Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

70
3
Medium Cost
FitoDomik icon

gitlab-mcp-server

by FitoDomik

Sec9

Connects an AI assistant to GitLab to facilitate interactive queries and actions on merge requests, pipelines, and code reviews.

Setup Requirements

  • ⚠️Requires `uv` for Python package management.
  • ⚠️GitLab Access Token needs `api` scope for write operations (e.g., commenting, resolving discussions), despite README suggesting `read_api` for initial setup.
  • ⚠️Requires a numeric `GITLAB_PROJECT_ID` for configuration.
Verified SafeView Analysis
The server securely handles GitLab API tokens by requiring them via environment variables (GITLAB_ACCESS_TOKEN, GITLAB_PROJECT_ID) and uses `aiohttp` for external API calls, correctly setting private tokens in headers. There are no signs of `eval`, code obfuscation, or hardcoded secrets. The `run-mcp.sh` script prioritizes loading environment variables from a local `.env` file, which is good practice for managing sensitive information.
Updated: 2025-11-28GitHub
70
26
Medium Cost
girste icon
Sec8

A Linux server security auditing and continuous monitoring tool that provides security posture analysis and anomaly detection capabilities, designed to be integrated with AI agents.

Setup Requirements

  • ⚠️Requires `sudo` for full functionality, granting privileged access to the system.
  • ⚠️Requires Go 1.23+ and `make` for building from source.
  • ⚠️Relies on various Linux commands (e.g., `ufw`, `docker`, `apt`/`yum`, `openssl`, `dig`) being available on the system.
Verified SafeView Analysis
The tool is written in Go and leverages standard system commands (`exec.Command`) for its auditing functions. It explicitly states in the README and code (e.g., `RequiresSudo()`) that `sudo` access is required for many operations. This inherently grants high privileges. While the code appears to handle command execution and file path sanitization (e.g., in `handleAnalyzeAnomaly`) carefully, any vulnerability in an invoked external command or the tool's parsing of its output could potentially be exploited. The `system.RunCommandSudo` function attempts `sudo -n` (no password) which is a good practice for automation. The tool makes outbound network calls for public IP detection and vulnerability intelligence (`api.ipify.org`, `nvd.nist.gov`, `cisa.gov`). No hardcoded secrets or malicious patterns were identified in the provided source code. The project's use of CI badges (CodeQL, Trivy) and an explicit private security advisory process indicates a focus on security.
Updated: 2026-01-17GitHub
70
3
High Cost
greatSumini icon

sharp-mcp

by greatSumini

Sec7

This MCP server provides image session management and processing capabilities for AI coding assistants, enabling tasks like metadata extraction, color picking, background removal, cropping, and compression.

Setup Requirements

  • ⚠️Requires Node.js >= v18.0.0.
  • ⚠️ML model files (~10-50MB) for background removal are downloaded on first run, causing a delay.
  • ⚠️The server process needs appropriate file system read/write permissions for tools interacting with local paths (e.g., `create_session_by_path`, `output_path` parameters).
Verified SafeView Analysis
The server can handle user-provided file paths for reading and writing images (`create_session_by_path`, `compress_image`, `extract_region`, `remove_background`). While `validateAbsolutePath` is used to prevent relative path traversal, the server's underlying process permissions will determine the extent of potential file system access an attacker could exploit if they gain control over the `output_path`. Storing base64 images in memory sessions, and performing CPU/memory intensive operations like background removal, cropping, and compression, poses a potential Denial-of-Service (DoS) risk if not adequately rate-limited or resource-managed at a higher layer. The ML model files (10-50MB) for background removal are downloaded and cached on first use, which introduces a supply chain risk if the source of these models were compromised. No hardcoded secrets or 'eval' were found in the provided code.
Updated: 2025-11-28GitHub
70
211
Medium Cost
aaronsb icon
Sec9

This plugin connects your Obsidian vault to AI assistants through MCP (Model Context Protocol), enabling them to understand and navigate your notes as a connected knowledge graph.

Setup Requirements

  • ⚠️Requires Obsidian desktop application to be running.
  • ⚠️Requires an MCP-compatible AI client (e.g., Claude Desktop, Claude Code, Continue.dev).
  • ⚠️Requires manual configuration of the plugin's generated API key in the AI client (and potentially `NODE_TLS_REJECT_UNAUTHORIZED=0` for self-signed HTTPS certificates).
  • ⚠️Full functionality of 'dataview' and 'bases' tools requires the respective Obsidian plugins to be installed and enabled.
Verified SafeView Analysis
The server features a comprehensive, multi-layered security framework, including OWASP-grade path validation (`SecurePathValidator`), a central firewall (`VaultSecurityManager`) with granular operation permissions (read, write, delete, move, etc.), and integration with a `.mcpignore` file for path exclusions. It actively guards against common vulnerabilities like path traversal, ReDoS (via `SafeRegexValidator`), and DoS (via `BatchLimitValidator`). API keys are securely auto-generated on first use, and an explicit 'dangerouslyDisableAuth' setting is provided with appropriate warnings. CPU-intensive operations are offloaded to worker threads for isolation. The web fetching tool is an inherent network interaction but is designed for user-requested URLs. Overall, the security implementation is exceptionally robust for an open-source plugin.
Updated: 2026-01-19GitHub
70
201
Medium Cost
hyprmcp icon

jetski

by hyprmcp

Sec9

Jetski is an open-source platform providing analytics, authentication, and simplified client setup for Model Context Protocol (MCP) servers by acting as a proxy.

Setup Requirements

  • ⚠️Requires Docker for local development dependencies (PostgreSQL, Dex, Mailpit).
  • ⚠️Requires 'mise' (dev tool environment manager) for tool installation and task execution.
  • ⚠️Requires 'pnpm' as the JavaScript package manager.
  • ⚠️Requires a host file entry for `host.minikube.internal` for local Dex setup if using Minikube.
  • ⚠️Kubernetes/Minikube is required for optional gateway orchestration, including Helm and Metacontroller.
Verified SafeView Analysis
The codebase demonstrates good security practices. Environment variables are used for sensitive configurations (e.g., database URL, OIDC credentials, GitHub secrets for Dex). OAuth2/OIDC is used for authentication, with JWT validation against a JWK set in the backend. User-provided `proxyUrl`s are subject to backend validation to prevent Server-Side Request Forgery (SSRF). Observability tools (Sentry, OpenTelemetry) are integrated. The use of `public: true` for OIDC clients in `docker-compose.yaml` is standard for single-page applications and CLIs, which cannot securely store client secrets. No 'eval', blatant obfuscation, or hardcoded production secrets were found. `requireHttps: false` in dev config is acceptable.
Updated: 2026-01-18GitHub
70
58
Medium Cost
aplaceforallmystuff icon

mcp-arr

by aplaceforallmystuff

Sec8

Manages Sonarr, Radarr, Lidarr, Readarr, and Prowlarr applications for media library control and configuration review via natural language queries.

Setup Requirements

  • ⚠️Requires Node.js 18+.
  • ⚠️At least one *arr application (Sonarr, Radarr, Lidarr, Readarr, or Prowlarr) must be running with API access.
  • ⚠️Requires setting specific environment variables (URL and API Key) for each *arr service to be managed.
Verified SafeView Analysis
The server uses environment variables for all sensitive configuration (URLs, API keys) and relies on standard `fetch` API for external communication. No hardcoded secrets or direct `eval`/`exec` calls with untrusted input were found. External data from TRaSH Guides is fetched from GitHub, which is generally reliable. The primary security considerations would be the user's secure setup of their *arr applications (e.g., not exposing them directly to the public internet).
Updated: 2026-01-16GitHub
70
7
High Cost
Sec8

An MCP server for ListenHub, enabling AI-powered podcast and FlowSpeech audio generation within various client applications.

Setup Requirements

  • ⚠️Requires a ListenHub API Key (available with ListenHub Pro plan and above, which is a paid service).
  • ⚠️Requires Node.js version 18 or higher.
Verified SafeView Analysis
The project is a Node.js application run via npx. It requires an API key which is passed via environment variables, a standard practice. It can operate in HTTP mode, exposing a local network port (default 3000), which introduces standard network security considerations if not properly managed. No signs of 'eval' or obfuscation were observed in the provided information.
Updated: 2025-11-17GitHub
70
3
High Cost
SerifeusStudio icon

threlte-mcp

by SerifeusStudio

Sec8

Enables AI agents to inspect and manipulate Three.js/Threlte 3D scenes in real-time, facilitating debugging, asset optimization, and cinematic tooling.

Setup Requirements

  • ⚠️Requires Node 18+ to run.
  • ⚠️Requires Svelte 5 for the MCPBridge component in your Threlte application.
  • ⚠️Your Threlte application must be running with the MCPBridge component, which connects to the server via WebSocket on ws://localhost:8083.
Verified SafeView Analysis
The server operates primarily as a local development tool, communicating with IDEs via standard I/O and with the game client via a local WebSocket (ws://localhost:8083). It handles file operations for GLTF asset processing, leveraging trusted libraries like `@gltf-transform` and `meshoptimizer`. While these operations involve file system access, input paths are validated, and remote URLs are disallowed, mitigating common file traversal risks. No direct 'eval' or hardcoded sensitive secrets were found. The primary risk lies with potential vulnerabilities in third-party GLTF processing libraries or if the local WebSocket server were exposed externally, allowing unauthorized scene manipulation. However, for its intended local use, it is considered robust.
Updated: 2026-01-17GitHub
70
3
Low Cost
dmytro-ustynov icon

pptx-generator-mcp

by dmytro-ustynov

Sec4

Generate professional PowerPoint presentations from Markdown input via a Model Context Protocol (MCP) server integrated with Claude Desktop.

Setup Requirements

  • ⚠️Requires Node.js 18.0 or higher
  • ⚠️Requires Claude Desktop for integration
  • ⚠️Manual configuration of `claude_desktop_config.json` is necessary after installation
  • ⚠️Global npm installation may require sudo depending on system configuration
  • ⚠️Custom fonts (e.g., JetBrains Mono) need to be manually installed on the operating system for proper display in the generated PPTX
Review RequiredView Analysis
The `generate_presentation` tool constructs an output file path using user-provided `filename` without sufficient sanitization against directory traversal (e.g., `../../`). An attacker could potentially write files to arbitrary locations on the host system within the user's permissions. For example, `filename: "../../malicious-script"` could lead to writing a file outside the intended `output` directory. The `list_presentations` tool lists files in a predefined output directory, which is less of a risk but does expose local file names. No direct `eval` or command injection from user input found.
Updated: 2025-12-01GitHub
70
3
High Cost
telmon95 icon

VulneraMCP

by telmon95

Sec3

An AI-powered platform for automated security testing, vulnerability research, and bug bounty hunting.

Setup Requirements

  • ⚠️Requires manual installation of external CLI tools (subfinder, httpx, amass, sqlmap) and presence in system PATH.
  • ⚠️PostgreSQL 18+ is recommended, and if installed locally (e.g., via Homebrew), it defaults to port 5433, not the standard 5432, which needs explicit configuration.
  • ⚠️OWASP ZAP must be running, and examples often disable its API key for convenience, making it insecurely accessible to anyone on the network.
  • ⚠️Caido integration requires a CAIDO_API_TOKEN, which must be obtained and configured separately.
Review RequiredView Analysis
The server uses `eval()` in `render.execute_js` which allows arbitrary JavaScript execution provided by the user/AI, posing a critical remote code execution risk if the MCP client is compromised or provides untrusted input. Default PostgreSQL passwords like 'bugbounty123' are suggested in setup scripts and `docker-compose.yml`, which is a hardcoded secret vulnerability. ZAP is often configured with `api.disablekey=true` in examples, leaving its API unprotected.
Updated: 2025-11-28GitHub
69
13
High Cost
jellydn icon

my-ai-tools

by jellydn

Sec2

Provides a comprehensive setup and configuration management guide for an AI-powered developer environment, integrating various AI coding tools and their custom settings.

Setup Requirements

  • ⚠️Requires a paid Claude Code subscription for full features.
  • ⚠️Manual `jq` installation may be required if common package managers are unavailable.
  • ⚠️Reliance on `npm`/`npx` for many tool installations and MCP server invocations, requiring Node.js/Bun environment setup.
Review RequiredView Analysis
CRITICAL: The `cli.sh` and `generate.sh` scripts use `eval "$1"` for command execution, which is a severe vulnerability allowing arbitrary code execution if inputs are not perfectly sanitized. CRITICAL: `configs/amp/settings.json` explicitly sets `"amp.dangerouslyAllowAll": true`, granting the Amp AI assistant unrestricted command execution privileges without user confirmation. Dynamic command execution within Claude Code hooks (e.g., auto-formatting based on file path input) could also be a vector if not properly secured against malicious input. The system installs third-party tools globally, posing a supply chain risk. API keys are handled in separate files but require careful local management.
Updated: 2026-01-19GitHub
69
257
High Cost
anyproto icon

anytype-mcp

by anyproto

Sec3

The Anytype MCP Server enables AI assistants to interact with Anytype's API through natural language by converting its OpenAPI specification into MCP tools.

Setup Requirements

  • ⚠️Requires an Anytype API Key for authentication, which must be obtained from the Anytype Desktop app settings.
  • ⚠️Requires the Anytype Desktop application (or its local API server) to be running and accessible, typically on `http://127.0.0.1:31009`.
  • ⚠️The `OPENAPI_MCP_HEADERS` environment variable is required to pass authentication and version headers as a JSON string (e.g., `{"Authorization":"Bearer <YOUR_API_KEY>", "Anytype-Version":"2025-11-08"}`).
Review RequiredView Analysis
The server loads an OpenAPI specification from a URL or local file, which is then parsed to create MCP tools. A critical vulnerability exists in the `HttpClient`'s file upload handling: it uses `fs.createReadStream` with file paths directly derived from AI-provided arguments. This allows an AI (or a malicious user interacting through the AI) to potentially read arbitrary files from the server's filesystem, posing a significant local file inclusion/arbitrary file read risk. While an `eval` statement was found, it is currently commented out, mitigating that specific severe risk.
Updated: 2026-01-13GitHub
PreviousPage 29 of 760Next