Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

73
197
Low Cost
Piebald-AI icon

gemini-cli-desktop

by Piebald-AI

Sec9

A cross-platform desktop and web UI for interacting with AI models (Gemini CLI, Qwen Code, LLxprt Code) through ACP and MCP, featuring tool confirmation, code diffing, chat history, and file browsing.

Setup Requirements

  • ⚠️Requires Rust, Node.js, and pnpm for development/building, with specific system dependencies for Linux.
  • ⚠️Requires installation of external AI CLIs (Gemini CLI, Qwen Code, LLxprt Code) to function.
  • ⚠️Requires API keys (potentially paid) for integrated AI providers (e.g., Anthropic, OpenAI, Gemini) configured at runtime.
Verified SafeView Analysis
The project demonstrates strong security practices, including 5-layer SSRF protection with URL validation, API key masking in logs, and a comprehensive command execution whitelist/blacklist. Tauri's sandboxed environment and minimal capabilities further enhance desktop security. Environment variables for child processes are handled with an RAII pattern for secure cleanup.
Updated: 2026-01-17GitHub
72
207
Low Cost
Vvkmnn icon
Sec9

Provides an MCP server for Claude Code to search and retrieve insights from conversation history, including past solutions, file changes, and tool usage patterns.

Setup Requirements

  • ⚠️Requires Claude Code application for conversation history data.
  • ⚠️Node.js version must be >=20.0.0 and npm >=10.0.0.
Verified SafeView Analysis
The server's primary function involves reading local `.jsonl` conversation files. It utilizes `fs/promises` and `readline` for file access, which are standard for local file operations. It does not perform outbound network requests for its core search functionality. The `UniversalHistorySearchEngine` attempts to access Claude Desktop data (e.g., LevelDB, SQLite) via temporary file copying to prevent locks, with temporary directories created using `mkdtemp` with secure permissions (`0o700`) and subsequently cleaned up. The `child_process` module is used for internal build/test scripts or controlled local execution in `testMCPServer`, not for executing arbitrary user input. No hardcoded secrets or 'eval' are observed in the runtime code. Desktop support for directly reading LevelDB/SQLite is explicitly marked as 'TEMPORARILY DISABLED' in the code, further reducing potential attack surface related to complex database interactions, and simplifying its runtime behavior to primarily local Claude Code files.
Updated: 2026-01-19GitHub
72
23
Low Cost
JoJoJotarou icon

AskUserQuestionPlus

by JoJoJotarou

Sec9

Facilitates asking structured questions to users via a web interface, collecting their input for AI models interacting through the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Node.js and npm/npx installed locally.
  • ⚠️Requires a local web browser capable of being launched automatically.
  • ⚠️Requires configuration with an MCP-compatible AI client (e.g., Claude Code, Codex, Gemini CLI).
Verified SafeView Analysis
The server uses Zod for input schema validation for the MCP tool, ensuring structured and validated input from the AI model. WebSocket messages from the client are parsed as JSON, with error handling for malformed messages. The `open` package is used to launch a web browser, which is an intentional feature for user interaction and the URL is controlled by the server. No obvious hardcoded secrets, 'eval' usage, or direct command injection vulnerabilities from user input were found. The service runs on localhost, limiting direct external attack surface.
Updated: 2026-01-19GitHub
72
10
Medium Cost
iceener icon
Sec9

Provides sandboxed filesystem access for AI agents to explore directories, read/search file content, and safely edit text files with checksum verification.

Setup Requirements

  • ⚠️Requires `Bun` runtime for the primary `dev` and `start` scripts.
  • ⚠️User MUST configure accessible directories via `FS_ROOTS` or `FS_ROOT` environment variables, otherwise the filesystem tools will be non-functional or report 'OUT_OF_SCOPE' errors.
  • ⚠️When connecting to clients (e.g., Claude Desktop), the `args` parameter often requires the absolute path to the server's entry point (e.g., `/absolute/path/to/files-mcp/src/index.ts`).
Verified SafeView Analysis
The server implements strong sandboxing by preventing absolute paths and directory traversal (`..`) outside configured mount points (`FS_ROOTS`). All file operations are routed through a robust path resolution layer (`src/lib/paths.ts`). Input validation is performed using Zod, mitigating common injection risks. File write operations (`fs_write`) strongly recommend checksum verification to prevent stale or unintended overwrites, enhancing data integrity. There is no apparent use of `eval` or direct arbitrary command execution. Glob patterns for searching are converted to safe regular expressions, not shell commands. Communication is via stdin/stdout, reducing network attack surface.
Updated: 2025-12-09GitHub
72
14
Medium Cost
ecos-labs icon

ecos

by ecos-labs

Sec8

Transforms AWS Cost and Usage Reports (CUR) into enriched datasets for FinOps analysis and provides AI-powered cost insights.

Setup Requirements

  • ⚠️Requires AWS CLI and configured AWS credentials.
  • ⚠️Requires Python 3.8+ and dbt Core with the `dbt-athena-community` adapter installed.
  • ⚠️AWS Cost & Usage Reports (CUR) must be enabled and configured for Athena in your AWS account.
  • ⚠️Appropriate AWS IAM permissions are necessary for the CLI to create and manage AWS resources (S3, Athena).
  • ⚠️Setting the `GITHUB_TOKEN` environment variable is recommended to avoid GitHub API rate limiting during model downloads.
Verified SafeView Analysis
The CLI component interacts with AWS services (S3, Athena, STS) and GitHub. It relies on standard AWS SDK practices for credential loading (from environment variables or local AWS config files) and utilizes the `GITHUB_TOKEN` environment variable for GitHub API authentication. Path sanitization (`filepath.Clean`) and checks for path traversal vulnerabilities are implemented during the extraction of dbt models from compressed archives. The `ecos init` and `ecos destroy` commands perform high-privilege AWS resource operations (creating/deleting S3 buckets and Athena workgroups), which is expected for an infrastructure management tool, but requires users to configure appropriate IAM permissions. No dynamic code execution (`eval` or similar) or obvious hardcoded secrets were detected in the provided Go or dbt code. The source code for the "MCP Server" (Python component for AI insights) is not provided, thus its specific security posture cannot be fully assessed.
Updated: 2025-12-11GitHub
72
270
Medium Cost
smat-dev icon

jinni

by smat-dev

Sec8

A tool to efficiently provide Large Language Models with structured project context for code comprehension and generation tasks.

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️For MCP server integration, requires setup with an MCP client (e.g., Cursor, Claude Desktop) to run 'uvx jinni-server'.
  • ⚠️WSL must be installed and configured on Windows for WSL path translation features to work correctly; relies on 'wslpath' or 'wsl -l -q' commands.
Verified SafeView Analysis
The tool executes external commands (`wslpath`, `wsl`) via `subprocess` for WSL path translation, based on user-provided paths. While safeguards like NUL byte checks (`ensure_no_nul`), explicit command arguments (`--`), and server-side `--root` path confinement are implemented, a sophisticated path traversal or OS-level vulnerability in the WSL environment could pose a risk. No direct 'eval', obfuscation, or hardcoded secrets were found.
Updated: 2025-12-14GitHub
71
315
Medium Cost
decocms icon

admin

by decocms

Sec6

The server acts as a control plane for Model Context Protocol (MCP) traffic, providing a unified API gateway for authentication, routing, and observability across various AI-native services and clients.

Setup Requirements

  • ⚠️Requires a commercial license for any revenue-generating or multi-tenant (SaaS) deployments, as per the Sustainable Use License (SUL). It is free for internal/agency use.
  • ⚠️Requires critical environment variables like `ENCRYPTION_KEY` and `AUTH_SECRET` for secure operation; failure to set these will lead to vulnerabilities or errors.
  • ⚠️The `CODE_EXECUTION_RUN_CODE` tool and associated gateway strategy enable running arbitrary JavaScript code in a sandbox, which introduces a significant and complex security risk that users must fully understand and manage.
Verified SafeView Analysis
The project implements robust security features including role-based access control (RBAC), multi-tenancy, credential encryption via a vault, and detailed audit logging with OpenTelemetry. However, it includes a "code execution" feature that allows running user-provided JavaScript code in a sandbox. While sandboxing aims to provide isolation, dynamic code execution is inherently a high-risk attack surface, making perfect security extremely challenging and prone to potential vulnerabilities. Careful review of the sandbox implementation would be required for high-security environments. Production deployments should ensure all sensitive environment variables are correctly configured.
Updated: 2026-01-19GitHub
71
80
Medium Cost
magentic icon
Sec8

Provides coding agents with full browser context from recorded user flows for debugging and regression testing.

Setup Requirements

  • ⚠️Requires the FlowLens Chrome extension to record and capture browser flows.
  • ⚠️Requires Python 3.10 or newer.
  • ⚠️A `FLOWLENS_MCP_TOKEN` environment variable is required to access shareable (remote) flows.
Verified SafeView Analysis
The server makes external network calls to the FlowLens API (flowlens-api.magentic.ai) and downloads recordings from URLs provided by this API. While the server itself does not contain obvious vulnerabilities like 'eval' or command injection based on user input, a compromise of the FlowLens API or manipulation of the provided video/RRWEB URLs could lead to the download of malicious files. However, these downloaded files (WEBM, JSON) are processed internally (e.g., for screenshots, DOM snapshots) and not directly executed, mitigating immediate execution risks. Authentication relies on a `FLOWLENS_MCP_TOKEN` which is expected to be provided via environment variables, a standard and secure practice to avoid hardcoding secrets.
Updated: 2025-12-07GitHub
71
315
Low Cost
decocms icon

mesh

by decocms

Sec9

An open-source control plane for Model Context Protocol (MCP) traffic, providing unified authentication, routing, observability, and tool management for AI agents and integrations across various services.

Setup Requirements

  • ⚠️Requires Bun runtime for local development and build processes.
  • ⚠️The `ENCRYPTION_KEY` environment variable is critical for data security and must be set securely in production (defaults to empty string if not provided).
  • ⚠️For production deployments, `DATABASE_URL` should be configured for PostgreSQL; SQLite is the default but not suitable for scale.
  • ⚠️STDIO connections are disabled by default in production; set `UNSAFE_ALLOW_STDIO_TRANSPORT=true` to enable them.
Verified SafeView Analysis
The project demonstrates strong security awareness, especially in critical areas. It utilizes `quickjs-emscripten-core` for sandboxed JavaScript execution, carefully limiting tool exposure. Raw SQL execution via `DATABASES_RUN_SQL` is mitigated with `SET LOCAL ROLE` and `SET LOCAL search_path` within transactions for PostgreSQL, providing robust isolation. The OAuth proxy (`oauth-proxy.ts`) includes logic to rewrite URLs and handle `WWW-Authenticate` headers, addressing common OAuth vulnerabilities. Sensitive data is protected using `aes-256-gcm` encryption with a non-hardcoded `ENCRYPTION_KEY`. STDIO connections are disabled by default in production unless explicitly enabled via `UNSAFE_ALLOW_STDIO_TRANSPORT=true`. Overall, the architecture and implementation show a high level of attention to security, but complex systems always have inherent risks.
Updated: 2026-01-19GitHub
71
152
Medium Cost
keyboard-dev icon

keyboard-local

by keyboard-dev

Sec9

Enables AI clients to execute real-world tasks through connected third-party tools (APIs, CLIs, SDKs) with human approval, leveraging a secure GitHub Codespace environment.

Setup Requirements

  • ⚠️Requires `git clone --recursive` to fetch submodules.
  • ⚠️Requires a Node.js/npm environment for both the Electron desktop client and the MCP server.
  • ⚠️Relies on GitHub Codespaces for the secure execution environment of AI-generated code.
  • ⚠️Users must connect and configure their own third-party API keys and credentials for desired tools (e.g., Gmail, Slack, Stripe).
Verified SafeView Analysis
The architecture described in the README emphasizes security through human approval workflows and execution within the user's own GitHub Codespace. This design aims to prevent the Keyboard server from directly accessing sensitive API keys, as they are managed within the user's secure environment. The user reviews and approves the generated code before execution, providing a critical control point. The disclaimer also places responsibility on the user for code review and connecting trusted applications. Without the actual JavaScript/TypeScript code for the `approver-client` and `keyboard-mcp` components, a deeper code-level security audit (e.g., checking for `eval` usage, obfuscation, or specific vulnerabilities) cannot be performed. The score reflects the strong security claims and architectural design rather than a direct code audit.
Updated: 2025-11-28GitHub
71
222
Medium Cost
strands-agents icon

mcp-server

by strands-agents

Sec9

Provides a Model Context Protocol (MCP) server for AI agents to search and retrieve curated documentation for the Strands Agents framework, facilitating AI coding assistance.

Setup Requirements

  • ⚠️Requires 'uv' for installation and command execution.
  • ⚠️Requires Python 3.10 or newer.
  • ⚠️Using the MCP Inspector for testing requires Node.js and npx.
Verified SafeView Analysis
The server explicitly validates URLs passed to `fetch_doc` to ensure they start with `https://strandsagents.com`, which significantly mitigates Server-Side Request Forgery (SSRF) risks. No `eval` or similar dangerous functions were found. The HTML cleaning uses standard library functions and regex to strip tags and unescape content, reducing XSS concerns if content were ever rendered directly. Overall, the security posture appears robust for its intended function.
Updated: 2025-11-21GitHub
71
390
Medium Cost
domdomegg icon
Sec8

A Model Context Protocol server that provides read and write access to Airtable databases, enabling LLMs to inspect schemas and manage records.

Setup Requirements

  • ⚠️Requires an Airtable Personal Access Token with appropriate scopes (schema.bases:read, data.records:read, and optionally write permissions).
  • ⚠️Requires Node.js to be installed.
  • ⚠️If using HTTP transport (MCP_TRANSPORT=http), there is no built-in authentication; must be secured externally.
Verified SafeView Analysis
The server correctly retrieves the Airtable API key from environment variables (AIRTABLE_API_KEY) or a deprecated command-line argument, preventing hardcoding. It uses Zod for input and API response validation. The `searchRecords` function sanitizes user-provided search terms to prevent Airtable formula injection. An explicit warning is provided when running with HTTP transport about the lack of built-in authentication, emphasizing the need for a reverse proxy or secured setup. While a read-only API key is present in an e2e test file, it's not used in production code paths.
Updated: 2026-01-16GitHub
PreviousPage 28 of 760Next