Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(7632)

74
12
Medium Cost
iceener icon
Sec9

This MCP server is designed for location-aware AI agents running on mobile devices to search places, get details, and plan routes using Google Maps Platform APIs.

Setup Requirements

  • ⚠️Requires a Google Maps Platform API Key (Places API (New) and Routes API must be enabled, which are paid services).
  • ⚠️Requires a `BEARER_TOKEN` secret to be generated and configured for client authentication (unless authentication is explicitly disabled).
  • ⚠️Cloudflare Worker deployment requires a Cloudflare account, `wrangler` CLI, a KV namespace, and setting secrets via `wrangler secret put`.
Verified SafeView Analysis
The server implements robust security practices, including explicit use of environment variables/secrets for API keys and bearer tokens, input validation via Zod schemas, and proper CORS configuration. It features a security middleware that validates origin and MCP protocol version, and a logger with sensitive data redaction. AES-256-GCM encryption is available for KV storage in Cloudflare Workers. While origin validation for production includes a placeholder that defaults to `true` (requiring explicit configuration by the user), the overall code design prioritizes security.
Updated: 2025-12-09GitHub
74
191
Low Cost
hyprmcp icon

jetski

by hyprmcp

Sec8

An open-source analytics and authentication platform for Model Context Protocol (MCP) servers, providing visibility into prompt usage, client activity, and authentication without requiring code changes to the MCP server.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose for local database and identity provider (Dex).
  • ⚠️Requires `mise` (or equivalent tool manager) and `pnpm` for development environment setup.
  • ⚠️Requires modifying the host file (`/etc/hosts`) to resolve `host.minikube.internal` for local Dex setup.
  • ⚠️Kubernetes (Minikube) is recommended for local orchestration of the MCP Gateway.
Verified SafeView Analysis
The project uses standard security practices for web applications, including OAuth2/OIDC for authentication (Dex), Sentry for error tracking, and secure environment variable handling. Static user passwords in `docker-compose.yaml` are bcrypt hashed, which is an improvement over plain text, but their presence in a configuration file, even for development, is noted. The system handles potentially sensitive data (user prompts and authentication details) but appears to do so with appropriate backend and frontend security layers.
Updated: 2025-12-13GitHub
74
2674
Low Cost
opensolon icon

solon

by opensolon

Sec6

A Java enterprise application development framework designed for high-performance microservices, offering robust web API capabilities, AI integration (including an MCP server implementation), scheduling, and various data and cloud features.

Setup Requirements

  • ⚠️Requires proper Java Development Kit (JDK) 8 to 25 environment.
  • ⚠️HTTPS functionality necessitates a `.jks` or `.pfx` keystore file and its password (`server.ssl.keyStore`, `server.ssl.keyPassword`).
  • ⚠️Utilizes AOT (Ahead-Of-Time) compilation and GraalVM native image, which may require specific build tools and configurations for optimal deployment.
  • ⚠️Dynamic code execution features (e.g., SnEL expressions, FaaS via Luffy) can introduce severe security risks if not carefully sandboxed and shielded from untrusted user input.
Review RequiredView Analysis
The framework includes dynamic code execution capabilities (e.g., `solon-expression`, `solon-faas-luffy`) which, while powerful, require careful handling to prevent injection vulnerabilities if user-controlled input is not properly sanitized. Demo configuration files contain placeholder secrets like `server.ssl.keyPassword: "demo"` and encrypted properties with default values, which should be replaced with strong, securely managed credentials in production environments. The `HttpSslSupplierAny` option for HTTP clients can bypass SSL certificate validation, posing a risk if used in production.
Updated: 2025-12-14GitHub
74
306
Low Cost
1mcp-app icon

agent

by 1mcp-app

Sec9

Manages and proxies Model Context Protocol (MCP) servers, enabling discovery, installation, configuration, and secure interaction for various desktop applications and clients.

Setup Requirements

  • ⚠️Requires Node.js and pnpm to run.
  • ⚠️Windows and Linux support for automatic app configuration paths (`app consolidate` feature) is explicitly marked as 'untested' and experimental.
  • ⚠️OAuth setup requires additional client registration and consent flow if authentication is enabled.
Verified SafeView Analysis
The server demonstrates strong security awareness through its use of secure HTTP server practices (Express.js, CORS, robust error handling), comprehensive custom security middleware (rate limiting, input sanitization, suspicious pattern detection, randomized delays for sensitive operations), and a well-implemented OAuth authentication system with file-based storage and path validation. The reliance on `npx` for executing child processes delegates some runtime security to the Node.js/npm ecosystem. No apparent hardcoded production secrets were found; sensitive data in logs/URLs is sanitized. File operations include locking mechanisms and path sanitization to prevent common vulnerabilities like directory traversal. Overall, a high level of attention to security has been applied.
Updated: 2025-12-14GitHub
73
207
High Cost
Muvon icon

octocode

by Muvon

Sec8

Octocode is an intelligent code indexer, semantic search engine, and knowledge graph builder that provides AI-powered assistance for developers.

Setup Requirements

  • ⚠️Requires Voyage AI API Key (free tier available, but registration required for embeddings)
  • ⚠️Requires OpenRouter API Key for AI features (optional, registration required for LLM capabilities)
  • ⚠️Requires Rust toolchain (1.70+)
  • ⚠️Local-first embedding models (FastEmbed, SentenceTransformer) are only fully offline on macOS; other platforms or cloud models require internet access.
  • ⚠️Indexing requires a Git repository or `--no-git` flag to be specified.
Verified SafeView Analysis
The system follows good practices for API key management (environment variables). The Model Context Protocol (MCP) server runs locally, limiting external exposure. However, AI-powered features for descriptions, relationships, commits, and reviews may send code snippets or metadata to external LLM providers (Voyage AI, OpenRouter), which is a data privacy/egress consideration. Local-first embedding options (FastEmbed, SentenceTransformer) are available, but only fully offline on macOS.
Updated: 2025-11-29GitHub
73
124
Medium Cost
call518 icon
Sec9

This MCP server provides comprehensive PostgreSQL database operations, monitoring, and management through natural language queries.

Setup Requirements

  • ⚠️Requires a running PostgreSQL instance (12+ recommended for full feature set).
  • ⚠️Full functionality (e.g., slow query analysis, function statistics) depends on PostgreSQL extensions (pg_stat_statements, pg_stat_monitor) and configuration settings (track_functions, track_io_timing).
  • ⚠️Requires Python 3.12 or higher.
Verified SafeView Analysis
The server design emphasizes security: all operations are read-only, preventing data modification. It utilizes parameterized queries (asyncpg.fetch) to mitigate SQL injection risks. Sensitive information like database passwords are retrieved from environment variables and masked in logs/outputs. Authentication for HTTP transport is supported via Bearer tokens, with warnings issued if disabled in production contexts. Version-aware queries are implemented securely. Minor risk remains in complex database interaction logic, but overall robust.
Updated: 2025-11-24GitHub
73
52
Medium Cost
notch-ai icon

autosteer

by notch-ai

Sec8

An AI-powered desktop application (AutoSteer) designed to assist developers with coding, project management, and integrating various development tools. It provides a conversational interface with AI agents, manages projects as Git worktrees, offers an integrated terminal, Git changes viewer, and advanced tab management for session isolation and persistence. It also integrates with Multi-Cloud Platform (MCP) servers for extended functionality.

Setup Requirements

  • ⚠️Requires Python runtime and the Claude Agent SDK to be installed for local AI capabilities and MCP server integration.
  • ⚠️Project creation necessitates a valid GitHub repository URL and branch.
  • ⚠️Integrated with various IDEs (e.g., VS Code, Cursor, WebStorm), which users may need to install separately.
  • ⚠️MCP Server integration may require additional setup and OAuth authentication specific to those servers.
Verified SafeView Analysis
The application leverages Electron's secure IPC mechanisms and `shell.openExternal` for user-provided URLs, mitigating common webview injection risks. It utilizes standard and well-understood external processes for core functionalities like Git operations (`simple-git`, `child_process.exec/spawn`), Python runtime (`child_process.spawn` for MCP and SDK checks), and terminal emulation (`node-pty`). The codebase shows a conscientious approach to isolating and sanitizing inputs, and explicitly redacting sensitive information in logs via `safeHandlerWrapper`. No direct `eval` or blatant obfuscation was detected. While any tool executing external commands carries inherent risk, the codebase appears to handle these aspects reasonably.
Updated: 2025-11-26GitHub
73
40
Low Cost
rohitsoni007 icon

mcp-gearbox

by rohitsoni007

Sec7

A cross-platform desktop application for managing Model Context Protocol (MCP) servers across various AI agents.

Setup Requirements

  • ⚠️Requires `uv` (Python package manager) or Python 3.11+ for `mcp-cli` installation.
  • ⚠️Requires Git for `mcp-cli` installation from source (GitHub repositories).
  • ⚠️Initially attempts to auto-install `mcp-cli` on first run; manual intervention might be needed if dependencies (Python, uv) are not met.
Verified SafeView Analysis
The application follows good security practices for an Electron app, including `nodeIntegration: false` and `contextIsolation: true` in the main process, and exposing a controlled API via `contextBridge.exposeInMainWorld`. Interactions with the `mcp-gearbox-cli` are proxied through a main process service (`ElectronMcpService`) using `ipcMain.handle`, limiting direct shell access from the renderer. User-provided inputs (like server names, agent names, project location) are passed as distinct arguments to the underlying CLI commands. The main security assumption lies in the `mcp-gearbox` (npm package) library and the `mcp-gearbox-cli`'s robust handling and sanitization of these arguments to prevent shell injection or other vulnerabilities. Without the source code for the `mcp-gearbox` library itself, a full audit of the CLI interaction security cannot be completed, but the application's wrapper adheres to secure design patterns.
Updated: 2025-11-20GitHub
72
424
High Cost
ggozad icon

haiku.rag

by ggozad

Sec9

Agentic RAG system for document management, semantic search, question answering, and multi-agent research, designed to be exposed as tools for AI assistants (e.g., Claude Desktop).

Setup Requirements

  • ⚠️Requires Python 3.12 or newer.
  • ⚠️Requires Ollama running locally (for default models) or API keys for cloud providers (e.g., OPENAI_API_KEY, ANTHROPIC_API_KEY).
  • ⚠️Database must be explicitly initialized (`haiku-rag init`) and creating a vector index (`haiku-rag create-index`) is recommended for large datasets for performance.
  • ⚠️Document processing via Docling can be resource-intensive; for heavy workloads, remote processing with `docling-serve` (a separate service) is recommended.
Verified SafeView Analysis
The system primarily relies on external AI providers (Ollama, OpenAI, Anthropic, etc.), which require API keys. These keys are expected to be managed via environment variables and are not hardcoded. The `a2a-server` examples demonstrate implementing API key and OAuth2 authentication, indicating awareness of security best practices. The MCP server exposes HTTP or stdio endpoints; network security (e.g., firewalls, access control, CORS configuration) is critical for HTTP transport. A minor concern is the default 'demo-key-12345' in the API key security example, but this is clearly for a demo and immediately advises production users to use environment variables.
Updated: 2025-12-12GitHub
72
10
Medium Cost
iceener icon
Sec9

Provides sandboxed filesystem access for AI agents to explore directories, read/search file content, and safely edit text files with checksum verification.

Setup Requirements

  • ⚠️Requires `Bun` runtime for the primary `dev` and `start` scripts.
  • ⚠️User MUST configure accessible directories via `FS_ROOTS` or `FS_ROOT` environment variables, otherwise the filesystem tools will be non-functional or report 'OUT_OF_SCOPE' errors.
  • ⚠️When connecting to clients (e.g., Claude Desktop), the `args` parameter often requires the absolute path to the server's entry point (e.g., `/absolute/path/to/files-mcp/src/index.ts`).
Verified SafeView Analysis
The server implements strong sandboxing by preventing absolute paths and directory traversal (`..`) outside configured mount points (`FS_ROOTS`). All file operations are routed through a robust path resolution layer (`src/lib/paths.ts`). Input validation is performed using Zod, mitigating common injection risks. File write operations (`fs_write`) strongly recommend checksum verification to prevent stale or unintended overwrites, enhancing data integrity. There is no apparent use of `eval` or direct arbitrary command execution. Glob patterns for searching are converted to safe regular expressions, not shell commands. Communication is via stdin/stdout, reducing network attack surface.
Updated: 2025-12-09GitHub
72
14
Medium Cost
ecos-labs icon

ecos

by ecos-labs

Sec8

Transforms AWS Cost and Usage Reports (CUR) into enriched datasets for FinOps analysis and provides AI-powered cost insights.

Setup Requirements

  • ⚠️Requires AWS CLI and configured AWS credentials.
  • ⚠️Requires Python 3.8+ and dbt Core with the `dbt-athena-community` adapter installed.
  • ⚠️AWS Cost & Usage Reports (CUR) must be enabled and configured for Athena in your AWS account.
  • ⚠️Appropriate AWS IAM permissions are necessary for the CLI to create and manage AWS resources (S3, Athena).
  • ⚠️Setting the `GITHUB_TOKEN` environment variable is recommended to avoid GitHub API rate limiting during model downloads.
Verified SafeView Analysis
The CLI component interacts with AWS services (S3, Athena, STS) and GitHub. It relies on standard AWS SDK practices for credential loading (from environment variables or local AWS config files) and utilizes the `GITHUB_TOKEN` environment variable for GitHub API authentication. Path sanitization (`filepath.Clean`) and checks for path traversal vulnerabilities are implemented during the extraction of dbt models from compressed archives. The `ecos init` and `ecos destroy` commands perform high-privilege AWS resource operations (creating/deleting S3 buckets and Athena workgroups), which is expected for an infrastructure management tool, but requires users to configure appropriate IAM permissions. No dynamic code execution (`eval` or similar) or obvious hardcoded secrets were detected in the provided Go or dbt code. The source code for the "MCP Server" (Python component for AI insights) is not provided, thus its specific security posture cannot be fully assessed.
Updated: 2025-12-11GitHub
71
365
Medium Cost
strowk icon

mcp-k8s-go

by strowk

Sec7

An MCP server enabling AI assistants and users to interact with and manage Kubernetes clusters by listing, getting, applying, and executing commands on Kubernetes resources.

Setup Requirements

  • ⚠️Requires access to a Kubernetes cluster configured via a kubeconfig file (defaults to ~/.kube/config).
  • ⚠️For convenient installation and execution of pre-built binaries, Node.js and npm/npx are required.
  • ⚠️If building from source, Golang is required.
Verified SafeView Analysis
The server provides powerful tools like 'apply-k8s-resource' for applying arbitrary YAML manifests and 'k8s-pod-exec' for executing commands in pods, which inherently carry significant security risks if exposed to untrusted users or contexts. Additionally, the 'get-k8s-resource' tool allows executing user-provided Go templates, introducing a potential template injection vulnerability. However, the `--allowed-contexts` and `--readonly` command-line flags offer crucial mechanisms to restrict access and modify capabilities, mitigating these risks when properly configured. The `--mask-secrets` flag is enabled by default to protect sensitive data.
Updated: 2025-11-24GitHub
PreviousPage 25 of 636Next