Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

76
208
Medium Cost
atlassian icon
Sec9

The Atlassian Rovo MCP Server acts as a cloud-based bridge, connecting Atlassian Cloud sites (Jira, Compass, Confluence) with external AI tools and IDEs to enable real-time data interaction and automation of development workflows.

Setup Requirements

  • ⚠️Requires an Atlassian Cloud site with Jira, Compass, and/or Confluence.
  • ⚠️Requires access to a compatible client (e.g., OpenAI ChatGPT, Claude, Google Gemini) and a modern browser for OAuth 2.1 authorization.
  • ⚠️For local client/IDE setup, Node.js v18+ is required to run the `mcp-remote` proxy.
Verified SafeView Analysis
The server leverages secure OAuth 2.1 authorization and HTTPS (TLS 1.2+) to ensure data encryption and respect existing user permissions, including IP allowlisting. It highlights critical security warnings about prompt injection, indirect prompt injection, and tool poisoning attacks inherent when connecting AI agents to tools, emphasizing the need for trusted clients, least privilege, and human confirmation for high-impact actions. The JQL query builder script includes explicit input sanitization to prevent JQL injection. Admin controls for managing and monitoring app access, along with audit logging, are also noted. The core service is hosted by Atlassian, indicating enterprise-level security practices, though the full server-side code is not provided for complete analysis.
Updated: 2026-01-17GitHub
76
278
Medium Cost
argoproj-labs icon

mcp-for-argocd

by argoproj-labs

Sec8

Enables AI assistants to interact with Argo CD applications through natural language, streamlining DevOps tasks.

Setup Requirements

  • ⚠️Requires an Argo CD instance with API access and an API token for authentication.
  • ⚠️Requires Node.js v18 or higher to run.
  • ⚠️Using `NODE_TLS_REJECT_UNAUTHORIZED=0` to bypass TLS certificate validation for self-signed certificates reduces security and is only recommended for development environments.
  • ⚠️Can be configured for read-only mode via `MCP_READ_ONLY=true` environment variable, otherwise all modification tools are available.
Verified SafeView Analysis
The server uses environment variables (ARGOCD_BASE_URL, ARGOCD_API_TOKEN) for sensitive information, which is a good practice. It supports different transport protocols (stdio, SSE, HTTP Stream), requiring proper network security configuration (e.g., firewalls, access control) by the user. A significant security warning is explicitly mentioned in the README regarding `NODE_TLS_REJECT_UNAUTHORIZED=0` for self-signed certificates, which disables TLS verification and should be used with extreme caution. Input validation for tool parameters is handled using Zod, which helps prevent injection attacks. A `MCP_READ_ONLY` flag exists to disable modification tools, enhancing security for read-only deployments.
Updated: 2025-12-03GitHub
75
368
High Cost
graphlit icon
Sec4

The Model Context Protocol (MCP) Server integrates with the Graphlit platform to ingest diverse data sources, build a searchable knowledge base, and enable LLM-powered search, retrieval, RAG, and generative capabilities for MCP clients.

Setup Requirements

  • ⚠️Requires Node.js 18.x or higher to be installed.
  • ⚠️An active account on the Graphlit Platform with specific API credentials (GRAPHLIT_ENVIRONMENT_ID, GRAPHLIT_ORGANIZATION_ID, GRAPHLIT_JWT_SECRET) is mandatory for basic operation.
  • ⚠️Accessing specific data connectors and features (e.g., Slack, Google Drive, Twitter, Notion, Jira) necessitates configuring a large number of additional, sensitive environment variables, each unique to the respective third-party service.
Review RequiredView Analysis
The server includes several functionalities that, if exposed to untrusted user input, could lead to severe vulnerabilities: 1. **Server-Side Request Forgery (SSRF):** The `ingestUrl` and `retrieveImages` tools directly accept a `url` parameter and perform `fetch(url)` or delegate to `client.ingestUri(url)`. An attacker could exploit this to make the server request arbitrary internal or external resources, potentially scanning internal networks, accessing sensitive local services, or bypassing firewall rules. 2. **Local File Inclusion (LFI):** The `ingestFile` tool accepts a `filePath` parameter and uses `fs.readFileSync(filePath)`. If an attacker can control this `filePath`, they could read any file on the server's filesystem that the Node.js process has permissions to access (e.g., `/etc/passwd`, `.env` files, SSH keys). 3. **Extensive Environment Variable Reliance:** Full functionality requires numerous environment variables for various third-party integrations (e.g., Slack, GitHub, Google, Twitter, Notion). Improper configuration or exposure of these secrets significantly increases the attack surface for account compromise. While the server's internal logic doesn't appear to contain explicit `eval` or intentional malicious code, the aforementioned input-driven vulnerabilities make it risky to run without robust input validation and strict isolation, especially when processing untrusted data.
Updated: 2026-01-12GitHub
75
840
Low Cost
Azure-Samples icon

AI-Gateway

by Azure-Samples

Sec8

The project serves as a collection of labs demonstrating AI Gateway capabilities with Azure API Management, focusing on Model Context Protocol (MCP) to enable plug-and-play tool integration for Large Language Models (LLMs).

Setup Requirements

  • ⚠️Requires Python 3.12 or later.
  • ⚠️Requires an Azure Subscription with Contributor + RBAC Administrator (or Owner) roles for deploying and managing Azure resources.
  • ⚠️Requires Azure CLI installed and authenticated.
  • ⚠️Requires various environment variables for Azure API Management and Azure AD configuration (e.g., APIM_GATEWAY_URL, AZURE_TENANT_ID, AZURE_CLIENT_ID).
Verified SafeView Analysis
The project extensively uses Azure's built-in security features like Managed Identity and OAuth 2.0 through Azure API Management's credential manager, which is a strong foundation. Secrets are generally managed via environment variables. The use of `subprocess.run` for Azure CLI commands is present but within expected boundaries for an Azure-focused lab. MCP servers bind to `0.0.0.0` by default, which is common for development but requires external network security in production. The complexity of OAuth flows, even with Azure's abstractions, always poses a risk of misconfiguration if not handled meticulously. No explicit 'eval' or obfuscation found.
Updated: 2026-01-05GitHub
75
123
Medium Cost
rhel-lightspeed icon

linux-mcp-server

by rhel-lightspeed

Sec3

This server provides read-only Linux system administration, diagnostics, and troubleshooting capabilities for AI agents using the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️Default `LINUX_MCP_VERIFY_HOST_KEYS=False` exposes to MITM attacks for remote SSH; manual configuration to `True` is required for secure remote operations.
  • ⚠️Requires passwordless SSH authentication (key-based) to target Linux systems for remote execution.
  • ⚠️The `read_log_file` tool requires the `LINUX_MCP_ALLOWED_LOG_PATHS` environment variable to be explicitly configured with a comma-separated whitelist of permitted log file paths.
  • ⚠️Local execution is disallowed when running inside a container, requiring a `host` parameter for all tools.
  • ⚠️Optimized for RHEL-based/systemd Linux systems; local execution on macOS or Windows will have limited functionality.
Review RequiredView Analysis
The server explicitly states all operations are read-only, includes robust path validation to prevent injection/traversal attacks, and sanitizes sensitive parameters from logs. However, a critical security risk exists because `LINUX_MCP_VERIFY_HOST_KEYS` defaults to `False`, making remote SSH connections vulnerable to Man-in-the-Middle (MITM) attacks. This default configuration makes the server unsafe for production use without manual intervention to enable host key verification.
Updated: 2026-01-19GitHub
75
171
Medium Cost
Ami3466 icon

tomcp

by Ami3466

Sec7

Converts any website into an MCP (Model-Config-Protocol) server for AI tools and enables AI chat with website content by converting HTML to clean Markdown.

Setup Requirements

  • ⚠️Cloudflare account and Workers AI API key are required to unlock paid AI models and bypass free tier rate limits.
  • ⚠️The free tier is rate limited to 5 requests per IP per day and 200 total requests per day (global).
  • ⚠️JavaScript is not executed during content fetching, so Single Page Applications (SPAs) or dynamically-loaded content will not be captured accurately.
  • ⚠️Requires trust in the `tomcp` service, as your Cloudflare Workers AI API key is proxied through their server for requests when provided.
Verified SafeView Analysis
The server processes arbitrary URLs, fetching and converting their HTML to Markdown. While the HTML parsing is basic (regex-based, which can be brittle but is generally less prone to complex DOM-based vulnerabilities), it relies on fetching untrusted external content. User-provided Cloudflare API keys for paid models are sent in the request body to the worker, requiring users to trust the `tomcp` service not to log or misuse their keys, even if they are not persistently stored on the server. There are no obvious hardcoded sensitive secrets (Cloudflare account IDs configured in `wrangler.toml` are for the service owner's free tier, not secret data) or 'eval' usage. The Cloudflare Workers platform provides some inherent security benefits.
Updated: 2025-12-20GitHub
75
343
Medium Cost
awslabs icon
Sec8

This project provides a CDK pipeline to automate the deployment of Model Context Protocol (MCP) servers as AWS Lambda functions, offering client transports for Lambda invocation and SigV4 HTTP, and server adapters/handlers for various AWS Lambda event models.

Setup Requirements

  • ⚠️Requires manual configuration of GitHub repository and owner names in the CDK pipeline source code.
  • ⚠️Requires manual creation and policy attachment for the CodeBuild IAM role outside of the CDK deployment.
  • ⚠️Requires manual activation of the GitHub connection and pipeline release via AWS CodeConnections and CodePipeline consoles after initial deployment.
  • ⚠️Python 3.11+ and Node.js 18+ are required for respective components.
Verified SafeView Analysis
The project uses standard AWS SDKs for Lambda invocation and SigV4 HTTP signing, which are generally secure. The `stdioServerAdapter` runs child processes per request; while this is a common pattern for certain types of servers, it introduces a potential risk vector if the `command` or `args` parameters are sourced from untrusted input or configured insecurely. However, within the context of this deployment pipeline, these parameters are expected to be defined by the developer for trusted MCP servers. No obvious 'eval' or obfuscation is present. Hardcoded secrets are avoided by using AWS Secrets Manager for examples like the Dog Facts API Key.
Updated: 2026-01-15GitHub
75
167
Medium Cost
ChiR24 icon

Unreal_mcp

by ChiR24

Sec9

High-performance bridge and automation server for Unreal Engine, enabling programmatic control, data processing, and asset authoring through a WebSocket API and optional WebAssembly acceleration.

Setup Requirements

  • ⚠️Requires Rust and wasm-pack to build the WebAssembly module.
  • ⚠️Requires Unreal Engine to be installed, running, and accessible for the automation bridge to connect.
  • ⚠️Requires the custom Unreal Engine plugin 'McpAutomationBridge' to be installed and enabled in the Unreal project.
  • ⚠️Reliance on several environment variables (e.g., UE_EDITOR_EXE, UE_PROJECT_PATH, MCP_AUTOMATION_CAPABILITY_TOKEN) for configuration.
Verified SafeView Analysis
The server implements robust input validation and path sanitization (`sanitizePath`, `CommandValidator`) to prevent common vulnerabilities like command injection and directory traversal. A capability token is used for authenticating with the Unreal Engine automation bridge and is redacted in logs. GraphQL and metrics endpoints are exposed, which is standard for servers, but requires appropriate network access control and firewall configuration.
Updated: 2026-01-19GitHub
74
310
Medium Cost
Tiberriver256 icon

mcp-server-azure-devops

by Tiberriver256

Sec9

This server provides an AI agent with tools to interact with Azure DevOps services, including searching code, wikis, and work items, managing pull requests, retrieving project details, and handling pipeline operations.

Setup Requirements

  • ⚠️Requires an Azure DevOps organization and project with appropriate permissions for read/write operations (e.g., creating pull requests, updating work items, accessing repositories).
  • ⚠️Authentication is configured via environment variables (e.g., AZURE_DEVOPS_PAT for Personal Access Token, or Azure CLI login / Managed Identity / Service Principal for Azure Identity methods).
  • ⚠️Some search features (e.g., Code Search) require the respective Azure DevOps extensions to be installed in the target organization.
Verified SafeView Analysis
The server handles sensitive information (Azure DevOps credentials) via environment variables, which is a standard and secure practice. It integrates with Azure SDKs (@azure/identity, azure-devops-node-api) for authentication, which provides robust security features. Error handling for API calls is comprehensive, mitigating risks from malformed responses or external API issues. The `create_branch.sh` script is a local utility and not part of the server's runtime exposed to external requests. While shell scripts always carry a minimal risk of injection, the direct use of `$1` with `git checkout -b` is generally robust for branch names. No 'eval' or direct arbitrary code execution on user input was identified within the server's core logic. The hardcoded Azure DevOps resource ID is a public identifier, not a secret.
Updated: 2025-12-02GitHub
74
337
Medium Cost
FreePeak icon

db-mcp-server

by FreePeak

Sec8

Provides AI assistants with structured access to multiple database systems (MySQL, PostgreSQL, SQLite, TimescaleDB) through the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires proper database configuration (credentials, host, port) in `config.json` or environment variables for all connected databases.
  • ⚠️For Docker deployments, external databases need to be accessible and `wait-for-it.sh` correctly resolves hostnames.
  • ⚠️For TimescaleDB features, the PostgreSQL instance must have the TimescaleDB extension installed and enabled.
Verified SafeView Analysis
The server uses parameterized queries to mitigate SQL injection risks. Example configuration files, such as `config.sqlite-example.json` and `config.timescaledb-test.json`, contain hardcoded default or placeholder credentials. While these are for example/test environments and users are expected to replace them, it highlights a common security pitfall if not properly managed in production. The server binds to `0.0.0.0` in some Docker configurations, which means it listens on all network interfaces, requiring a controlled network environment.
Updated: 2026-01-16GitHub
74
12
Medium Cost
iceener icon
Sec9

This MCP server is designed for location-aware AI agents running on mobile devices to search places, get details, and plan routes using Google Maps Platform APIs.

Setup Requirements

  • ⚠️Requires a Google Maps Platform API Key (Places API (New) and Routes API must be enabled, which are paid services).
  • ⚠️Requires a `BEARER_TOKEN` secret to be generated and configured for client authentication (unless authentication is explicitly disabled).
  • ⚠️Cloudflare Worker deployment requires a Cloudflare account, `wrangler` CLI, a KV namespace, and setting secrets via `wrangler secret put`.
Verified SafeView Analysis
The server implements robust security practices, including explicit use of environment variables/secrets for API keys and bearer tokens, input validation via Zod schemas, and proper CORS configuration. It features a security middleware that validates origin and MCP protocol version, and a logger with sensitive data redaction. AES-256-GCM encryption is available for KV storage in Cloudflare Workers. While origin validation for production includes a placeholder that defaults to `true` (requiring explicit configuration by the user), the overall code design prioritizes security.
Updated: 2025-12-09GitHub
74
192
High Cost
speakeasy-api icon

gram

by speakeasy-api

Sec4

A platform for developing, deploying, and managing AI tools/functions and their integrations, featuring a dashboard and embeddable UI components for AI assistants.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose for running local development environment.
  • ⚠️Requires both Go and Node.js/TypeScript development environments due to its monorepo structure.
  • ⚠️Full functionality (especially for AI models and integrations) requires external API keys for various services (e.g., LLMs via OpenRouter, cloud services like Snowflake, Supabase, Google Cloud, Pinecone, Temporal, etc.), many of which can incur costs.
  • ⚠️Specific database setup: PostgreSQL with the `pgvector` extension is used, and Redis for caching and Temporal for workflow orchestration.
Review RequiredView Analysis
The `compose.yml` file contains hardcoded secrets for `gram-cache` (Redis password: `xi9XILbY`) and `mcp-registry` (JWT private key: `ffb75d70bdacadee50324c5f93b04e5674b1df37b4e234e603e5c08500eb0740`). These should be parameterized with environment variables, even for local development configurations, to prevent accidental exposure in non-development environments. The system integrates with numerous external APIs and cloud services, which expands the attack surface, necessitating careful management of associated API keys and credentials.
Updated: 2026-01-19GitHub
PreviousPage 26 of 760Next