Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

79
7
Medium Cost

frc-rag-mcpserver

by ramalamadingdong

Sec7

Provides RAG-based access to WPILib documentation for FRC robotics programming via a Model Context Protocol (MCP) server, specifically for GitHub Copilot.

Setup Requirements

  • ⚠️Requires connectivity to an external, pre-hosted server (http://97.139.150.106:3000/), which may experience downtime or performance variability.
  • ⚠️Requires specific VS Code user-level configuration by creating or modifying `mcp.json` in the user's config folder with an exact server name 'WPILibRag'.
  • ⚠️Requires a `.github/copilot-instructions.md` file in the project root with mandatory instructions to direct GitHub Copilot to use the MCP tool for WPILib-related queries.
Verified SafeView Analysis
The setup involves configuring VS Code to connect to a remotely hosted, third-party MCP server (http://97.139.150.106:3000/). While the client-side configuration itself (mcp.json, copilot-instructions.md) doesn't introduce direct local code execution risks from the provided files, trusting the external server for data retrieval and potential future capabilities carries inherent risks. The server's source code is not provided in this repository, meaning its internal workings for RAG and data handling are not transparent or auditable by the user.
Updated: 2025-11-17GitHub
78
142
High Cost
penpot icon

penpot-mcp

by penpot

Sec2

The Penpot MCP server enables LLMs to perform data queries, transformation, and creation operations on Penpot design files by allowing LLMs to execute JavaScript code via a Penpot plugin.

Setup Requirements

  • ⚠️Requires Node.js v22 for server and plugin.
  • ⚠️Chromium-based browsers (v142+) may require explicit approval for Private Network Access (PNA) to connect to the local plugin server.
  • ⚠️Multi-user mode is under development and uses a hardcoded 'dummyToken', lacking proper authentication.
  • ⚠️Python scripts (for API docs generation) use `pixi` for environment management, requiring its installation for development tasks.
Review RequiredView Analysis
CRITICAL: The `execute_code` tool allows arbitrary JavaScript code execution directly within the Penpot plugin's context (`new Function(...)` is used). If an attacker gains control of the MCP server or the LLM client, they could execute malicious code within the user's Penpot session, potentially manipulating design files or exfiltrating data. File system access for `import_image` and `export_shape` tools is enabled by default in single-user (local) mode, allowing local file read/write, which is risky. Multi-user mode currently uses a hardcoded 'dummyToken' for authentication, making it insecure for shared deployments.
Updated: 2026-01-19GitHub
78
52
Low Cost
apisec-inc icon

mcp-audit

by apisec-inc

Sec9

Security audit and governance for AI agent configurations (MCPs) in development environments and GitHub repositories.

Setup Requirements

  • ⚠️Backend deployment requires a Vercel account, Google Workspace email (@apisec.ai), and a Gmail App Password.
  • ⚠️Web app GitHub scanning requires a Personal Access Token with 'repo' and 'read:org' permissions.
  • ⚠️CLI tool requires Python 3.9+.
Verified SafeView Analysis
The server's primary function is to generate and email PDF reports of scan summaries. It follows good security practices by: (1) only transmitting scan *summary* data (counts, risk levels) to the backend, *never* actual secret values or raw configurations; (2) using environment variables for sensitive credentials (Gmail user/password, API key); (3) implementing an API key for its report endpoint; (4) using a client-side approach for GitHub scanning, ensuring user tokens remain in the browser; (5) verifying the integrity of its known MCP registry file with SHA-256. The code shows no signs of 'eval', obfuscation, or direct malicious patterns. The overall design prioritizes privacy and transparency.
Updated: 2026-01-16GitHub
78
361
Medium Cost
mondaycom icon

mcp

by mondaycom

Sec2

This server provides an interface for AI agents to interact with the monday.com API, enabling automated workflows and integrations within the monday.com work operating system.

Setup Requirements

  • ⚠️Requires Node.js v20 or higher.
  • ⚠️Requires NPM v5.2.0 or higher.
  • ⚠️A monday.com API key is mandatory for authentication and API interaction.
  • ⚠️ATP mode, which includes a dynamic code execution tool, is an Alpha feature and may be unstable or change.
Review RequiredView Analysis
The server, particularly in 'ATP mode (Alpha)', exposes an `execute_code` tool that allows dynamic JavaScript code execution to call monday.com APIs. This is a critical security risk as it permits arbitrary code execution which, if not rigorously sandboxed and contained, could lead to system compromise or unauthorized data access. The server requires a monday.com API token, which grants significant access to a user's data and should be treated with extreme care. API tokens are passed via command line or environment variables, which is a standard practice, but the tokens themselves are sensitive. Developers are cautioned about the alpha status of ATP mode and the potential for changes in behavior.
Updated: 2026-01-19GitHub
77
118
Medium Cost
matlab icon
Sec7

The MATLAB MCP Core Server enables AI applications to start and quit MATLAB, execute MATLAB code, and assess code quality.

Setup Requirements

  • ⚠️Requires MATLAB (MathWorks) 2020b or later to be installed on the system.
  • ⚠️MATLAB executable must be added to the system PATH environment variable.
  • ⚠️For Claude Desktop integration, Node.js and the `@modelcontextprotocol/server-filesystem` package are required.
Verified SafeView Analysis
The server's core function is to execute arbitrary MATLAB code provided via API calls, which inherently poses a high security risk if not properly managed. The README explicitly warns users to 'thoroughly review and validate all tool calls before you run them' and 'always keep a human in the loop'. The presence of path validators in the source code (e.g., in `checkmatlabcode`, `runmatlabfile`) suggests attempts to restrict file access, which is a good practice for mitigating some execution risks. No hardcoded secrets or obvious malicious patterns were found. Network communication within the watchdog mechanism appears to use Unix Domain Sockets or HTTP, with TLS for the embedded MATLAB connector, indicating attention to secure communication channels. The main security consideration is ensuring trusted and validated input to the code execution functions.
Updated: 2026-01-13GitHub
77
146
Low Cost
mcp-shark icon

mcp-shark

by mcp-shark

Sec7

Aggregate multiple Model Context Protocol (MCP) servers into a single unified interface with a powerful monitoring UI.

Setup Requirements

  • ⚠️Requires Node.js 20.0.0 or higher.
  • ⚠️The 'Smart Scan' feature requires an external API token, which may incur costs from the associated service (smart.mcpshark.sh).
  • ⚠️Requires an existing Model Context Protocol (MCP) configuration file (e.g., ~/.cursor/mcp.json) or manual input for server setup.
Verified SafeView Analysis
The application relies on user-provided configuration files and an API token for its 'Smart Scan' feature. It uses `child_process.execSync` internally for system path detection, which is generally discouraged but appears limited in scope to information gathering rather than arbitrary command execution from untrusted input. The proxying of requests to configured MCP servers is an intended feature and its security depends on the trustworthiness of the configured backend MCP servers. No obvious hardcoded sensitive secrets or severe vulnerabilities were identified in the provided code snippets.
Updated: 2025-12-24GitHub
77
399
Medium Cost
utensils icon

mcp-nixos

by utensils

Sec3

An MCP server providing accurate, real-time information about NixOS packages, configuration options, Home Manager, nix-darwin, Nixvim, FlakeHub, and package versions to prevent AI hallucinations.

Setup Requirements

  • ⚠️Requires Python 3.11+
  • ⚠️Requires an active internet connection as all queries hit live APIs (no caching)
  • ⚠️Hardcoded API credentials in source code (security risk)
Review RequiredView Analysis
CRITICAL: The NixOS Elasticsearch API credentials (username 'aWVSALXpZv' and password 'X8gPHnzL52wFEekuxsfQ9cSh') are hardcoded directly in `mcp_nixos/server.py`. This is a severe security vulnerability as it exposes sensitive API authentication details, making them publicly visible and non-rotatable. All API requests to `search.nixos.org/backend` use these hardcoded credentials. No other major risks like 'eval', obfuscation, or arbitrary code execution were found.
Updated: 2026-01-07GitHub
77
126
High Cost
sudocode-ai icon

sudocode

by sudocode-ai

Sec7

Git-native spec and issue management for AI-assisted software development, enabling agents to track context, manage tasks, and collaborate through structured workflows and feedback loops within a version-controlled repository. It provides agent orchestration, context persistence, and real-time visualization for complex, long-horizon software development tasks.

Setup Requirements

  • ⚠️Requires Node.js >= 18.0.0 and npm >= 7.0.0.
  • ⚠️Requires Git CLI installed and configured.
  • ⚠️Requires local SQLite cache (`.sudocode/cache.db`), which is gitignored.
  • ⚠️AI service credentials (e.g., Claude Code, OpenAI API Key) must be configured locally for remote deployment/execution.
  • ⚠️Claude Code CLI (`@anthropic-ai/claude-cli`) may be required for Claude integration.
  • ⚠️Worktrees are used for agent isolation; ensure sufficient disk space and proper Git configuration.
  • ⚠️Third-party integration plugins extend functionality but require careful vetting and configuration.
  • ⚠️Manual cleanup of orphaned worktrees and branches may be necessary.
  • ⚠️Prompts can reference specs, issues, and files directly using `[[ID]]` or `@file` syntax, which needs to be understood for effective agent direction.
  • ⚠️For orchestrator workflows, goal-based workflows require the orchestrator engine (`config.engineType: 'orchestrator'`).
Verified SafeView Analysis
Sudocode operates directly within your Git repository, granting AI agents powerful capabilities including code modification, execution of arbitrary commands via tools (e.g., Bash), and direct manipulation of Git state (branches, worktrees). While designed for AI-assisted development, this level of access inherently carries risks. Key security considerations: 1. **Agent Autonomy**: Misconfigured or malicious agents could introduce bugs, compromise data, or execute unintended commands. The `dangerouslySkipPermissions` flag, if enabled, bypasses all interactive permission prompts, significantly increasing risk. 2. **Worktree Isolation**: Executions are isolated in Git worktrees by default, which is a strong protective measure, preventing direct modification of the main branch. However, changes are still intended to be merged back. 3. **Local-first Design**: All project data (`.sudocode/`) is version-controlled in your repository, and user-level credentials (`~/.config/sudocode/user_credentials.json`) are stored locally with restrictive `600` permissions, reducing external attack surface. 4. **External AI Services**: Relies on external AI CLI tools (Claude, Codex, Cursor). The security of the overall system is dependent on the security and behavior of these third-party agents. 5. **Plugins**: Supports third-party integration plugins, which could introduce vulnerabilities if not carefully vetted. 6. **Code Review**: Human oversight and code review of agent-generated changes are critical before merging to main branches. 7. **`restrictToWorkDir`**: The `AcpExecutorWrapper` supports a `restrictToWorkDir` option which, when enabled, configures a PreToolUse hook to block file operations outside the working directory. This enhances isolation but is not enabled by default for all execution modes.
Updated: 2026-01-18GitHub
77
166
Low Cost
JSONbored icon
Sec9

A central directory and API gateway for discovering, searching, and managing various Claude configurations, including AI agents, MCP servers, rules, commands, and hooks. It provides content serving, search, and OAuth authorization for MCP clients.

Setup Requirements

  • ⚠️Requires Node.js >= 22.0.0 and pnpm >= 10.0.0.
  • ⚠️Requires a local Deno installation to serve/type-check Edge Functions locally (e.g., `brew install deno`).
  • ⚠️Heavy reliance on Supabase for database, authentication, and edge functions. Requires a Supabase project and associated keys.
Verified SafeView Analysis
The project demonstrates a strong focus on security, employing environment variables for all secrets, using timing-safe comparisons for critical keys, validating webhook signatures (Svix, Supabase), and sanitizing user-provided content (URLs, HTML). It uses Supabase's RLS and client isolation (anon vs. admin clients with justification) and implements rate limiting and circuit breakers for API resilience and abuse prevention. PII redaction is configured for logging. No 'eval' or obvious obfuscation was detected in the provided code snippets. Extensive architectural ESLint rules enforce secure coding practices.
Updated: 2026-01-18GitHub
77
468
Medium Cost
smithery-ai icon

cli

by smithery-ai

Sec6

The Smithery CLI is a developer tool for installing, managing, building, running, and deploying Model Context Protocol (MCP) servers and integrating them with various AI clients.

Setup Requirements

  • ⚠️Requires NodeJS version 20 or above.
  • ⚠️Requires a Smithery API key for many operations (e.g., `login`, `search`, `deploy`, `dev` with tunneling), implying an account on the Smithery platform.
  • ⚠️Python (for `uvx`) or Bun (for `bunx`) might be required and prompted for installation if a `stdio` server connection uses these runtimes.
Verified SafeView Analysis
The CLI dynamically loads and executes server configurations, including `stdioFunction` (a deprecated feature but still present in code) using `new Function()`. If the Smithery registry is compromised, this could lead to arbitrary code execution when installing or running servers from it. The tool utilizes `keytar` for secure OS keychain storage of API keys, which is a good security practice. The `dev` and `playground` commands offer local server tunneling via `ngrok`, exposing local services to the internet, which carries inherent risks if not used carefully or with proper authentication for the exposed services.
Updated: 2026-01-16GitHub
77
98
Medium Cost
nuxt-modules icon

mcp-toolkit

by nuxt-modules

Sec8

Develop a Model Context Protocol (MCP) server directly within a Nuxt application, allowing AI agents to interact with application functionalities, access data, and utilize predefined prompts.

Setup Requirements

  • ⚠️Requires manual installation of `zod` if not using `npx nuxt module add mcp-toolkit` for module setup.
  • ⚠️`nitro.experimental.asyncContext: true` must be enabled in `nuxt.config.ts` to access `useEvent()` within MCP handlers, which is crucial for middleware and context-aware tools (e.g., user authentication).
  • ⚠️Deployment to Cloudflare Workers requires an additional `agents` package to be installed.
Verified SafeView Analysis
The core functionality involves exposing HTTP server endpoints for AI agents. Implementers must ensure robust authentication and authorization, especially for sensitive operations. Examples provided use API keys and middleware for authentication, which is good practice. However, the 'file' resource example (e.g., `apps/playground/server/mcp/resources/file.ts`) demonstrates reading local files via a dynamic path (`file:///project/{+path}`). While its `list` function attempts to filter sensitive directories like `.git` and `node_modules`, the `handler` directly uses `variables.path` joined with `process.cwd()`. This poses a risk of arbitrary file access if the AI client is not strictly constrained or if the application layer does not implement comprehensive path validation or allow-listing. The documentation correctly notes that the application (not the AI) controls which resources are included in context, implying the implementer's responsibility to manage this risk.
Updated: 2026-01-19GitHub
76
173
Medium Cost
universal-tool-calling-protocol icon

utcp-mcp

by universal-tool-calling-protocol

Sec3

This project acts as a versatile bridge exposing Universal Tool Calling Protocol (UTCP) tools as Model Context Protocol (MCP) tools, enabling AI agents and other MCP-compatible clients to discover, manage, and execute a wide range of external capabilities including APIs, command-line tools, and inline code execution.

Setup Requirements

  • ⚠️Requires Python 3.8+, Node.js 18+, or Rust toolchain, depending on the chosen bridge implementation and its specific features.
  • ⚠️Requires a `.utcp_config.json` file for defining tool providers and initial configurations.
  • ⚠️The default Docker setup exposes ports 8776 (Client MCP), 8777 (Proxy MCP), and 8778 (FastAPI web server) on all network interfaces (0.0.0.0), which may require firewall configuration or explicit binding to 127.0.0.1 for local development.
Review RequiredView Analysis
The server explicitly includes 'Code Mode' features in both its TypeScript and Rust implementations, allowing the execution of arbitrary user-provided code (TypeScript/Rhai scripts) with direct access to registered tools. This poses an extremely high security risk, as it enables arbitrary code execution on the host machine if the server is exposed to untrusted inputs or clients without robust sandboxing. Additionally, the Docker setup for the web UI/proxy/client services binds to 0.0.0.0 (all network interfaces) by default, increasing potential exposure.
Updated: 2025-11-27GitHub
PreviousPage 25 of 760Next