Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(7756)

65
60
Medium Cost
sonatype icon
Sec5

Connects AI assistants to Sonatype's dependency management and security intelligence platform, providing real-time insights into open-source security vulnerabilities, license compliance, and dependency health.

Setup Requirements

  • ⚠️Requires a Sonatype Guide API Token (account creation needed)
  • ⚠️Requires `mcp-remote` npm package for certain IDEs/tools that only support stdio MCP servers
  • ⚠️Requires external network access to `https://mcp.guide.sonatype.com/mcp`
Verified SafeView Analysis
The provided source code is limited to the `README.md` file. Therefore, a comprehensive security audit of the actual server implementation or the `mcp-remote` client-side proxy is not possible. The server is described as a remote HTTP service accessible via standard HTTPS and Bearer token authentication. This method is generally secure for data in transit, but the security of the server's internal logic and the `mcp-remote` tool (an external npm package) cannot be assessed from the provided information. Users must trust the remote Sonatype service and the `mcp-remote` package.
Updated: 2025-12-08GitHub
65
136
Medium Cost
microsoft icon

mcp-interviewer

by microsoft

Sec8

A Python CLI tool to evaluate Model Context Protocol (MCP) servers for agentic use-cases, by inspecting capabilities, running functional tests, and providing LLM-as-a-judge evaluations.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid for default model configuration)
  • ⚠️Python 3.11+ required
  • ⚠️Docker (or similar containerization) recommended for target server to mitigate execution risks
  • ⚠️Requires explicit acceptance of risk for functional testing via CLI prompt or `--accept-risk` flag
Verified SafeView Analysis
The `mcp-interviewer` tool itself does not contain obvious vulnerabilities like `eval` or hardcoded secrets. Its primary security risk stems from its intended function: executing user-provided MCP server commands in a child process and invoking their tools. This inherently involves interacting with potentially untrusted external code. The project demonstrates strong security awareness by explicitly warning users about these risks in the README and CLI (e.g., `--test` flag requires `accept-risk` confirmation) and recommending running target servers in isolated containers. Adherence to these best practices is crucial for safe operation.
Updated: 2025-12-15GitHub
65
5
Low Cost
razavioo icon

liara-mcp

by razavioo

Sec8

Enables AI assistants to deploy and manage applications, databases, and infrastructure on the Liara cloud platform through natural language commands.

Setup Requirements

  • ⚠️Requires a valid Liara API Token and a Liara cloud account (which may incur costs for used services).
  • ⚠️Requires Node.js version 18.0.0 or higher.
  • ⚠️Users of Node.js version managers (like nvm or fnm) might encounter PATH issues, requiring an alternative configuration as described in the README or using the provided setup wizard (`npx liara-mcp-setup`).
Verified SafeView Analysis
The server uses standard `axios` for API calls and retrieves the Liara API token from environment variables, avoiding hardcoded secrets. It implements input validation (`validateAppName`, `validateDomainName`, `validateEnvKey`, `validateRequired`) to mitigate common injection risks before interacting with the Liara API. The architecture separates API client, services, and core server logic well. The main security consideration is the broad power granted to the AI assistant (e.g., creating/deleting resources, uploading local files via `filePath` arguments), which is inherent to its function but requires trust in the AI's directives. No `eval` or obfuscation was found.
Updated: 2025-12-05GitHub
65
81
High Cost

turbo-flow-claude

by marcuspat

Sec8

Provides an advanced, agentic AI development environment integrated with Claude Flow and SPARC methodology, supporting multi-cloud and local development platforms.

Setup Requirements

  • ⚠️Requires DevPod to be installed and configured with a supported cloud provider (e.g., DigitalOcean, AWS, Azure, GCP, Rackspace) and corresponding API tokens.
  • ⚠️Implicitly requires an Anthropic Claude API Key (Paid) for the AI agent functionality to work.
  • ⚠️Significant token consumption and associated costs are expected due to the nature of complex AI agentic development tasks (e.g., 'Full Project Development').
Verified SafeView Analysis
The project itself, as a setup configuration, appears safe to run. However, it integrates with cloud providers, requiring sensitive API tokens, and facilitates the use of AI agents that can execute code or interact with the system. Users should exercise caution with prompts and ensure proper sandboxing, especially when using options like `--dangerously-skip-permissions` mentioned in the README. The security of the underlying Claude Flow and DevPod tools is assumed.
Updated: 2025-11-18GitHub
64
389
Medium Cost
controlplaneio-fluxcd icon

flux-operator

by controlplaneio-fluxcd

Sec8

Manages Flux Operator resources and GitOps pipelines in Kubernetes clusters through an AI assistant via natural language.

Setup Requirements

  • ⚠️Requires a Kubernetes cluster with Flux Operator installed and a valid kubeconfig file accessible.
  • ⚠️Requires appropriate Kubernetes RBAC permissions for the service account or user specified in the kubeconfig to view and potentially modify Flux resources.
  • ⚠️Building from source requires Go 1.24+.
Verified SafeView Analysis
The Flux Operator MCP Server is designed with security features including read-only mode, secret masking, and Kubernetes impersonation. It supports OIDC, Bearer Token, and Basic Auth for client authentication. The use of CEL for OIDC claim validation adds a layer of security. Critical operations like `apply_kubernetes_manifest` (which can modify cluster state) are disabled by default in read-only mode. Disabling secret masking is explicitly warned against for sensitive environments. Overall, it provides configurable controls to manage the level of access and operations an AI assistant can perform.
Updated: 2025-12-14GitHub
64
181
Medium Cost
dynatrace-oss icon

dynatrace-mcp

by dynatrace-oss

Sec9

The server integrates Dynatrace observability with AI assistants, enabling real-time data access, incident investigation, security analysis, and DevOps automation in development workflows.

Setup Requirements

  • ⚠️Requires configuration of specific OAuth scopes or Platform Token permissions on Dynatrace for different capabilities (e.g., 'storage:logs:read', 'davis-copilot:nl2dql:execute', 'automation:workflows:write', 'email:emails:send').
  • ⚠️Interactive OAuth Authorization Code Flow requires a local browser window interaction and a temporary local HTTP server.
  • ⚠️DQL queries can incur costs based on data volume scanned in Dynatrace Grail, though built-in budget tracking and result limits are in place to help manage this.
Verified SafeView Analysis
The server implements robust OAuth 2.0 flows (Client Credentials and Authorization Code with PKCE) for secure authentication with Dynatrace. It explicitly avoids persisting OAuth tokens to disk, enhancing security. Sensitive operations like sending emails, Slack messages, or modifying workflows require explicit human approval, significantly mitigating risks of automated unintended actions. All Dynatrace environment URLs are validated to prevent connections to arbitrary external domains. Telemetry is implemented with anonymized data and can be disabled. No 'eval' or obvious malicious code patterns were found. A minor consideration is the hardcoded default client ID for the interactive OAuth flow, which is acceptable for a public client but worth noting.
Updated: 2025-12-09GitHub
64
101
Medium Cost
williamzujkowski icon

strudel-mcp-server

by williamzujkowski

Sec9

An MCP server for AI-powered music generation and live coding through Strudel.cc, enabling AI agents to compose, manipulate, and analyze musical patterns.

Setup Requirements

  • ⚠️Requires Playwright Chromium to be installed (`npx playwright install chromium`) to function correctly.
  • ⚠️Initial audio context activation might require the browser window to be visible (i.e., not running in headless mode) on some systems to register user interaction.
  • ⚠️For optimal server-side or CI/CD usage, `headless: true` must be set in `config.json`.
Verified SafeView Analysis
The server uses Playwright to automate a browser (Strudel.cc), allowing dynamic code execution via `page.evaluate()`. This inherent risk is extensively mitigated by multiple layers of defense: - `PatternValidator` performs syntax and safety checks on user-provided code (e.g., preventing `eval()` or `Function()` calls) *before* it's executed in the browser's sandbox. - `PatternStore` rigorously sanitizes filenames using `path.basename` and regex to prevent path traversal and other file system attacks. - File I/O is restricted to a designated 'patterns' directory. - The browser operates within its own sandbox, providing isolation from the host system. - There are no hardcoded secrets or direct `child_process` calls in the core server logic; `child_process` is only used in test files. Input validation (`InputValidator`) is robust across all tools.
Updated: 2025-12-14GitHub
64
10
Medium Cost
DavidFuchs icon

mcp-uptime-kuma

by DavidFuchs

Sec9

Provides a Model Context Protocol (MCP) interface for real-time Uptime Kuma monitoring data.

Setup Requirements

  • ⚠️Requires a running Uptime Kuma v2 instance.
  • ⚠️Requires Node.js 18+ to run directly, or Docker for containerized deployment/testing.
  • ⚠️Authentication requires Uptime Kuma URL and credentials (username/password/2FA token or JWT token) as environment variables.
Verified SafeView Analysis
No direct 'eval' or malicious patterns found. Uses Zod for input/output validation, and filters sensitive data like `steamAPIKey` from settings. CORS defaults to '*' for HTTP transport, which is common but less restrictive than specific origins. Authentication credentials are handled via environment variables.
Updated: 2025-11-29GitHub
64
11
Medium Cost
BiboyQG icon

WeChat-MCP

by BiboyQG

Sec8

Automate WeChat interactions on macOS for LLMs, enabling programmatic control over chat, contact management, and Moments (social feed) publishing via accessibility APIs and screen capture.

Setup Requirements

  • ⚠️Requires macOS operating system.
  • ⚠️WeChat for Mac application must be installed and actively running.
  • ⚠️Python 3.12+ is required.
  • ⚠️Requires granting Accessibility permissions to the terminal application (e.g., Terminal.app, iTerm2) in macOS System Settings, enabling it to control other applications.
Review RequiredView Analysis
The server leverages macOS Accessibility APIs and screen capture to directly control the WeChat application. This requires granting significant system-level permissions to the terminal running the server, which inherently carries a risk. While the source code does not contain 'eval', obfuscation, hardcoded secrets, or overt malicious patterns, the power of UI automation means that if a controlling LLM or user misuses the exposed tools, it could perform unintended actions within WeChat (e.g., sending messages, adding contacts, publishing posts). Trust in the LLM and careful permission management are critical.
Updated: 2025-12-12GitHub
63
53
Low Cost
rhel-lightspeed icon

linux-mcp-server

by rhel-lightspeed

Sec6

A Model Context Protocol (MCP) server for read-only Linux system administration, diagnostics, and troubleshooting on RHEL-based systems.

Setup Requirements

  • ⚠️Requires Python 3.10 or later.
  • ⚠️Default SSH host key verification is disabled (`verify_host_keys: False`), making it vulnerable to MITM attacks unless explicitly enabled via `LINUX_MCP_VERIFY_HOST_KEYS=true`.
  • ⚠️SSH key-based authentication must be configured on remote hosts for remote execution.
  • ⚠️Some tools (e.g., `get_audit_logs`, `dmidecode`) require root privileges on the target system.
  • ⚠️Local execution is disallowed when running in a container; a `host` parameter must be provided for remote execution.
Verified SafeView Analysis
The server explicitly states all operations are read-only, which significantly reduces the attack surface. It employs `shlex.join` for command construction, `Path.resolve()` for local path validation, and a strict whitelist for `read_log_file` access, mitigating common injection and traversal vulnerabilities. Sensitive parameters are redacted in logs. However, the default configuration for `verify_host_keys` is `False` (`CONFIG.verify_host_keys = False`), which makes SSH connections vulnerable to Man-in-the-Middle (MITM) attacks. While there's a note to change this for production, its default state poses a critical security risk. SSH keys/passphrases are handled via environment variables, which is standard but less secure than an SSH agent if not managed carefully.
Updated: 2025-12-12GitHub
63
198
Medium Cost
marcelmarais icon

spotify-mcp-server

by marcelmarais

Sec8

Enables AI assistants to control Spotify playback and manage playlists through a Model Context Protocol (MCP) server.

Setup Requirements

  • ⚠️Requires Node.js v16+ and a Spotify Premium account.
  • ⚠️Requires manual creation and configuration of a `spotify-config.json` file with Spotify Developer application credentials (Client ID, Client Secret, Redirect URI).
  • ⚠️Initial authentication requires running `npm run auth` and manually authorizing the application in a web browser; the redirect URI must be a `localhost` address for automatic token exchange.
Verified SafeView Analysis
The server handles Spotify OAuth 2.0 authentication by running a local HTTP server for the redirect URI, which is standard practice. Access and refresh tokens are stored locally in `spotify-config.json`. This means that these tokens could be compromised if the user's local machine is compromised. The use of a `state` parameter in the OAuth flow helps prevent CSRF. The `handleSpotifyRequest` function's error handling specifically skips JSON parsing errors, returning `undefined` for what it presumes are 'successful operations', which could potentially mask unexpected API responses or other issues, although it is not a direct security vulnerability.
Updated: 2025-12-13GitHub
63
193
Medium Cost
finite-sample icon

rmcp

by finite-sample

Sec8

The RMCP server acts as a statistical analysis backend, enabling AI assistants like Claude to perform sophisticated econometric modeling, machine learning, and data science tasks through natural language conversations with R integration.

Setup Requirements

  • ⚠️Requires R 4.4.0+ installed locally with a comprehensive package ecosystem (429 packages across 19 categories).
  • ⚠️Requires Python 3.10+.
  • ⚠️Integration with AI assistants (e.g., Claude) requires an API key, which is usually a paid service.
Verified SafeView Analysis
The project demonstrates robust security considerations for a server executing arbitrary R code. It includes a 'Universal Operation Approval System' for sensitive operations (file writing, package installation, system calls), requiring explicit user consent. A comprehensive 4-tier R package whitelist, based on CRAN task views and security risk assessment, limits available packages. Furthermore, a Virtual Filesystem (VFS) can restrict file system access to administrator-defined paths. Python's subprocess module is used for R execution, which is inherent to the project's function, but is tightly controlled by the described security mechanisms. No obvious hardcoded secrets were found in the provided code, and the Claude API key is handled client-side.
Updated: 2025-12-14GitHub
PreviousPage 31 of 647Next