Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

69
315
High Cost
cloudwego icon

abcoder

by cloudwego

Sec4

Starts a Model Context Protocol (MCP) server that provides AST reading tools for code analysis, integrable with AI clients like Claude Code.

Setup Requirements

  • ⚠️Requires installation of multiple language-specific LSP servers (e.g., `clangd-18`, `rust-analyzer`, `pylsp`, JDTLS), which `abcoder` attempts to auto-install but may require manual intervention or system-wide package changes.
  • ⚠️For large TypeScript/JavaScript repositories, Node.js's maximum memory allocation might need to be increased (e.g., `NODE_OPTIONS=--max-old-space-size=65536`).
  • ⚠️The 'agent' subcommand requires environment variables like `API_KEY` for LLM providers, which are typically paid services.
Review RequiredView Analysis
The server frequently uses `exec.Command` to run external tools (LSP servers, npm, go, cargo, mvn) in user-provided repository directories. A malicious repository could contain build configuration files (e.g., `Cargo.toml`, `pom.xml`, `package.json`, `go.mod`) designed to execute arbitrary commands during parsing or setup. This is a significant supply chain and command injection risk. Downloads of LSP servers and npm packages also introduce supply chain integrity concerns.
Updated: 2026-01-16GitHub
69
225
Medium Cost
Muvon icon

octocode

by Muvon

Sec8

An intelligent code indexer and semantic search engine that builds knowledge graphs of codebases, providing AI-powered assistance for development tasks like natural language search, smart commits, and code reviews, with local-first and multi-language support.

Setup Requirements

  • ⚠️Requires Voyage AI API Key (required for embeddings, 200M free tokens/month available).
  • ⚠️Requires OpenRouter API Key for full AI features (optional).
  • ⚠️Requires Rust/Cargo toolchain for manual installation via `cargo install`.
  • ⚠️By default, requires the project directory to be a Git repository (`require_git: true` in `index` config).
Verified SafeView Analysis
The project emphasizes local-first design for search and API keys are securely handled via environment variables, reducing the risk of hardcoded secrets. The Model Context Protocol (MCP) server runs locally with no external network access for search queries, limiting external exposure. No 'eval' or similar dangerous dynamic execution patterns were found in the provided source code snippets. Reliance on third-party AI models (Voyage AI, OpenRouter) implies dependency on their security, but Octocode's internal handling of API keys is sound.
Updated: 2026-01-17GitHub
69
155
Medium Cost
neo4j icon

mcp

by neo4j

Sec9

Enables AI models (LLMs) to interact with a Neo4j graph database by providing a structured set of tools via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires a running Neo4j database instance with the APOC plugin installed.
  • ⚠️Requires Go 1.25+ to build and run from source.
  • ⚠️Client (e.g., VSCode, Claude Desktop) setup involves specific configuration files and potentially base64-encoded credentials for HTTP mode.
Verified SafeView Analysis
The server implements strong security practices including per-request authentication (Basic Auth/Bearer Token) and configurable CORS for HTTP mode, and robust TLS/HTTPS support with secure defaults. Input validation prevents non-read operations in 'read-cypher' tool. Sensitive information (passwords, tokens, URIs) is redacted in logs. Startup checks ensure a valid Neo4j connection and APOC plugin. A MixPanel analytics token is hardcoded, but explicitly marked as safe for public exposure per G101 and does not grant sensitive access.
Updated: 2026-01-19GitHub
69
253
Medium Cost
mixelpixx icon

KiCAD-MCP-Server

by mixelpixx

Sec4

Enables AI assistants like Claude to interact with KiCAD for PCB design automation, providing comprehensive tool schemas and real-time project state access.

Setup Requirements

  • ⚠️Requires KiCAD 9.0 or higher installed with Python scripting support.
  • ⚠️Correct Python environment configuration (PYTHONPATH) is critical and platform-specific, often requiring KiCAD's bundled Python.
  • ⚠️Full JLCPCB API integration requires user-obtained JLCPCB API Key and Secret environment variables.
Review RequiredView Analysis
The server uses `child_process.spawn` in TypeScript to invoke a Python script, and the Python backend then uses `subprocess.run` (or similar) to execute `kicad-cli` commands. Multiple tools (e.g., `export_gerber`, `export_pdf`, `run_drc`) pass user-supplied parameters (`outputDir`, `outputPath`, `reportPath`) to these shell commands. If these parameters are not rigorously sanitized and escaped before interpolation into the shell command string, this creates a potential for command injection vulnerabilities. For instance, providing a malicious path like `'my_output && rm -rf /'` could execute arbitrary commands on the host system. The code snippets provided do not explicitly show robust input sanitization for these shell executions.
Updated: 2026-01-11GitHub
68
250
High Cost
salesforcecli icon

mcp

by salesforcecli

Sec9

The MCP Server for Salesforce facilitates seamless interaction between large language models (LLMs) and Salesforce orgs, providing a robust set of tools for common development and administrative tasks. This includes static code analysis for performance/security antipatterns, metadata deployment/retrieval, org management, SOQL queries, Apex/Agent testing, and DevOps workflows like work item management and conflict resolution.

Setup Requirements

  • ⚠️This is a 'pilot or beta service' and is for 'Internal Use Only', with no guarantee of compatibility with prior versions.
  • ⚠️Requires Node.js (up-to-date LTS) and Yarn (globally installed) due to its monorepo structure with Yarn workspaces and `nohoist`.
  • ⚠️Requires locally authorized Salesforce orgs (scratch orgs, sandboxes, Dev Hub) for tool execution (`--orgs` flag must be configured).
  • ⚠️DevOps tools (e.g., for work item checkout and conflict detection) rely on a pre-authenticated Git CLI for repository operations.
  • ⚠️The `run_code_analyzer` tool has a maximum target file count of 10 for static analysis and currently rejects `sfge` and `flow` engines.
  • ⚠️Inputs for file/directory paths must be absolute paths and undergo explicit validation against path traversal attempts.
  • ⚠️Long-running operations (e.g., scratch org creation, metadata deployment) may require polling or using the `resume_tool_operation` tool to track completion.
  • ⚠️A known bug (`W-19828802`) in `sfdx-core` may cause `NamedOrgNotFoundError` when creating scratch orgs synchronously.
  • ⚠️Telemetry is enabled by default and must be explicitly disabled using `--no-telemetry` for testing or privacy concerns.
Verified SafeView Analysis
The project adheres to Salesforce's internal security guidelines, including a dedicated security contact (`security@salesforce.com`). It demonstrates proactive security measures such as robust path traversal prevention (`sanitizePath` function in `mcp-provider-dx-core`), explicit handling and redaction of sensitive authentication information (e.g., `assertNoSensitiveInfo` in test utilities), and careful dependency management (e.g., `overrides` in root `package.json`). Contribution guidelines mandate security reviews for all pull requests. The architecture leverages `@salesforce/core` for secure Salesforce authentication mechanisms, which are well-established.
Updated: 2026-01-19GitHub
68
282
High Cost
szeider icon

consult7

by szeider

Sec9

Enables AI agents to analyze extensive file collections (e.g., codebases) using large context window models via OpenRouter, overcoming agent context limits.

Setup Requirements

  • ⚠️Requires an OpenRouter API Key (paid service) to function.
  • ⚠️Requires Python 3.11 or higher.
  • ⚠️Relies on 'uvx' for simplified installation and execution, which may require initial setup if not already present.
Verified SafeView Analysis
The server uses `httpx` for external API calls to OpenRouter with hardcoded URLs, reducing arbitrary network risks. API keys are passed via CLI arguments rather than hardcoded. File path validation is implemented for wildcards, limiting potential path traversal. The `zdr` (Zero Data Retention) option enhances privacy. The primary security consideration is the inherent capability to read local files, which could be misused by an agent if the system running Consult7 is not secured or the agent is not trusted for file access. No `eval` or obvious malicious patterns were found.
Updated: 2026-01-02GitHub
68
287
High Cost
context-hub icon

generator

by context-hub

Sec3

Provides a Retrieval-Augmented Generation (RAG) system and Micro-Context Protocol (MCP) server for AI assistants to understand, interact with, and generate documentation/code for projects. It allows indexing codebase knowledge, semantic search, and exposing file system, Git, and code analysis tools to AI agents.

Setup Requirements

  • ⚠️Requires PHP 8.2+ and Composer for dependency management.
  • ⚠️Docker is recommended for building the executable binary.
  • ⚠️Requires an OpenAI API Key (or compatible platform API key) for RAG vectorization (e.g., OPENAI_API_KEY). This is a paid service.
  • ⚠️Requires a running Qdrant instance for the default RAG knowledge store (RAG_QDRANT_HOST, RAG_QDRANT_PORT).
  • ⚠️The 'git' executable must be installed and accessible for Git-related features and tools.
  • ⚠️The MCP server exposes powerful capabilities; it must be run in a highly controlled, isolated environment with robust network and access controls. It is not safe for general public exposure.
Verified SafeView Analysis
The project is designed to expose powerful filesystem, Git, and code analysis capabilities via an HTTP API (MCP Server). This inherent design choice makes it highly critical from a security perspective. If the MCP server is exposed to untrusted users, or if an AI agent interacting with it is compromised, it could lead to: - Arbitrary file read/write/delete/replace on the server's filesystem. - Execution of arbitrary Git commands (add, commit, status). - Server-Side Request Forgery (SSRF) via the 'url' source type, fetching content from untrusted external URLs. - Indexing of sensitive internal code/data into external vector stores (Qdrant, OpenAI) if not configured carefully. While command execution uses Symfony Process (which correctly escapes arguments, reducing direct command injection risk), the *ability* to perform these actions via an API makes it a very high-privilege system. The default in-memory user provider for OAuth (if active) suggests a development-oriented authentication setup that is not suitable for production without significant hardening. No direct use of 'eval' or intentional obfuscation was detected.
Updated: 2026-01-19GitHub
68
270
Medium Cost
zinja-coder icon

jadx-mcp-server

by zinja-coder

Sec8

Facilitates live, LLM-driven reverse engineering and vulnerability analysis of Android APKs by integrating JADX with the Model Context Protocol.

Setup Requirements

  • ⚠️Requires JADX-AI-MCP plugin running locally and an APK loaded into JADX.
  • ⚠️Requires Java 11+ for the JADX-AI-MCP plugin.
  • ⚠️Requires Python 3.13+ to run the MCP server.
Verified SafeView Analysis
The Python server primarily acts as a proxy, forwarding requests to a local JADX-AI-MCP plugin (Java). Communication is restricted to localhost (127.0.0.1), reducing network attack surface for the server itself. No 'eval' or direct code injection vulnerabilities are apparent in the Python codebase. However, the powerful refactoring tools (e.g., renaming classes, methods, fields, packages) expose significant capabilities of the underlying JADX plugin. The overall security and integrity of the analysis and modifications depend heavily on the robustness of the JADX-AI-MCP plugin and how LLMs utilize these tools. Users must ensure authorized usage as per the project's disclaimer.
Updated: 2026-01-08GitHub
68
705
Medium Cost
Cyfrin icon

aderyn

by Cyfrin

Sec9

A Rust-based Solidity static analyzer that identifies vulnerabilities in smart contracts and provides developer tooling such as LSP and an MCP server for integration with other development environments and AI agents.

Setup Requirements

  • ⚠️Windows users must have WSL installed.
  • ⚠️Requires Rust toolchain for development/compilation.
  • ⚠️Development/release tooling like `cargo-release`, `gh` CLI, and `bacon` require separate installation.
Verified SafeView Analysis
The project is implemented in Rust, which inherently reduces many common memory-related vulnerabilities. It serves as a local development tool with capabilities for static analysis, LSP, and an MCP server. The `xtask` commands can perform sensitive operations like Git pushes and cargo releases, but these are intended for developer/CI environments and not directly exposed by the runtime servers. The MCP server binds to `127.0.0.1` by default for HTTP streaming, limiting network exposure. No obvious malicious patterns, hardcoded secrets, or `eval`-like constructs were found for arbitrary code execution in the server components.
Updated: 2026-01-19GitHub
67
219
Low Cost
Govcraft icon
Sec8

Provides up-to-date Rust crate documentation via semantic search and LLM summarization to AI coding assistants.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid Service)
  • ⚠️Requires Rust Toolchain (if building from source, or implicitly for cargo doc functionality)
  • ⚠️Requires active internet connection for initial setup and OpenAI API calls
  • ⚠️First-time setup for a new crate/version/feature set can take significant time due to documentation generation and embedding
Verified SafeView Analysis
The server relies on the `cargo` library to download and generate documentation for specified crates, which entails fetching code from crates.io. While standard for Rust, this introduces a dependency on the security of the crate ecosystem. It also interacts with the OpenAI API, requiring an API key, which must be secured by the user. There are no obvious signs of arbitrary code execution ('eval' equivalents) or hardcoded secrets in the provided source code, and network access is limited to necessary external APIs and crate registries.
Updated: 2025-11-24GitHub
67
241
Medium Cost
a-bonus icon

google-docs-mcp

by a-bonus

Sec8

Allows AI assistants to programmatically interact with Google Docs, Sheets, and Drive for document management, editing, formatting, and file organization.

Setup Requirements

  • ⚠️Requires a multi-step manual setup of Google Cloud Project credentials (enabling APIs, configuring OAuth consent screen, creating desktop client ID, downloading JSON).
  • ⚠️Involves a one-time interactive authorization process where the user must copy a URL, open it in a browser, grant permissions, copy an authorization code, and paste it back into the terminal.
  • ⚠️Operations involving comments (`addComment`, `resolveComment`) have known Google API limitations where anchoring may not be visible in the Docs UI or resolved status may not persist.
Verified SafeView Analysis
The server uses standard Google OAuth 2.0 or Service Account authentication, which are secure. It explicitly warns users about not sharing `credentials.json` and `token.json` files. Input parameters are validated using `zod` to prevent malformed requests. By default, it runs over `stdio`, limiting direct network exposure. However, it requires broad Google Drive, Docs, and Sheets scopes, meaning a compromised token could grant extensive access to user data.
Updated: 2026-01-14GitHub
67
4
Medium Cost
nguyenmanmkt icon

mcp-server

by nguyenmanmkt

Sec1

A web-based Docker management platform for deploying, managing, and building custom AI tools (MCP servers) for integration with language models.

Setup Requirements

  • ⚠️Requires Docker Daemon Access: The 'server.js' backend needs permissions to interact directly with the Docker socket on the host machine, which implies running in a privileged Docker container or on a host with proper permissions.
  • ⚠️Plaintext Sensitive Data: User credentials and other sensitive configurations are stored in 'database.json' without encryption.
  • ⚠️External AI API Keys Required: 'GEMINI_API_KEY' is explicitly used by the Gemini tool, and a Perplexity API key (likely an environment variable like `PERPLEXITY_API_KEY`) would be needed for the Perplexity tool.
  • ⚠️Arbitrary Code Execution Risks: The image build feature allowing Git repo cloning and Dockerfile execution, along with the `eval` function in `calculator.py`, introduces severe remote code execution vulnerabilities.
Review RequiredView Analysis
CRITICAL: Multiple severe security vulnerabilities identified. User passwords are stored in plaintext in 'database.json'. The backend 'server.js' interacts directly with the Docker daemon socket, granting full control over the host's Docker environment via an API authenticated with plaintext credentials. The image build feature allows cloning arbitrary Git repositories and building Docker images, which is a critical Remote Code Execution (RCE) vulnerability if a malicious Dockerfile is provided. Furthermore, the 'calculator.py' MCP tool explicitly uses `eval(python_expression)` which is highly susceptible to RCE, even with attempts to limit scope. These combined issues make the system extremely vulnerable to unauthorized access, privilege escalation, and arbitrary code execution on the host.
Updated: 2025-11-28GitHub
PreviousPage 30 of 760Next