Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

74
253
Medium Cost
GuDaStudio icon

geminimcp

by GuDaStudio

Sec7

Integrates Google's Gemini CLI with Claude Code as an MCP server for AI-assisted programming, particularly strong in frontend design.

Setup Requirements

  • ⚠️Requires Claude Code to be installed and configured.
  • ⚠️Requires Gemini CLI to be installed and configured (including API access).
  • ⚠️Requires the `uv` tool for installation.
  • ⚠️Python 3.12+ is required.
Verified SafeView Analysis
The server executes the `gemini` CLI via `subprocess.Popen` with `shell=False`, which is generally secure against shell injection. User-provided `PROMPT` is passed directly as an argument to `gemini-cli`. While `windows_escape` is used for Windows, the overall security relies on the robustness of `gemini-cli` itself against malicious or malformed prompts that could potentially exploit internal `gemini-cli` vulnerabilities or command injection if `gemini-cli` misinterprets arguments. No `eval`, hardcoded secrets, or obvious network risks beyond communicating with the underlying `gemini-cli`.
Updated: 2025-12-16GitHub
74
340
Medium Cost
pab1it0 icon
Sec7

A Model Context Protocol (MCP) server that enables AI assistants to query and analyze Prometheus metrics for monitoring and insights.

Setup Requirements

  • ⚠️Requires a running Prometheus server accessible from the environment, with its URL (`PROMETHEUS_URL`) being a mandatory configuration.
  • ⚠️Requires Docker for the most straightforward installation and usage, or Python 3.10+ with `uv` for manual setup.
Verified SafeView Analysis
The server's core function involves making HTTP requests to a user-defined Prometheus URL (`PROMETHEUS_URL`). If `PROMETHEUS_URL` points to an untrusted or internal network location, it could potentially be exploited for Server-Side Request Forgery (SSRF). The `PROMETHEUS_URL_SSL_VERIFY` option allows disabling SSL verification, which is insecure and explicitly warned against in the logs. Authentication credentials (username/password, bearer token) are passed via environment variables, which is standard for containerized applications but requires secure environment management. The `PROMETHEUS_CUSTOM_HEADERS` option allows arbitrary headers as a JSON string; while `json.loads` is generally safe, this could be a point of concern if not handled carefully in specific deployment scenarios. The Docker image runs as a non-root user (`app`), which is a good security practice.
Updated: 2026-01-10GitHub
74
2691
Low Cost
opensolon icon

solon

by opensolon

Sec4

Java enterprise application framework for building high-performance, resource-efficient services, including AI agents and workflow solutions.

Setup Requirements

  • ⚠️Default `app.yml` includes a hardcoded Redis password (`123456`) for session state (`server.session.state.redis.password`), which is a severe security risk and requires immediate change.
  • ⚠️HTTPS support requires explicit configuration of a Java KeyStore (`server.ssl.keyStore`, `server.ssl.keyPassword`).
  • ⚠️Leveraging performance benefits like native image compilation requires specific build tools (e.g., GraalVM) and configurations, potentially increasing setup complexity.
Review RequiredView Analysis
The `app.yml` configuration file contains a hardcoded default password (`123456`) for Redis session state, which is a critical security vulnerability for any production deployment. This must be changed immediately. The framework uses SnEL (Solon Expression Language) for configuration and templating. While generally safer than arbitrary code execution, care must be taken to prevent expression injection if user input is not properly sanitized before being passed to SnEL evaluation functions. Support for `HttpSslSupplierAny` allows disabling strict SSL/TLS certificate validation, which is discouraged for production environments. Proper security modules (Auth, Validation) are available, but their effective use depends on application-level implementation.
Updated: 2026-01-17GitHub
74
347
Low Cost
1mcp-app icon

agent

by 1mcp-app

Sec7

Manages and proxies multiple Model Context Protocol (MCP) servers locally, providing a unified entry point and CLI for installation, configuration, and status monitoring.

Setup Requirements

  • ⚠️Experimental platform support for Windows and Linux: paths are researched but untested, potentially leading to configuration discovery issues.
  • ⚠️Default interactive prompts for `app consolidate` and `mcp remove` commands require user confirmation, which can prevent unattended or scripted operations unless `--yes` or `--force` flags are used.
  • ⚠️Server installation may require interactive steps or using full registry IDs if simple names don't resolve automatically, indicating potential friction with server discovery.
Verified SafeView Analysis
The core function of this agent is to launch and manage external MCP servers, often using commands like `npx` or direct executables specified in the configuration. This inherently involves executing external code, which is a significant security consideration. The project implements measures like input sanitization (for server names, tags, command arguments) and redaction of sensitive information in logs (`redactCommandArgs`, `redactUrl`). Configuration validation (using Zod schemas) helps prevent malformed server configurations. However, the overall security depends heavily on the user's trust in the MCP servers they choose to install and the integrity of their `mcp.json` configuration file. The `docker-compose.dev.yml` uses `network: host` and mounts host configurations, which is a security concern for development environments. Direct manual input for environment variables and arguments through interactive prompts or CLI flags allows users to specify arbitrary values, which are then passed to child processes.
Updated: 2026-01-18GitHub
73
317
Low Cost
IBM icon

mcp

by IBM

Sec9

Connect IBM products and other enterprise systems to AI agents via the Model Context Protocol (MCP) to enable AI models to interact with various local and remote resources.

Setup Requirements

  • ⚠️Requires Docker for many server installations.
  • ⚠️Requires Node.js/npm (or a compatible runtime for 'uvx') for many 'npx' or 'uvx' based server installations.
  • ⚠️Requires extensive configuration of specific environment variables (e.g., API keys, tokens, credentials, endpoints) for each individual MCP server to function, which must be managed securely by the user.
Verified SafeView Analysis
This repository serves as an index and configuration template for various Model Context Protocol (MCP) servers and does not contain executable server code that could pose direct security risks like 'eval' or obfuscation. The 'CONTRIBUTING.md' emphasizes following security best practices for contributions to individual MCP servers. The 'mcp.json' file correctly uses placeholder environment variables for credentials (e.g., API keys, tokens), ensuring no sensitive information is hardcoded in the repository itself. Critical security considerations lie with the individual linked MCP servers and the secure management of credentials by users during deployment and operation.
Updated: 2026-01-19GitHub
73
52
Medium Cost
notch-ai icon

autosteer

by notch-ai

Sec8

An AI-powered desktop application (AutoSteer) designed to assist developers with coding, project management, and integrating various development tools. It provides a conversational interface with AI agents, manages projects as Git worktrees, offers an integrated terminal, Git changes viewer, and advanced tab management for session isolation and persistence. It also integrates with Multi-Cloud Platform (MCP) servers for extended functionality.

Setup Requirements

  • ⚠️Requires Python runtime and the Claude Agent SDK to be installed for local AI capabilities and MCP server integration.
  • ⚠️Project creation necessitates a valid GitHub repository URL and branch.
  • ⚠️Integrated with various IDEs (e.g., VS Code, Cursor, WebStorm), which users may need to install separately.
  • ⚠️MCP Server integration may require additional setup and OAuth authentication specific to those servers.
Verified SafeView Analysis
The application leverages Electron's secure IPC mechanisms and `shell.openExternal` for user-provided URLs, mitigating common webview injection risks. It utilizes standard and well-understood external processes for core functionalities like Git operations (`simple-git`, `child_process.exec/spawn`), Python runtime (`child_process.spawn` for MCP and SDK checks), and terminal emulation (`node-pty`). The codebase shows a conscientious approach to isolating and sanitizing inputs, and explicitly redacting sensitive information in logs via `safeHandlerWrapper`. No direct `eval` or blatant obfuscation was detected. While any tool executing external commands carries inherent risk, the codebase appears to handle these aspects reasonably.
Updated: 2025-11-26GitHub
73
40
Low Cost
rohitsoni007 icon

mcp-gearbox

by rohitsoni007

Sec7

A cross-platform desktop application for managing Model Context Protocol (MCP) servers across various AI agents.

Setup Requirements

  • ⚠️Requires `uv` (Python package manager) or Python 3.11+ for `mcp-cli` installation.
  • ⚠️Requires Git for `mcp-cli` installation from source (GitHub repositories).
  • ⚠️Initially attempts to auto-install `mcp-cli` on first run; manual intervention might be needed if dependencies (Python, uv) are not met.
Verified SafeView Analysis
The application follows good security practices for an Electron app, including `nodeIntegration: false` and `contextIsolation: true` in the main process, and exposing a controlled API via `contextBridge.exposeInMainWorld`. Interactions with the `mcp-gearbox-cli` are proxied through a main process service (`ElectronMcpService`) using `ipcMain.handle`, limiting direct shell access from the renderer. User-provided inputs (like server names, agent names, project location) are passed as distinct arguments to the underlying CLI commands. The main security assumption lies in the `mcp-gearbox` (npm package) library and the `mcp-gearbox-cli`'s robust handling and sanitization of these arguments to prevent shell injection or other vulnerabilities. Without the source code for the `mcp-gearbox` library itself, a full audit of the CLI interaction security cannot be completed, but the application's wrapper adheres to secure design patterns.
Updated: 2025-11-20GitHub
73
162
Low Cost
cursor icon

mcp-servers

by cursor

Sec8

A curated collection of Model Context Protocol (MCP) server configurations to integrate various developer tools and services with AI agents.

Setup Requirements

  • ⚠️Requires various API Keys/Personal Access Tokens to be manually obtained and configured as environment variables.
  • ⚠️Several servers require Docker to be installed and running (e.g., GitHub, Vault, Terraform, SonarQube).
  • ⚠️Many CLI-based servers (using 'npx' or 'uvx') require Node.js/NPM or Python runtime environments respectively.
Verified SafeView Analysis
The repository itself consists of configuration files (server.json) and a script to generate the README.md. No direct malicious code, 'eval' statements, or obfuscation were found within this source code. Secrets are not hardcoded; placeholder environment variables and API keys are specified for user configuration. The security risk primarily lies in the execution of the external MCP servers (via 'npx', 'docker run', 'uvx', or direct HTTP connections) which are third-party applications. Users must trust the source of these external tools and properly secure their environment variables. The average tokens per call is not applicable as this repository is a collection of configurations, not a runtime server itself.
Updated: 2026-01-16GitHub
73
477
Medium Cost
ggozad icon

haiku.rag

by ggozad

Sec8

Opinionated agentic RAG powered by LanceDB, Pydantic AI, and Docling to provide hybrid search, intelligent QA, and multi-agent research over user-provided documents, accessible via CLI, Python API, Web App, TUI, or as an MCP server for AI assistants.

Setup Requirements

  • ⚠️Python 3.12+ required.
  • ⚠️Requires API keys for chosen LLM/Embedding/Reranking providers (e.g., OpenAI, Anthropic, VoyageAI), which may incur costs.
  • ⚠️For local LLMs (e.g., Ollama, vLLM, LM Studio) or remote document processing (docling-serve), a separate server instance must be running.
Verified SafeView Analysis
The project adheres to good practices by not hardcoding API keys and expecting them via environment variables. It relies heavily on external AI model providers and document processing services, inheriting their security profiles. The file monitoring feature processes local files, which introduces a potential vector for malicious document injection, though filtering mechanisms are provided. Input validation for search filters is implemented. The MCP server exposes tools, meaning client-side tool usage should be trusted, and server-side validation is crucial for robust security.
Updated: 2026-01-19GitHub
73
324
Low Cost
microsoft icon

mcsmcp

by microsoft

Sec8

Deploying a Model Context Protocol (MCP) server to provide joke-telling tools for LLMs, specifically for integration with Microsoft Copilot Studio.

Setup Requirements

  • ⚠️Requires Node.js v22
  • ⚠️Docker required for Azure deployment
  • ⚠️Azure Subscription with payment method (for Azure deployment)
Verified SafeView Analysis
The server uses external APIs (api.chucknorris.io, icanhazdadjoke.com) to fetch joke content. While the code is straightforward and handles input validation with `zod`, reliance on external APIs introduces a dependency risk regarding their availability and data integrity. No `eval`, obfuscation, or obvious hardcoded secrets were found. The server exposes a POST /mcp endpoint, which is expected for an MCP server.
Updated: 2026-01-07GitHub
73
53
Medium Cost
LunFengChen icon

proxypin-mcp-server

by LunFengChen

Sec7

Enables an AI agent to interact with the ProxyPin network analysis and proxy tool, allowing it to manage requests, generate code, rewrite traffic, and analyze network data.

Setup Requirements

  • ⚠️Requires a running ProxyPin instance (version with built-in MCP support) configured to listen on port 17777.
  • ⚠️Requires Python 3.10+ and the `fastmcp` and `requests` Python dependencies.
  • ⚠️Assumes the underlying ProxyPin application is correctly configured and trusted.
Verified SafeView Analysis
The server acts as an API gateway to the ProxyPin application. It does not contain direct 'eval' or obvious obfuscation. However, it exposes powerful network manipulation capabilities (e.g., rewriting requests/responses, blocking URLs, running scripts) via an API to an AI. Security largely depends on the trustworthiness of the AI calling these tools and the configuration of the underlying ProxyPin application. Disabling system proxy for requests (`session.trust_env = False`) is a good practice. The tool's ability to 'autoApprove' all listed functions when integrated into an IDE can be a security risk if not carefully managed.
Updated: 2026-01-07GitHub
73
122
Low Cost
AgiFlow icon

aicode-toolkit

by AgiFlow

Sec4

An MCP proxy server that aggregates multiple Model Context Protocol (MCP) servers, enabling on-demand tool discovery and execution, thereby significantly reducing AI agent token usage and improving context window efficiency by loading tools progressively.

Setup Requirements

  • ⚠️Requires Node.js >=18 to run.
  • ⚠️Initial setup requires running 'npx @agiflowai/one-mcp init' to create an 'mcp-config.yaml' file, which must then be manually configured to point to desired upstream MCP servers.
  • ⚠️If connecting to remote MCP servers, environment variables for API keys or authentication tokens (e.g., MY_API_KEY, TOKEN) must be set in the operating system environment or included in the 'mcp-config.yaml'.
Review RequiredView Analysis
The server can execute arbitrary local commands (via 'command' and 'args' in 'mcp-config.yaml' for stdio servers) and make HTTP/SSE requests to arbitrary remote URLs defined in its configuration. If the 'mcp-config.yaml' is not secured or is user-editable in a multi-tenant environment, this can lead to severe remote code execution (RCE) or Server-Side Request Forgery (SSRF) vulnerabilities. The responsibility for securing the configuration and deployment environment falls heavily on the user. While tool blacklisting is available, it requires proper setup.
Updated: 2026-01-16GitHub
PreviousPage 27 of 760Next