Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(7756)

68
234
High Cost
milisp icon

mcp-linker

by milisp

Sec6

Sync and manage Model Context Protocol (MCP) server configurations across various AI clients like Claude Desktop, Cursor, and VS Code, providing a marketplace for server templates and cloud synchronization.

Setup Requirements

  • ⚠️Requires Node.js 20+, Bun, and Rust toolchain for development setup.
  • ⚠️Cloud synchronization and authentication features require Supabase API keys (VITE_SUPABASE_URL, VITE_SUPABASE_ANON_KEY) and an internet connection.
  • ⚠️Requires various command-line tools (Python, Node.js, UV, Git, Claude CLI) which are checked for and can be installed via the app, but manual intervention might be needed if automatic installation fails.
Review RequiredView Analysis
The application's core functionality involves executing external commands (e.g., git, python, node, uv, claude-cli) as defined by MCP server configurations. This inherently carries a risk if users add or use configurations from untrusted sources, potentially leading to arbitrary code execution on their machine. Input validation for server definitions (DXTManifestSchema) exists but the 'command' field allows arbitrary strings. Authentication for cloud sync uses standard bearer tokens. Supabase API keys are expected to be configured via environment variables. No 'eval' or direct obfuscation found. The risk largely depends on user's diligence in vetting MCP server sources.
Updated: 2025-12-03GitHub
68
673
Medium Cost
Cyfrin icon

aderyn

by Cyfrin

Sec9

A powerful Solidity static analyzer that takes a bird's eye view over your smart contracts, available via CLI, LSP, or an MCP server for integration with other developer tools and AI agents.

Setup Requirements

  • ⚠️Windows users must have WSL installed.
  • ⚠️Requires the `solc` (Solidity compiler) to be available in the environment for AST generation, though `solidity-ast-rs` might handle its installation in some cases.
  • ⚠️Custom `aderyn.toml` configuration might be needed for non-standard project structures or specific environment variables (e.g., `FOUNDRY_PROFILE`).
Verified SafeView Analysis
The MCP server component is built in Rust, leveraging its memory safety features. Its core function is static analysis of Solidity code; it does not appear to execute arbitrary untrusted code directly. Potential risks lie in resource exhaustion or parsing vulnerabilities if extremely malformed ASTs can crash the server, but no direct malicious patterns or easily exploitable remote code execution vectors (e.g., `eval`) were identified within the server's exposed functionality. Development and release tooling (using `xshell`) is separate from the runtime MCP server.
Updated: 2025-12-14GitHub
68
236
Medium Cost
apollographql icon

apollo-mcp-server

by apollographql

Sec9

The Apollo MCP Server enables AI models and agents to interact with GraphQL APIs by exposing GraphQL operations as Model Context Protocol (MCP) tools.

Setup Requirements

  • ⚠️Requires an Apollo API Key and Graph Ref for fetching schemas and operations from Apollo GraphOS or Uplink.
  • ⚠️Can be run via Docker, built from Rust source, or with `rover dev` (which typically requires Node.js and Rust).
  • ⚠️An MCP client (e.g., `npx @modelcontextprotocol/inspector`) is needed to interact with the server.
  • ⚠️Requires a target GraphQL API endpoint to expose (configured via `endpoint`).
Verified SafeView Analysis
The project demonstrates strong security practices including configurable OAuth 2.1 authentication (JWT validation, OIDC discovery), controlled HTTP header forwarding with a hop-by-hop blocklist, and comprehensive CORS configuration with validation checks. It leverages environment variables for sensitive API keys (e.g., APOLLO_KEY) rather than hardcoding. While `allow_any_origin: true` in CORS settings could be a misconfiguration risk if enabled improperly by users, it is an explicit configuration option. The `xtask` development tool interacts with GitHub API, but this is separated from the main server runtime. Overall, the core server appears robust and well-designed for secure operation.
Updated: 2025-12-13GitHub
67
315
High Cost
prajwalshettydev icon

UnrealGenAISupport

by prajwalshettydev

Sec3

Integrates various Generative AI models (LLMs, vision, TTS) into Unreal Engine 5.1+ to enable AI-driven content generation, in-game agentic NPCs, and direct scene/blueprint control.

Setup Requirements

  • ⚠️Requires API keys for various LLM providers (e.g., OpenAI, Anthropic, DeepSeek, XAI, Google, Meta), which are generally paid services.
  • ⚠️Requires Unreal Engine 5.1 or higher with the 'Python Editor Script Plugin' enabled.
  • ⚠️Requires installation and configuration of an external MCP client (Claude Desktop App or Cursor IDE) with a specific JSON config pointing to `mcp_server.py`.
  • ⚠️Requires `mcp[cli]` Python package to be installed globally (`pip install mcp[cli]`).
Review RequiredView Analysis
CRITICAL: The `execute_python_script` tool in `mcp_server.py` uses `exec(f.read())` to execute arbitrary Python code generated by an LLM within the Unreal Engine environment. While there's a `is_potentially_destructive` blacklist check, this is insufficient to prevent sophisticated prompt injection attacks or malicious code, potentially leading to arbitrary code execution (RCE), data corruption, or system compromise. The `execute_unreal_command` also allows running arbitrary console commands with similar, though potentially lesser, risk. The server listens on `localhost`, mitigating external network attack surfaces, but internal compromise (e.g., via a malicious LLM response) is a high risk. Users are explicitly warned to use it only in a controlled environment.
Updated: 2025-11-30GitHub
67
56
Low Cost
poly-mcp icon

Polymcp

by poly-mcp

Sec7

A comprehensive toolkit and agent framework for building Model Context Protocol (MCP) servers and orchestrating them with Large Language Models (LLMs) across Python and TypeScript environments.

Setup Requirements

  • ⚠️Requires Ollama to be running locally for local LLM inference (e.g., `ollama serve` and `ollama pull llama2`).
  • ⚠️Requires API keys for commercial LLM providers like OpenAI or Anthropic (implies potential cost).
  • ⚠️For browser automation, requires Playwright: `npm install playwright` and `npx playwright install chromium`.
  • ⚠️Authentication features (ProductionAuthenticator) rely on a Redis instance for token blacklisting and rate limiting.
Verified SafeView Analysis
The project implements sandboxing for LLM-generated code in both Python (using standard builtins with forbidden patterns) and TypeScript (using vm2 with forbidden patterns). This aims to prevent direct filesystem, network, or OS access. Production authentication (API Key, JWT) is robust with features like brute force protection, rate limiting, and HTTPS enforcement options. However, the Python sandbox explicitly includes `__builtins__` and relies on a blacklist, which, while a common pattern, carries inherent risks if the blacklist is incomplete or bypassed by sophisticated LLM outputs. Hardcoded development secrets exist in examples and `.env.template` files, requiring users to change them for production.
Updated: 2025-12-03GitHub
67
219
Low Cost
Govcraft icon
Sec8

Provides up-to-date Rust crate documentation via semantic search and LLM summarization to AI coding assistants.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid Service)
  • ⚠️Requires Rust Toolchain (if building from source, or implicitly for cargo doc functionality)
  • ⚠️Requires active internet connection for initial setup and OpenAI API calls
  • ⚠️First-time setup for a new crate/version/feature set can take significant time due to documentation generation and embedding
Verified SafeView Analysis
The server relies on the `cargo` library to download and generate documentation for specified crates, which entails fetching code from crates.io. While standard for Rust, this introduces a dependency on the security of the crate ecosystem. It also interacts with the OpenAI API, requiring an API key, which must be secured by the user. There are no obvious signs of arbitrary code execution ('eval' equivalents) or hardcoded secrets in the provided source code, and network access is limited to necessary external APIs and crate registries.
Updated: 2025-11-24GitHub
67
4
Medium Cost
nguyenmanmkt icon

mcp-server

by nguyenmanmkt

Sec1

A web-based Docker management platform for deploying, managing, and building custom AI tools (MCP servers) for integration with language models.

Setup Requirements

  • ⚠️Requires Docker Daemon Access: The 'server.js' backend needs permissions to interact directly with the Docker socket on the host machine, which implies running in a privileged Docker container or on a host with proper permissions.
  • ⚠️Plaintext Sensitive Data: User credentials and other sensitive configurations are stored in 'database.json' without encryption.
  • ⚠️External AI API Keys Required: 'GEMINI_API_KEY' is explicitly used by the Gemini tool, and a Perplexity API key (likely an environment variable like `PERPLEXITY_API_KEY`) would be needed for the Perplexity tool.
  • ⚠️Arbitrary Code Execution Risks: The image build feature allowing Git repo cloning and Dockerfile execution, along with the `eval` function in `calculator.py`, introduces severe remote code execution vulnerabilities.
Review RequiredView Analysis
CRITICAL: Multiple severe security vulnerabilities identified. User passwords are stored in plaintext in 'database.json'. The backend 'server.js' interacts directly with the Docker daemon socket, granting full control over the host's Docker environment via an API authenticated with plaintext credentials. The image build feature allows cloning arbitrary Git repositories and building Docker images, which is a critical Remote Code Execution (RCE) vulnerability if a malicious Dockerfile is provided. Furthermore, the 'calculator.py' MCP tool explicitly uses `eval(python_expression)` which is highly susceptible to RCE, even with attempts to limit scope. These combined issues make the system extremely vulnerable to unauthorized access, privilege escalation, and arbitrary code execution on the host.
Updated: 2025-11-28GitHub
67
304
Low Cost
apappascs icon

mcp-servers-hub

by apappascs

Sec10

This repository serves as a centralized catalog and ranking system for Model Context Protocol (MCP) servers, allowing users to discover and compare various server implementations based on GitHub stars.

Verified SafeView Analysis
The provided source code for the 'mcp-servers-hub' repository consists solely of its README.md file. This file is a descriptive document and does not contain any executable server-side code, logic, or dependencies for an MCP server itself. Therefore, there are no inherent security risks like 'eval' usage, obfuscation, network vulnerabilities, or hardcoded secrets from executable code within this specific repository's provided source. The repository's function, based on the provided code, is to list and describe other MCP servers, not to be an MCP server.
Updated: 2025-12-14GitHub
67
10
Low Cost
Sec7

This is a backend server component, likely acting as a "Master Control Program" for deployment workflows or a core service, developed using Node.js and TypeScript.

Setup Requirements

  • ⚠️Node.js runtime required
  • ⚠️Project dependencies must be installed (`npm install`)
  • ⚠️Environment variables from `.env.example` need to be configured
Verified SafeView Analysis
Standard Node.js/TypeScript project with linting and type-checking. Relies on environment variables (`.env.example`) for configuration, which requires careful handling to prevent exposure of sensitive information. Actual code for 'eval', obfuscation, or specific network vulnerabilities is unknown without source code access.
Updated: 2025-11-18GitHub
67
247
Medium Cost
spences10 icon

mcp-omnisearch

by spences10

Sec9

A Model Context Protocol (MCP) server providing unified access to multiple search providers and AI tools for comprehensive search, AI responses, content processing, and enhancement features.

Setup Requirements

  • ⚠️Requires API keys for each desired provider (Tavily, Perplexity, Kagi, Jina AI, Brave, GitHub, Exa AI, Firecrawl). Functionality is limited by available keys.
  • ⚠️GitHub API Key requires a Personal Access Token with NO SCOPES SELECTED (public access only) as explicitly detailed in the README to prevent over-permissioning.
  • ⚠️If using self-hosted Firecrawl, requires a separate Firecrawl instance to be set up and `FIRECRAWL_BASE_URL` configured.
Verified SafeView Analysis
The server appears to follow good security practices: API keys are exclusively loaded from environment variables (no hardcoded secrets). Input validation is performed using Valibot for incoming requests and custom utilities (`sanitize_query`, `validate_api_key`, `validate_processing_urls`). Network requests use a centralized `http_json` helper with consistent error handling (401, 403, 429, 5xx status codes) and request timeouts via `AbortSignal.timeout`. There is no apparent use of `eval` or unsafe `child_process` commands. The server acts as a proxy, so the security of the upstream APIs it connects to is an external factor.
Updated: 2025-12-14GitHub
66
190
Medium Cost
metorial icon
Sec8

The Metorial Platform is an open source integration platform for agentic AI, designed to connect any AI model to thousands of APIs, data sources, and tools with a single function call, built to scale to tens or hundreds of thousands of concurrent MCP connections.

Setup Requirements

  • ⚠️Requires a multi-database setup: PostgreSQL, Redis, and MongoDB are used for different data storage and caching needs, potentially requiring multiple instances of each.
  • ⚠️Demands a container runtime environment (Docker or Kubernetes) for deploying MCP servers and other components, increasing operational complexity.
  • ⚠️Can involve extensive cloud provider integrations for managed deployments, specifically AWS (Lambda, S3, IAM, ECS) if using Deno Deploy or AWS Lambda features.
  • ⚠️Requires careful configuration of a large number of environment variables for various services, databases, external APIs (e.g., GitHub, MeiliSearch, Algolia), and email transport.
Verified SafeView Analysis
The project demonstrates strong security awareness, featuring a dedicated SSRF protection module for URLs, IPs, and ports (allowing only 80/443 by default, blocking private/loopback IPs). Password management utilizes secure hashing (`Bun.password.hash`). Sensitive information like API keys and database credentials are sourced from environment variables. There's explicit naming of 'DANGEROUSLY_' functions, indicating caution around specific operations. However, the platform's nature, which involves running custom code in containerized environments (Docker, Lambda) and extensive inter-process/inter-service communication (MCP, Redis streams), inherently introduces a large attack surface. The security of the `codeWorkspaceClient` and the underlying `MICEndpoint` implementations is critical but not fully verifiable from the truncated code.
Updated: 2025-12-15GitHub
66
142
Low Cost
paoloricciuti icon

tmcp

by paoloricciuti

Sec9

OAuth 2.1 authorization helper for Model Context Protocol (MCP) servers.

Setup Requirements

  • ⚠️For production, in-memory client stores and development secrets must be replaced with persistent, secure storage and proper credential management.
  • ⚠️Requires 'valibot' and 'pkce-challenge' as direct dependencies.
  • ⚠️Primarily designed for HTTP transports; not applicable for STDIO or other non-HTTP transports for OAuth flows.
Verified SafeView Analysis
Implements OAuth 2.1 with critical security features like PKCE, valibot for schema validation, and configurable CORS for network security. Rate limiting is also included. Development examples use hardcoded client secrets and in-memory stores, which are not suitable for production and require replacement with a persistent, secure storage solution.
Updated: 2025-12-14GitHub
PreviousPage 29 of 647Next