Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

67
70
Medium Cost
ayunis-core icon

ayunis-legal-mcp

by ayunis-core

Sec4

A comprehensive system for searching and analyzing German legal texts using vector embeddings and semantic search, integrating with AI assistants via the Model Context Protocol.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose for setup.
  • ⚠️Requires Ollama to be running on the host system, with a specific embedding model (ryanshillington/Qwen3-Embedding-4B:latest) pulled, and must produce 2560-dimensional vectors.
  • ⚠️Python 3.10+ is required.
  • ⚠️Database migrations must be run manually after initial setup (`docker-compose exec store-api alembic upgrade head`).
Verified SafeView Analysis
The system uses a hardcoded authentication token 'fake-super-secret-token' in `store/app/dependencies.py` for API access, which is a critical security vulnerability for any endpoints intended to be protected. The default PostgreSQL password 'postgres_password' is weak and should be changed in production. While input validation (e.g., `validate_legal_code`) and request body size limits are implemented, the easily bypassable authentication mechanism significantly lowers the overall security posture.
Updated: 2026-01-09GitHub
67
22
Medium Cost
dealfluence icon

adeu

by dealfluence

Sec8

Facilitates AI agents and LLMs to apply 'Track Changes' and comments to Microsoft Word documents, enabling automated redlining and document reconciliation.

Setup Requirements

  • ⚠️Requires 'uv' (uvx) installed for MCP server use.
  • ⚠️Requires Python 3.12+.
  • ⚠️The server manipulates local DOCX files based on provided paths.
Verified SafeView Analysis
The server primarily interacts with the local file system based on paths provided as arguments. A key security consideration is the sanitization of these file paths by the calling LLM agent or client to prevent path traversal attacks, as the server's functions perform read/write operations (e.g., `read_docx`, `apply_structured_edits`) on local files. No 'eval' or direct network risks to external malicious hosts were found. `lxml.xpath` is used for internal XML cleanup, not for parsing untrusted XPath expressions from external input.
Updated: 2026-01-19GitHub
67
10
Low Cost
Sec7

This is a backend server component, likely acting as a "Master Control Program" for deployment workflows or a core service, developed using Node.js and TypeScript.

Setup Requirements

  • ⚠️Node.js runtime required
  • ⚠️Project dependencies must be installed (`npm install`)
  • ⚠️Environment variables from `.env.example` need to be configured
Verified SafeView Analysis
Standard Node.js/TypeScript project with linting and type-checking. Relies on environment variables (`.env.example`) for configuration, which requires careful handling to prevent exposure of sensitive information. Actual code for 'eval', obfuscation, or specific network vulnerabilities is unknown without source code access.
Updated: 2025-11-18GitHub
67
251
Low Cost
apollographql icon

apollo-mcp-server

by apollographql

Sec9

Exposes GraphQL APIs as Model Context Protocol (MCP) tools, enabling AI models to access, orchestrate, and interact with APIs through standardized protocols.

Setup Requirements

  • ⚠️Requires an upstream GraphQL API endpoint to function.
  • ⚠️For local execution, requires either Docker or the Rust toolchain to build from source.
  • ⚠️Configuration involves YAML files and/or environment variables, including Apollo-specific credentials (`APOLLO_KEY`, `APOLLO_GRAPH_REF`) for GraphOS integration.
  • ⚠️The `danger_accept_invalid_certs` TLS option should be avoided in production.
Verified SafeView Analysis
The server implements robust OAuth 2.1 authorization with JWT validation, audience, and scope enforcement. It uses the `secrecy` crate for sensitive data. Configuration supports environment variable expansion, requiring careful management of secrets in config files. The `danger_accept_invalid_certs` TLS option, intended for development, must not be used in production environments as it disables certificate validation, making it vulnerable to MITM attacks. Overall, it appears to follow good security practices for an API proxy/tooling server, with configurable security measures.
Updated: 2026-01-16GitHub
66
265
Medium Cost
opensolon icon

solon-ai

by opensolon

Sec4

The Model Context Protocol (MCP) server provides a standardized interface for AI models to interact with external tools, resources, and prompt templates through a structured, bidirectional communication protocol.

Setup Requirements

  • ⚠️External Process Management: For `StdioClientTransport` and `StdioServerTransportProvider`, a separate, compatible process (e.g., a Python script or another server) must be correctly configured and managed for standard input/output communication. This adds complexity to deployment and operation.
  • ⚠️Solon Framework Dependency: The project is built on the Solon framework, requiring familiarity with Solon's dependency injection and application lifecycle for proper integration and configuration.
  • ⚠️Reactive Programming Paradigm: The `McpAsyncClient` and related components extensively use Project Reactor's `Mono` and `Flux` for asynchronous operations. Developers need to be proficient in reactive programming to effectively use and extend these parts of the framework.
Review RequiredView Analysis
The `StdioClientTransport` and `StdioServerTransportProvider` components within the MCP module utilize `ProcessBuilder.start()` for inter-process communication. This functionality inherently allows the execution of arbitrary external commands if the `ServerParameters` (command, arguments, and environment variables) can be influenced by untrusted external input. This poses a critical command injection risk if proper input validation and sanitization are not rigorously applied by the consuming application. While no hardcoded secrets were found in the core MCP code, the JSON deserialization process with `McpJsonMapper` also introduces potential deserialization vulnerabilities if malicious JSON messages are processed.
Updated: 2026-01-19GitHub
66
451
Medium Cost
controlplaneio-fluxcd icon

flux-operator

by controlplaneio-fluxcd

Sec8

The Flux Operator MCP Server acts as a bridge for AI assistants, allowing them to manage and troubleshoot GitOps pipelines and Kubernetes resources controlled by FluxCD through natural language interactions.

Setup Requirements

  • ⚠️Requires a Kubernetes cluster with Flux Operator already installed.
  • ⚠️A valid `kubeconfig` file with appropriate permissions to access Kubernetes resources is mandatory.
  • ⚠️AI instructions (from `docs/mcp/instructions.md`) must be manually configured in your AI assistant's settings for optimal functionality.
Verified SafeView Analysis
The Flux Operator MCP Server is designed with security considerations, offering features like read-only mode, secret masking, and Kubernetes impersonation (`--kube-as`) to restrict its actions and data exposure. However, as a powerful tool interacting directly with the Kubernetes API, its overall security depends heavily on the operational security practices of the user, including proper RBAC configuration for the service account it runs under and careful management of `--kube-as` settings. The `install_flux_instance` tool can download manifests from URLs, which requires trusting the source of those manifests.
Updated: 2026-01-19GitHub
66
326
Medium Cost
CheMiguel23 icon

MemoryMesh

by CheMiguel23

Sec9

A local knowledge graph server for AI models, focusing on structured memory for text-based RPGs and interactive storytelling.

Setup Requirements

  • ⚠️Requires Node.js version 18 or higher.
  • ⚠️Requires manually configuring an absolute path to 'dist/index.js' in Claude Desktop's 'claude_desktop_config.json'.
Verified SafeView Analysis
The server primarily uses standard I/O (stdio) for communication with the MCP client, which inherently limits direct network attack surfaces. No usage of 'eval' or other highly dangerous functions was found. Configuration paths are dynamic or hardcoded to the local build directory. The SDK ('@modelcontextprotocol/sdk') does include dependencies like 'express' and 'cors', which are typically for HTTP servers, but this specific implementation leverages its 'StdioServerTransport' for the core MCP interaction, mitigating common web-based vulnerabilities for the MemoryMesh application itself. No hardcoded sensitive credentials detected.
Updated: 2026-01-17GitHub
66
17
Medium Cost
milkymap icon

pulsar-mcp

by milkymap

Sec2

Acts as a semantic router for Model Context Protocol (MCP) ecosystems, enabling discovery and execution of tools across multiple MCP servers without context bloat for LLMs.

Setup Requirements

  • ⚠️Requires OpenAI API Key for embeddings, descriptions, and vision (Paid Service).
  • ⚠️Requires persistent storage for `TOOL_OFFLOADED_DATA_PATH` and a Qdrant vector database (either local file/in-memory using `QDRANT_DATA_PATH`, or remote URL using `QDRANT_URL`).
  • ⚠️Python 3.12+ only.
Review RequiredView Analysis
The server's `mcp-servers.json` configuration allows specifying `command` and `args` for `stdio` transport MCP servers. This means it can execute arbitrary shell commands on the host system if an attacker can control the `mcp-servers.json` file or its content. This is a critical remote code execution vulnerability if the configuration is not immutable and from a highly trusted source. Content offloading to `TOOL_OFFLOADED_DATA_PATH` could also pose a risk if paths are not securely managed or if malicious content is stored and later retrieved/executed by another agent.
Updated: 2025-12-08GitHub
66
134
Medium Cost
williamzujkowski icon

strudel-mcp-server

by williamzujkowski

Sec7

An MCP server enabling AI-powered music generation, live coding, and algorithmic composition by controlling Strudel.cc in a browser.

Setup Requirements

  • ⚠️Requires Playwright to install Chromium for browser automation (`npx playwright install chromium`), which can be resource-intensive.
  • ⚠️By default, `headless: false` in `config.json` means a visible browser window will launch; it is recommended to set this to `true` for background or server operation.
  • ⚠️Audio analysis (e.g., `analyze`, `detect_tempo`, `detect_key`) may require the browser window to be visible (not headless) for initial audio context activation on some systems, potentially causing issues in fully headless setups.
Verified SafeView Analysis
The server executes user-provided JavaScript code within a Playwright-controlled browser context via `new Function()` in the `executeInStrudelContext` tool. While the `PatternValidator` attempts to detect dangerous patterns (e.g., `eval()`, infinite loops, excessive gain) and performs syntax checks for Strudel patterns, executing arbitrary, albeit validated, JavaScript in a browser still carries inherent risks if the validation is incomplete or new browser vulnerabilities emerge. File operations in `PatternStore` use `sanitizeFilename` to prevent path traversal. No hardcoded secrets were found. The default `headless: false` in `config.json` means a browser GUI will appear, which can be changed for server environments.
Updated: 2026-01-15GitHub
66
17
Medium Cost
milkymap icon

omnimcp

by milkymap

Sec8

Acts as a semantic router to discover and execute tools across multiple Model Context Protocol (MCP) servers, reducing context bloat for large language models by exposing a single meta-tool.

Setup Requirements

  • ⚠️Requires an OpenAI API Key (paid service) for generating embeddings, tool/server descriptions, and image descriptions.
  • ⚠️Requires Python 3.12 or newer to run.
  • ⚠️Requires `uv` (a Python package installer and executor) to be installed and in PATH for using `uvx` commands.
  • ⚠️A Qdrant vector database connection must be configured, supporting local file storage, in-memory, or a remote Qdrant server/cloud instance.
Verified SafeView Analysis
The server employs robust configuration management using Pydantic Settings, prioritizing environment variables for sensitive data (API keys, storage paths). Internal communication within the `MCPEngine` utilizes in-process ZeroMQ (pyzmq), which is secure for internal messaging and doesn't expose external network ports for this purpose. The `ContentManager` uses UUIDs for filenames when offloading content, effectively mitigating path traversal vulnerabilities. Tool arguments are processed via `json.loads`, which is generally safe when inputs are constrained by LLM tool calling standards. The project builds upon the `FastMCP` framework, inheriting its security posture; no obvious new network vulnerabilities are introduced within OmniMCP's code. Overall, security practices appear solid, but rely on the integrity of complex upstream dependencies and proper environmental configuration.
Updated: 2025-12-08GitHub
66
26
Medium Cost
Dataojitori icon

nocturne_memory

by Dataojitori

Sec8

Provides a persistent, structured long-term memory and dynamic knowledge graph system for AI agents, designed for human-AI collaboration.

Setup Requirements

  • ⚠️Requires a running Neo4j database instance (local or cloud).
  • ⚠️Requires Python 3.10+ and Node.js 18+.
  • ⚠️The MCP server (`mcp_server.py`) needs to be configured with its absolute path in AI client settings.
  • ⚠️A special wrapper (`mcp_wrapper.py`) is required for Antigravity IDE due to a specific bug with line endings.
Verified SafeView Analysis
The backend utilizes parameterized Cypher queries for database interactions, significantly mitigating injection risks. Neo4j credentials are managed via environment variables. File system operations for snapshots (`db/snapshot.py`) include basic path sanitization and hashing, reducing direct path traversal vulnerabilities. The `mcp_wrapper.py` workaround for Antigravity uses `subprocess.Popen` with explicit executable and script paths, limiting command injection. Frontend rendering of user-generated content (e.g., entity descriptions) might pose an XSS risk if not properly escaped, although the current UI primarily uses `whitespace-pre-wrap` styling, implying plain text. Deletion logic for states and entities incorporates checks for dependencies, preventing accidental deletion of referenced nodes.
Updated: 2026-01-18GitHub
66
100
Medium Cost
southleft icon

figma-console-mcp

by southleft

Sec3

Provides AI assistants with real-time console access, visual debugging, design system extraction, and design creation capabilities for Figma.

Setup Requirements

  • ⚠️Requires Figma Desktop launched with `--remote-debugging-port=9222` flag (manual restart).
  • ⚠️Requires Figma Personal Access Token (PAT) for REST API access in NPX/Local modes, or OAuth for Cloudflare remote mode.
  • ⚠️Requires 'Figma Desktop Bridge' plugin to be installed and running in Figma Desktop for advanced local-mode features (variables without Enterprise, reliable component descriptions, write operations).
  • ⚠️Figma Variables API requires Enterprise plan if not using the Desktop Bridge plugin or console snippet fallback.
Review RequiredView Analysis
CRITICAL RISK: The `figma_execute` tool allows arbitrary JavaScript code execution (`eval`) within the Figma Desktop plugin context. This means any code provided by the AI (or a malicious user controlling the AI) can be run with full Figma Plugin API access, potentially modifying or exfiltrating user data. The `networkAccess` in the plugin manifest is set to `none`, which limits external communication from the plugin itself, but the server making the `eval` call could still be a vector. The plugin is designed to be run locally and is intended for debugging and development workflows, but the `eval` itself is a severe vulnerability for any AI-driven tool.
Updated: 2026-01-19GitHub
PreviousPage 31 of 760Next