTP server for LLM token cost optimization.

Setup Requirements

  • ⚠️Building from source requires the Rust toolchain (cargo).
  • ⚠️Running in HTTP mode requires building with `--features http` (default build is for MCP mode).
  • ⚠️Integrating with specific LLM clients (Claude Desktop/CLI, Cursor IDE) requires manual client-side JSON configuration.
Verified SafeView Analysis
The server demonstrates good security practices: no 'eval' or obfuscation found, uses 'thiserror' for structured error handling preventing raw internal errors from leaking, and handles environment variables for configuration. The HTTP mode's permissive CORS (`allow_origin(Any)`) is a configuration choice for its exposed API, not a direct vulnerability in the server's core logic. The MCP mode uses standard input/output for communication, which is secure for local process interaction.
Updated: 2026-01-17GitHub
81
2
Medium Cost
muness icon
Sec8

Allows AI assistants to query Amazon order history by wrapping the amazon-orders Python library.

Setup Requirements

  • ⚠️Requires Amazon login credentials (email and password, potentially a 2FA OTP code or secret key).
  • ⚠️Relies on web scraping Amazon.com, which is unofficial, may break if Amazon changes its site structure, and could lead to Amazon account flagging or suspension.
  • ⚠️Only supports the English Amazon.com site.
Verified SafeView Analysis
The server uses environment variables (or .env file) for Amazon credentials, which is good practice. It explicitly loads environment variables using python-dotenv. No 'eval' or obvious malicious code patterns were found. The primary security risk comes from the underlying `amazon-orders` library which performs web scraping, meaning Amazon may detect and block activity, potentially leading to account issues. Debug output for login failures can include full tracebacks, which might expose internal server details if not handled carefully by the consuming AI, though it does not appear to expose credentials.
Updated: 2025-12-12GitHub
81
2
Medium Cost
polymons icon
Sec7

Transparent security proxy for LLM tool interactions, employing ensemble anomaly detection to classify requests as benign or malicious.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose for orchestration of multiple services.
  • ⚠️Optimal performance for the local LLM service requires an NVIDIA GPU with appropriate drivers (configurable via `LLM_N_GPU_LAYERS`).
  • ⚠️Cloud LLM service (OpenAI/Gemini) requires a paid API key (`CLOUD_OPENAI_API_KEY` or `CLOUD_GOOGLE_API_KEY`) if selected as the LLM backend.
  • ⚠️Pre-trained models for the detectors (`.pt` files) are expected or must be generated via the `research/tools/train_models.py` script, which can be computationally intensive.
Verified SafeView Analysis
The MCP Bridge (security proxy) component implements robust security features, including an ensemble of rule-based, statistical, and semantic detectors, network isolation for tools (mcp-secure internal network), and fail-safe blocking. However, the underlying MCP tool servers (filesystem, sqlite, time, fetch, memory) are intentionally designed to be vulnerable to common attacks (e.g., SQL injection via direct `cursor.execute`, command injection via timezone parameter, path traversal when `SAFE_MODE=false`), as this is a research project testing the proxy's detection capabilities. A bypass of the proxy would expose these severe vulnerabilities. The `is_safe_to_run` assumes the system is run with the proxy actively protecting these intentionally vulnerable tools.
Updated: 2025-12-13GitHub
81
2
Medium Cost
andres-m-rodriguez icon

Grigori

by andres-m-rodriguez

Sec6

Grigori provides semantic code search, persistent memory, and codebase intelligence for AI assistants, enhancing their contextual awareness of .NET projects.

Setup Requirements

  • ⚠️Requires .NET 10 SDK to run from source.
  • ⚠️The Docker 'slim' image downloads a ~400MB embedding model on first run.
  • ⚠️The full dashboard and 'consciousness daemon' UI is currently Windows-only (WPF-based tray application).
  • ⚠️May require a paid VoyageAI API Key if configured to use `voyage-code-3` for embeddings instead of local ONNX.
Review RequiredView Analysis
The example `src/Grigori.Mcp/appsettings.json` contains a hardcoded `Anthropic.ApiKey` (though it uses VoyageAI). This is a critical security risk as API keys should never be hardcoded, even in examples. While the main `appsettings.json` has it blank, its presence in an example highlights a potential misuse. The application can run an HTTP server for API and dashboard (`--server`, `--mcp-http`, Docker), which implies potential for unencrypted communication if not explicitly configured with HTTPS in production. The local tray application's auto-start and directory watching features require appropriate user permissions.
Updated: 2026-01-19GitHub
81
2
Low Cost
kawsarlog icon

awesome-mcp-api

by kawsarlog

Sec10

A curated directory of Model Context Protocol (MCP) APIs designed to be integrated into AI agents, LLM workflows, and automation frameworks.

Verified SafeView Analysis
The provided 'source code' consists solely of the README.md for the 'awesome-mcp-api' repository, which serves as a directory of external Apify Actors/MCP servers. The repository itself contains no executable code to audit for security vulnerabilities like 'eval', obfuscation, or hardcoded secrets. Therefore, it is inherently safe to view. However, the security of the *individual MCP servers* listed in the README is not assessable here and would depend on their respective implementations, which are not provided.
Updated: 2025-12-10GitHub
81
3682
High Cost
Pimzino icon
Sec8

Facilitates structured, specification-driven software development by providing a workflow engine, real-time dashboards, and tools for task management, approvals, and detailed implementation logging, integrated with AI agents and VSCode.

Setup Requirements

  • ⚠️The real-time web dashboard must be started as a separate, independent process before any MCP servers connect to it.
  • ⚠️Requires a specific project root path as a mandatory argument for the MCP server instance.
  • ⚠️In sandboxed or Docker environments, path translation environment variables (`SPEC_WORKFLOW_HOST_PATH_PREFIX`, `SPEC_WORKFLOW_CONTAINER_PATH_PREFIX`) may be necessary for correct file access within the project context.
Verified SafeView Analysis
The dashboard uses `dangerouslySetInnerHTML` for rendering markdown and mermaid diagrams; however, user-supplied comment annotations are HTML-escaped. Mermaid diagrams are rendered with `securityLevel: 'loose'`, which offers more features but requires caution with untrusted content in a browser context. Network binding for the dashboard defaults to local access, requiring explicit opt-in for external access (`SPEC_WORKFLOW_ALLOW_EXTERNAL_ACCESS=true`), which is a good security practice. There are no obvious instances of `eval`, obfuscation, or hardcoded secrets.
Updated: 2025-12-20GitHub
81
136
Medium Cost
concierge-hq icon

uaip

by concierge-hq

Sec7

A demo server for the Universal Agent Interactive Protocol (UAIP), showcasing a minimal e-commerce checkout workflow designed for interaction with autonomous agents.

Setup Requirements

  • ⚠️Requires Python 3.9+.
Verified SafeView Analysis
The server uses `uvicorn` and binds to `0.0.0.0` by default, which means it listens on all available network interfaces. For local development, this is acceptable, but in a production environment, it could expose the service more widely than intended if not properly secured (e.g., behind a firewall or reverse proxy). Additionally, CORS is configured to allow all origins (`allow_origins=["*"]`), which is typical for demo purposes but is a significant security risk for production deployments. Input validation for task arguments is handled through Pydantic schemas, which helps mitigate common injection vulnerabilities. No direct `eval` or `exec` on arbitrary user input was identified.
Updated: 2026-01-17GitHub
81
2
Low Cost
charIesding icon

mcp-servers

by charIesding

Sec8

A foundational Python project providing basic components and utilities for building modular server-like applications.

Setup Requirements

  • ⚠️The `requirements.txt` file is not provided, though the current code primarily uses standard Python libraries, so immediate dependencies might be minimal.
  • ⚠️The `mcp_servers/main.py` file exhibits extensive code duplication across many utility functions (e.g., `measure_time`, `format_output`, `get_version`, `load_json`, `chunk_list`, `retry`, `safe_process`, `process_batch`, `setup_logging`). This suggests potential issues in code organization and maintainability.
Verified SafeView Analysis
The `Server.handle` method allows calling registered handlers based on an incoming method string. While the provided code does not register inherently dangerous handlers or expose this functionality to unauthenticated external input, improper implementation using this base class could introduce vulnerabilities (e.g., arbitrary code execution if arbitrary functions are registered and callable via client input). There are no direct uses of `eval` or `exec`, and no obvious hardcoded secrets. `json.load` is used, which is generally safe unless combined with unvalidated file paths that could lead to information disclosure through directory traversal.
Updated: 2026-01-17GitHub
PreviousPage 23 of 760Next