Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(7756)

66
17
Medium Cost
milkymap icon

pulsar-mcp

by milkymap

Sec2

Acts as a semantic router for Model Context Protocol (MCP) ecosystems, enabling discovery and execution of tools across multiple MCP servers without context bloat for LLMs.

Setup Requirements

  • ⚠️Requires OpenAI API Key for embeddings, descriptions, and vision (Paid Service).
  • ⚠️Requires persistent storage for `TOOL_OFFLOADED_DATA_PATH` and a Qdrant vector database (either local file/in-memory using `QDRANT_DATA_PATH`, or remote URL using `QDRANT_URL`).
  • ⚠️Python 3.12+ only.
Review RequiredView Analysis
The server's `mcp-servers.json` configuration allows specifying `command` and `args` for `stdio` transport MCP servers. This means it can execute arbitrary shell commands on the host system if an attacker can control the `mcp-servers.json` file or its content. This is a critical remote code execution vulnerability if the configuration is not immutable and from a highly trusted source. Content offloading to `TOOL_OFFLOADED_DATA_PATH` could also pose a risk if paths are not securely managed or if malicious content is stored and later retrieved/executed by another agent.
Updated: 2025-12-08GitHub
66
59
Medium Cost
sudocode-ai icon

sudocode

by sudocode-ai

Sec7

Git-native spec and issue management for AI-assisted software development.

Setup Requirements

  • ⚠️Requires Node.js >= 18.0.0 and npm >= 7.0.0 to be installed.
  • ⚠️Requires Git CLI to be installed and available in the system's PATH for all repository operations.
  • ⚠️Requires specific AI agent CLIs (e.g., `claude`, `codex`, `copilot`, `cursor-agent`) to be installed and in PATH for agent execution, or their paths explicitly configured. Installation of these agents is outside the scope of `sudocode` itself.
  • ⚠️The use of global npm packages (`npm install -g sudocode`) can sometimes lead to Node.js version conflicts, as noted in the project's README.
Verified SafeView Analysis
The server executes local `git` and `npm` commands, primarily using `child_process.execSync` and `spawnSync`. Git operations involving dynamic inputs (like branch or path names) are explicitly sanitized using `escapeShellArg` to mitigate shell injection risks. AI agent executions are designed to be isolated within `git` worktrees, which helps reduce direct impact on the main repository. However, the system allows installation of third-party plugins via `npm install -g`, which implies a level of trust in the plugin source as it grants execution capabilities. Additionally, some agent configurations may expose `dangerouslySkipPermissions` options, allowing explicit overrides of safety features, which if misused, could introduce risks. No obvious hardcoded secrets or malicious patterns were identified in the provided source code.
Updated: 2025-12-15GitHub
66
17
Medium Cost
milkymap icon

omnimcp

by milkymap

Sec8

Acts as a semantic router to discover and execute tools across multiple Model Context Protocol (MCP) servers, reducing context bloat for large language models by exposing a single meta-tool.

Setup Requirements

  • ⚠️Requires an OpenAI API Key (paid service) for generating embeddings, tool/server descriptions, and image descriptions.
  • ⚠️Requires Python 3.12 or newer to run.
  • ⚠️Requires `uv` (a Python package installer and executor) to be installed and in PATH for using `uvx` commands.
  • ⚠️A Qdrant vector database connection must be configured, supporting local file storage, in-memory, or a remote Qdrant server/cloud instance.
Verified SafeView Analysis
The server employs robust configuration management using Pydantic Settings, prioritizing environment variables for sensitive data (API keys, storage paths). Internal communication within the `MCPEngine` utilizes in-process ZeroMQ (pyzmq), which is secure for internal messaging and doesn't expose external network ports for this purpose. The `ContentManager` uses UUIDs for filenames when offloading content, effectively mitigating path traversal vulnerabilities. Tool arguments are processed via `json.loads`, which is generally safe when inputs are constrained by LLM tool calling standards. The project builds upon the `FastMCP` framework, inheriting its security posture; no obvious new network vulnerabilities are introduced within OmniMCP's code. Overall, security practices appear solid, but rely on the integrity of complex upstream dependencies and proper environmental configuration.
Updated: 2025-12-08GitHub
66
80
Medium Cost

pageindex-mcp

by VectifyAI

Sec7

Provides vectorless, reasoning-based RAG capabilities for LLMs to navigate and retrieve information from hierarchical document structures, primarily for long PDFs.

Setup Requirements

  • ⚠️Requires Node.js >= 18.0.0 for local server deployment (Option 1).
  • ⚠️Relies on the external PageIndex cloud service for core document processing and reasoning, meaning PDF content is transmitted to their servers.
  • ⚠️OAuth authentication with PageIndex is required and handled automatically by the local server or direct connection.
Verified SafeView Analysis
The local MCP server (Option 1) is a Node.js application that likely transmits local PDF content to the remote PageIndex service for processing. The direct connection options (Option 2 and 3) also communicate with a remote PageIndex server. OAuth authentication is handled automatically, implying external API calls. Users should be aware that document content may be sent to a third-party cloud service for analysis.
Updated: 2025-11-17GitHub
66
92
Medium Cost
OctopusDeploy icon

mcp-server

by OctopusDeploy

Sec9

This server allows AI assistants to inspect, query, and diagnose problems within an Octopus Deploy instance using the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Node.js >= v20.0.0 (if not using Docker).
  • ⚠️Requires an Octopus Deploy instance accessible via HTTPS.
  • ⚠️Requires an Octopus Deploy API Key for authentication.
Verified SafeView Analysis
The server explicitly handles sensitive API keys via environment variables or CLI arguments, avoiding hardcoding. All current tools are read-only by default, limiting potential for destructive actions. The README provides clear warnings about the potential for exposure of sensitive data (like production secrets in logs) via AI processing and advises using least-privileged accounts and caution against prompt-injection attacks. No 'eval' or obfuscation was found in the provided source code, indicating good coding practices for security at the code level.
Updated: 2025-12-12GitHub
66
18
Low Cost
appsecco icon
Sec10

This project provides a practical, community-driven checklist for pentesting Model Context Protocol (MCP) servers, guiding security testers through potential vulnerabilities in AI agent execution layers.

Verified SafeView Analysis
The provided source code consists solely of documentation files (Markdown). This project is a security checklist designed to help identify vulnerabilities in Model Context Protocol (MCP) servers. The project itself does not contain executable code, and therefore does not pose runtime security risks such as 'eval' usage, obfuscation, network vulnerabilities, or hardcoded secrets. Its content explicitly warns about dangerous functions and insecure practices in MCP servers, making it a valuable security resource.
Updated: 2025-12-13GitHub
66
55
Medium Cost
vintasoftware icon

django-ai-boost

by vintasoftware

Sec8

Provides a Model Context Protocol (MCP) server for Django applications, enabling AI assistants to introspect and interact with Django codebases.

Setup Requirements

  • ⚠️Requires Python 3.12+ (as specified in pyproject.toml).
  • ⚠️Requires the Django settings module to be specified via the `--settings` argument or the `DJANGO_SETTINGS_MODULE` environment variable.
  • ⚠️The Django project root directory often needs to be added to the `PYTHONPATH` for the server to locate project modules.
Verified SafeView Analysis
The server primarily uses Django's built-in ORM and introspection APIs for read-only operations, which are generally safe from direct injection. No use of `eval` or `exec` was found. The `query_model` tool offers broad read access to any model and its fields via the ORM; while protected from SQL injection by Django's ORM, it could expose sensitive data if the underlying Django project contains it and the AI client is untrusted. It also permits crafting complex filters, which could lead to resource-intensive queries (Denial of Service) if not properly managed or monitored, although the `limit` parameter mitigates excessive data transfer. The `read_recent_logs` tool is mentioned in the README but is not implemented in the provided `server_fastmcp.py` source code, so it was not audited. Configuration for SSE transport allows binding to network interfaces, which requires proper network security practices. The `SECRET_KEY` in test settings is intentionally insecure for testing purposes.
Updated: 2025-12-12GitHub
65
199
Medium Cost

mcp_massive

by massive-com

Sec6

An AI agent orchestration server, likely interacting with LLMs and managing multi-agent workflows.

Setup Requirements

  • ⚠️Docker required
  • ⚠️Requires local/remote LLM provider (e.g., OpenAI API Key, Ollama, etc.)
Review RequiredView Analysis
Code content not available for deep inspection. Assumed network risks due to 'server' nature and potential for unauthenticated endpoints. No 'eval' or obfuscation detected based on file names alone.
Updated: 2025-11-18GitHub
65
204
High Cost
volcengine icon

mcp-server

by volcengine

Sec5

This repository serves as a marketplace for Model Context Protocol (MCP) servers, enabling large language models (LLMs) to interact with and manage various Volcengine cloud services and other developer tools via natural language.

Setup Requirements

  • ⚠️Requires Volcengine Access Key (AK) and Secret Key (SK) with appropriate IAM permissions (for paid cloud services), and for some Python servers on Windows, PyCryptodome compilation setup.
  • ⚠️Inconsistent Python version requirements across different MCP sub-servers and the provided client, which can cause environment setup conflicts (e.g., `mcp-server-vke` requires >=3.12, but `app/general_client` requires <3.12).
  • ⚠️Relies on the `uv` toolchain for package management and execution, requiring separate installation.
Review RequiredView Analysis
The project provides a framework for LLMs to manage Volcengine cloud resources and execute code via sandboxed environments (e.g., `vefaas_sandbox`, K8s `apply_yaml`). This inherently carries high security risks, as an LLM could be prompted to perform destructive or costly actions. While environment variables are used for credentials and an `ALLOW_WRITE` flag is available for critical services like Kubernetes (defaulting to `false`), these powerful capabilities necessitate extreme caution, robust access control policies (least privilege), and thorough monitoring. SQL generation from natural language (e.g., in TLS server) also introduces potential for injection vulnerabilities if not carefully handled internally. Malformed input could also affect OAuth and token processing.
Updated: 2025-12-15GitHub
65
273
Low Cost
zueai icon

mcp-manager

by zueai

Sec4

A web GUI to easily manage and configure Model Context Protocol (MCP) servers for the Claude Desktop app on MacOS, generating terminal commands for installation and setup.

Setup Requirements

  • ⚠️Requires MacOS as it targets the Claude Desktop app on that OS.
  • ⚠️Requires Node.js and uv (Python package manager) installed locally via terminal commands.
  • ⚠️Requires manual execution of generated terminal commands, which can include high-privilege operations like `sudo npm link` for some MCP servers.
  • ⚠️Requires obtaining and inputting API keys/tokens for various third-party services (e.g., Brave Search, AWS, GitHub) into the GUI, which are then included in the generated configuration.
Verified SafeView Analysis
The `mcp-manager` application itself is a client-side React web GUI and does not inherently contain direct security vulnerabilities like `eval` of user input or hardcoded active secrets. Placeholder environment variables are present in `src/server-configs.ts` but are explicitly for user configuration. However, the core function of this manager is to *generate and instruct users to execute terminal commands* (`npx`, `uvx`, `node`, `curl | sh`, `npm install`, `sudo npm link`) which download and run external code (MCP servers) on the user's system. This requires significant trust in the external MCP server packages and the generated commands. Executing `sudo npm link` as part of the setup for some servers (e.g., Exa) grants high privileges, posing a severe risk if the external package or its dependencies were compromised. Users must exercise extreme caution and vet all external code before running the generated commands.
Updated: 2025-12-03GitHub
65
55
Low Cost
Intina47 icon

context-sync

by Intina47

Sec8

Provides AI systems with persistent memory and context management across various development tools, sessions, and projects.

Setup Requirements

  • ⚠️Requires Node.js v18.0.0 or higher.
  • ⚠️Notion integration requires a Notion API Key obtained from the Notion website and sharing specific pages with the integration.
  • ⚠️Manual configuration of MCP servers might be needed for some AI clients (e.g., Cursor, VS Code) if auto-detection fails, involving editing JSON/YAML files.
Verified SafeView Analysis
The server uses 'better-sqlite3' for local data storage and `child_process.execSync` for Git operations. File system operations are extensive, but `FileWriter` includes path validation to prevent path traversal and restrict access to sensitive directories. `GitIntegration` commands passed to `execSync` are controlled and file paths are quoted to mitigate common shell injection risks. Notion API keys are stored locally in a config file managed by an interactive setup wizard, rather than hardcoded, and the documentation emphasizes securing these keys. No 'eval' or overt malicious patterns were found. Given its nature as a local tool interacting with the file system and Git, the security measures in place appear robust for its intended use case on a developer's machine.
Updated: 2025-12-12GitHub
65
25
Low Cost
kitwork icon

kitwork

by kitwork

Sec6

A lightweight workflow engine for automating tasks, orchestrating services, building serverless functions, and creating API endpoints via YAML.

Setup Requirements

  • ⚠️Requires familiarity with YAML for workflow, API, and schedule definitions.
  • ⚠️Browser automation with `Chromedp` may require a headless Chrome/Chromium browser installation or runtime environment.
  • ⚠️Database interaction (e.g., PostgreSQL) requires explicit configuration of credentials (user, password, host, port) in YAML files like `database/postgres.yaml`.
Verified SafeView Analysis
The system is designed to execute arbitrary JavaScript scripts, database queries, HTTP requests, and browser automation steps defined within YAML workflow files. This inherent power means security heavily relies on the trustworthiness of the provided workflow definitions. Secrets are stored in YAML files (e.g., `secret/telegram.yaml`), which, while using placeholders, can be a risk if not properly managed (e.g., through environment variable overrides or encryption) in a production environment. The manifesto mentions 'Core can also read files dynamically,' which, if exploitable via untrusted YAML, could lead to local file access.
Updated: 2025-12-11GitHub
PreviousPage 30 of 647Next