Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(7632)

70
7
High Cost
Sec8

An MCP server for ListenHub, enabling AI-powered podcast and FlowSpeech audio generation within various client applications.

Setup Requirements

  • ⚠️Requires a ListenHub API Key (available with ListenHub Pro plan and above, which is a paid service).
  • ⚠️Requires Node.js version 18 or higher.
Verified SafeView Analysis
The project is a Node.js application run via npx. It requires an API key which is passed via environment variables, a standard practice. It can operate in HTTP mode, exposing a local network port (default 3000), which introduces standard network security considerations if not properly managed. No signs of 'eval' or obfuscation were observed in the provided information.
Updated: 2025-11-17GitHub
70
148
Medium Cost
timescale icon

pg-aiguide

by timescale

Sec8

Provides AI-optimized PostgreSQL expertise, including semantic search across documentation and curated best-practice skills, for integration with AI coding assistants.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid) for semantic search and embedding during both ingest and runtime.
  • ⚠️Requires Docbook Toolsets installed locally for ingesting PostgreSQL documentation.
  • ⚠️Requires a PostgreSQL database with the pgvector extension installed.
Verified SafeView Analysis
The project uses `subprocess.run` with `shell=True` in its ingestion scripts (`postgres_docs.py`), which can be a security risk. However, the inputs to these commands are derived internally from git tags and configuration, not directly from user input, mitigating immediate injection concerns. All user-facing database interactions via the API use parameterized queries, which prevents SQL injection. Sensitive information like API keys and database credentials are expected to be provided via environment variables, a standard practice. Overall, the server is designed with good security practices for its core functionalities.
Updated: 2025-12-10GitHub
70
92
High Cost
aliyun icon
Sec7

This MCP server unifies ACK cluster/resource management, Kubernetes native operations, and container observability, security auditing, and diagnostic inspection capabilities into an AI-native, standardized toolset.

Setup Requirements

  • ⚠️Requires Alibaba Cloud AccessKeyId and AccessKeySecret with specific RAM permissions (cs, log, arms read-only access initially).
  • ⚠️Requires Python 3.12+ for development.
  • ⚠️Kubernetes operations require network access to the ACK cluster API server, potentially needing public endpoint configuration or private network setup.
Verified SafeView Analysis
The server correctly handles sensitive credentials by reading them from environment variables or command-line arguments, rather than hardcoding them. It also implements checks in `kubectl_handler.py` to prevent write operations and interactive commands in read-only mode, which is a good security practice. However, the `subprocess.run` and `subprocess.Popen` calls in `kubectl_handler.py` use `shell=True`. While the command string is constructed with the kubeconfig path and the provided command, using `shell=True` with user-controlled input (even if pre-processed by an LLM) can introduce shell injection vulnerabilities if the input is not perfectly sanitized. The current `is_write_command` and `is_interactive_command` functions are based on simple string checks, not robust command parsing, which leaves a potential attack surface. The file management for temporary kubeconfigs in `~/.kube` is reasonable, with cleanup mechanisms in place.
Updated: 2025-12-09GitHub
70
3
Medium Cost
MariyaSha icon

Docker_MCPGUIApp

by MariyaSha

Sec7

A conversational AI chatbot leveraging Docker's Model and Component Protocol (MCP) to integrate with LLMs and perform various tool-augmented searches (web, academic papers).

Setup Requirements

  • ⚠️Docker Desktop or a compatible Docker environment is required for all services.
  • ⚠️External API keys (e.g., Stripe, Hugging Face) are required as environment variables for full remote service functionality.
  • ⚠️An LLM service (e.g., Docker Model Runner, or an OpenAI-compatible endpoint) must be configured and running for the `ai-app` to function.
Verified SafeView Analysis
The Docker MCP Gateway containers (`gateway-local`, `gateway-remote`) mount `/var/run/docker.sock`, which grants them root-level access to the host's Docker daemon. While necessary for the gateway's operation to manage Docker services, this is a critical security implication. If these containers are compromised, an attacker could gain control over the host system. Environment variables for API keys (`STRIPE_SECRETS`, `HF_SECRETS`) are passed securely, avoiding hardcoding. The `ChatOpenAI` API key is set to 'nope', indicating that the LLM is expected to be served via a local Docker Model Runner or a compatible endpoint that doesn't require a traditional OpenAI API key directly in the application.
Updated: 2025-12-02GitHub
70
3
Low Cost
dmytro-ustynov icon

pptx-generator-mcp

by dmytro-ustynov

Sec4

Generate professional PowerPoint presentations from Markdown input via a Model Context Protocol (MCP) server integrated with Claude Desktop.

Setup Requirements

  • ⚠️Requires Node.js 18.0 or higher
  • ⚠️Requires Claude Desktop for integration
  • ⚠️Manual configuration of `claude_desktop_config.json` is necessary after installation
  • ⚠️Global npm installation may require sudo depending on system configuration
  • ⚠️Custom fonts (e.g., JetBrains Mono) need to be manually installed on the operating system for proper display in the generated PPTX
Review RequiredView Analysis
The `generate_presentation` tool constructs an output file path using user-provided `filename` without sufficient sanitization against directory traversal (e.g., `../../`). An attacker could potentially write files to arbitrary locations on the host system within the user's permissions. For example, `filename: "../../malicious-script"` could lead to writing a file outside the intended `output` directory. The `list_presentations` tool lists files in a predefined output directory, which is less of a risk but does expose local file names. No direct `eval` or command injection from user input found.
Updated: 2025-12-01GitHub
70
3
High Cost
telmon95 icon

VulneraMCP

by telmon95

Sec3

An AI-powered platform for automated security testing, vulnerability research, and bug bounty hunting.

Setup Requirements

  • ⚠️Requires manual installation of external CLI tools (subfinder, httpx, amass, sqlmap) and presence in system PATH.
  • ⚠️PostgreSQL 18+ is recommended, and if installed locally (e.g., via Homebrew), it defaults to port 5433, not the standard 5432, which needs explicit configuration.
  • ⚠️OWASP ZAP must be running, and examples often disable its API key for convenience, making it insecurely accessible to anyone on the network.
  • ⚠️Caido integration requires a CAIDO_API_TOKEN, which must be obtained and configured separately.
Review RequiredView Analysis
The server uses `eval()` in `render.execute_js` which allows arbitrary JavaScript execution provided by the user/AI, posing a critical remote code execution risk if the MCP client is compromised or provides untrusted input. Default PostgreSQL passwords like 'bugbounty123' are suggested in setup scripts and `docker-compose.yml`, which is a hardcoded secret vulnerability. ZAP is often configured with `api.disablekey=true` in examples, leaving its API unprotected.
Updated: 2025-11-28GitHub
70
349
Medium Cost
kimtaeyoon83 icon
Sec9

Retrieves transcripts from YouTube videos, including Shorts, with language fallback and optional ad filtering.

Setup Requirements

  • ⚠️Requires Node.js 18 or higher.
  • ⚠️Requires `npm install` and `npm run build` if running directly (not via npx).
Verified SafeView Analysis
The server's core logic for fetching transcripts directly interacts with YouTube's internal API via HTTPS. Input parameters are validated. There are no obvious hardcoded secrets, 'eval' usage, or obfuscation. Error handling is implemented for network issues and invalid inputs. The primary risk is the inherent reliance on YouTube's undocumented internal API, which could change and break functionality, but this does not expose direct security vulnerabilities to the user running the server.
Updated: 2025-12-04GitHub
70
7
Medium Cost
SamMorrowDrums icon

remarkable-mcp

by SamMorrowDrums

Sec8

This MCP server unlocks the reMarkable tablet as a 'second brain' for AI assistants, enabling them to read, search, and traverse the user's entire reMarkable library, including handwritten notes via OCR.

Setup Requirements

  • ⚠️Requires a reMarkable tablet with either Developer Mode enabled (for SSH) or a reMarkable Connect subscription (for Cloud mode).
  • ⚠️Google Vision API Key is highly recommended for effective handwriting OCR; it has a free tier but incurs costs after 1,000 requests/month.
  • ⚠️Requires `rmc` and `cairosvg` (or `inkscape`) system-wide installations for image rendering and Tesseract OCR.
  • ⚠️Using SSH password authentication requires `sshpass` to be installed and is not recommended due to security concerns.
Verified SafeView Analysis
The server uses `subprocess.run` for SSH/SCP and image processing (`rmc`, `cairosvg`, `inkscape`). While `subprocess.run` can be risky if inputs are not properly sanitized, the current implementation appears to handle internal paths or controlled inputs. The use of `sshpass` for password authentication is explicitly warned against in the documentation as it stores the password in plain text. No `eval` or other obvious code obfuscation/malicious patterns were found.
Updated: 2025-12-02GitHub
69
256
High Cost
decocms icon

admin

by decocms

Sec8

DecoCMS is an open-source Context Management System (MCP Mesh) for AI, designed to centralize, compose, and secure AI agents, workflows, and full-stack AI applications with built-in governance, observability, and cost control.

Setup Requirements

  • ⚠️Requires 'Bun' runtime for local development and direct execution.
  • ⚠️Requires 'DATABASE_URL' environment variable (supports SQLite and PostgreSQL).
  • ⚠️Requires 'ENCRYPTION_KEY' and 'MESH_JWT_SECRET' environment variables for secure operation.
  • ⚠️Comprehensive authentication setup (email, social, SSO) via 'Better Auth' requires external provider configuration.
Verified SafeView Analysis
The system employs robust security measures including granular Role-Based Access Control (RBAC) via 'Better Auth', JWTs for internal tokens, and AES-256-GCM encryption for sensitive connection credentials. Management tools, notably 'DATABASES_RUN_SQL' which executes raw SQL, are heavily reliant on this access control. Improper configuration of permissions for such powerful tools could lead to privilege escalation or data breaches. CORS origin configuration is noted as a TODO in the source, which should be addressed for production deployments.
Updated: 2025-12-14GitHub
69
226
Medium Cost
anyproto icon

anytype-mcp

by anyproto

Sec8

The Anytype MCP Server enables AI assistants to interact with Anytype's API through natural language for knowledge management.

Setup Requirements

  • ⚠️Requires an Anytype API Key (obtained from Anytype application settings or CLI).
  • ⚠️Requires a local Anytype application running and accessible, or a reachable Anytype API endpoint.
  • ⚠️The `OPENAPI_MCP_HEADERS` environment variable must be set with the API key and Anytype version (as a JSON string).
Verified SafeView Analysis
The codebase adheres to good practices by externalizing API keys via environment variables (OPENAPI_MCP_HEADERS). The HTTP client correctly handles file uploads by reading local file paths provided as strings. A commented-out section in `src/openapi/parser.ts` reveals a potential for using `eval` for Zod schema generation. While currently inactive, activating it would introduce a significant arbitrary code execution vulnerability. Overall, it is generally safe to run, given trust in the underlying Anytype API.
Updated: 2025-12-10GitHub
69
166
Medium Cost
aaronsb icon
Sec9

Provides AI assistants with semantic agency over an Obsidian knowledge graph, enabling them to understand, navigate, and synthesize information across notes using the Model Context Protocol.

Setup Requirements

  • ⚠️Requires Obsidian to be installed and running, as it functions as an Obsidian plugin.
  • ⚠️An MCP-compatible AI client (e.g., Claude Desktop, Claude Code) is necessary to connect and interact with the server.
  • ⚠️Connecting via `mcp-remote` (used by some AI clients like Claude Desktop) requires Node.js/NPM to be installed on the client machine to run `npx mcp-remote`.
  • ⚠️If HTTPS is enabled with auto-generated self-signed certificates, AI clients may need to be configured to bypass SSL certificate validation (e.g., `NODE_TLS_REJECT_UNAUTHORIZED=0`), which carries inherent security risks if not understood.
Verified SafeView Analysis
The plugin implements robust security measures including granular operation permissions, comprehensive path validation (preventing traversal attacks), API key authentication, and `.mcpignore` file-based exclusions. It supports HTTPS with auto-generated self-signed certificates (requiring client-side SSL verification bypass for local dev). An `InputValidator` framework prevents various attack vectors like ReDoS, DoS, and file size limits. A configurable 'read-only' mode is available. The use of `new Function()` for Bases YAML expression evaluation represents a calculated risk, common in plugin DSLs, but appears to be within a controlled, sandboxed context.
Updated: 2025-12-08GitHub
69
117
Medium Cost
neo4j icon

mcp

by neo4j

Sec9

Provides an official Model Context Protocol (MCP) server for Neo4j, enabling LLMs and other AI clients to interact with Neo4j databases through tool calls for schema introspection and Cypher query execution.

Setup Requirements

  • ⚠️Requires a running Neo4j database instance (e.g., Neo4j Desktop, AuraDB) with the APOC plugin installed. The server will not start if APOC is missing.
  • ⚠️Requires Go 1.25+ for development and compilation.
  • ⚠️Requires an MCP-compatible client (e.g., VSCode with MCP support, Claude Desktop) to interact with the server, as it operates over standard I/O.
Verified SafeView Analysis
The server employs good security practices, including external configuration for sensitive credentials via environment variables/CLI, explicit query classification to restrict read-only tools from performing write operations (checked via `EXPLAIN` on Cypher queries), and redaction of sensitive data in logs (e.g., passwords, tokens, URIs). The `write-cypher` tool is noted as potentially destructive and comes with user-level warnings, also being disableable via the `NEO4J_READ_ONLY` flag. Telemetry is opt-out and anonymized. No 'eval' or malicious patterns were identified in the provided code.
Updated: 2025-12-12GitHub
PreviousPage 27 of 636Next