Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(7756)

63
255
High Cost
claude-did-this icon

MCPControl

by claude-did-this

Sec6

A Windows control server for the Model Context Protocol, enabling AI models to programmatically control system operations such as mouse, keyboard, window management, and screen capture.

Setup Requirements

  • ⚠️Supports Windows only.
  • ⚠️The `keysender` provider requires native build tools (VC++ workload, Python for node-gyp) to compile native modules.
  • ⚠️The `autohotkey` provider requires AutoHotkey v2.0+ to be installed on the system.
  • ⚠️Optimal click accuracy is achieved in a virtual machine at 1280x720 resolution, suggesting potential issues at other resolutions or multi-monitor setups.
  • ⚠️HTTPS/TLS certificates are mandatory for production deployments for secure remote access.
Review RequiredView Analysis
This software grants AI models direct, programmatic control over the operating system's UI (mouse, keyboard, window management, screen capture), which is an inherently high-risk capability. The AutoHotkey provider executes dynamically generated scripts via `execSync`, which is a powerful and potentially risky operation. While strong input validation (Zod schemas, detection of dangerous key combinations) and mandatory HTTPS for remote production deployments are implemented to mitigate risks, the fundamental nature of the tool requires extreme caution. The project explicitly warns users of its experimental and potentially dangerous nature.
Updated: 2025-12-02GitHub
63
113
High Cost
Piebald-AI icon

gemini-cli-desktop

by Piebald-AI

Sec9

A cross-platform desktop and web interface for AI coding agents (Gemini CLI, Qwen Code, LLxprt Code) offering visual tool confirmation, real-time thought processes, code diff viewing, chat history management, and file system interaction.

Setup Requirements

  • ⚠️Requires Rust, Node.js, pnpm, and the `just` task runner for building from source.
  • ⚠️Specific system dependencies are required for Linux operating systems.
  • ⚠️To function with AI models, it requires the installation of at least one backend CLI (Gemini CLI, Qwen Code, or an LLxprt-compatible provider) and/or API keys for chosen AI providers.
  • ⚠️The application itself does not include the AI models; it acts as an interface to external AI services.
Verified SafeView Analysis
The application demonstrates a strong, multi-layered security approach. It employs a whitelist for safe command execution and a blacklist for dangerous patterns (e.g., `rm`, `sudo`, network operations, command injection attempts). API keys are masked in logs and environment variables are cleaned up using RAII patterns. SSRF protection is implemented with 5-layer URL validation. Tauri's sandboxed environment is utilized for the desktop version. No direct use of `eval` or similar highly dangerous functions without clear justification is evident.
Updated: 2025-12-12GitHub
63
71
Medium Cost
Kymo-MCP icon

mcpcan

by Kymo-MCP

Sec6

An open-source platform for unified management, deployment, monitoring, and protocol conversion of Model Context Protocol (MCP) services through a modern web interface.

Setup Requirements

  • ⚠️Requires a running MySQL 8.0+ database.
  • ⚠️Requires a running Redis instance.
  • ⚠️Requires either a Kubernetes cluster or Docker daemon for service orchestration.
  • ⚠️Default admin credentials ('admin' / 'admin123') are set and must be changed immediately post-installation.
Verified SafeView Analysis
The system implements RSA/AES hybrid encryption for sensitive data and JWT for authentication. Archive extraction includes path traversal checks. However, anti-tampering and replay attack protections are disabled by default (EnableReplay=false, EnableSign=false in common/const.go), requiring explicit configuration for security. Default password policy allows for weaker passwords (PasswordRequireSpecial=false). Example configuration files (config-example/*.yaml) contain default credentials (admin/admin123, dev-app-secret, dev-redis-password) which must be changed for production deployments. Encryption keys are stored in Redis, necessitating a secure Redis deployment.
Updated: 2025-12-11GitHub
62
35
Medium Cost
deliveryhero icon

asya

by deliveryhero

Sec8

An asynchronous, event-driven microservices platform enabling scalable, composable actor-based processing with JSON-RPC 2.0 communication, PostgreSQL job storage, and SSE streaming.

Setup Requirements

  • ⚠️Full deployment requires Kubernetes (Kind, EKS, etc.) and Helm for infrastructure management.
  • ⚠️Requires external dependencies for persistence and messaging: PostgreSQL (for gateway job store, with Sqitch migrations) and either RabbitMQ or AWS SQS.
  • ⚠️Local development/running requires both Go (for Gateway/Sidecar) and Python (for Actor Runtime) environments set up.
Verified SafeView Analysis
The system demonstrates good security practices with clear separation of concerns (Gateway, Sidecar, Runtime), extensive use of environment variables for configuration (including sensitive data like database URLs and AWS credentials), and explicit mechanisms for handling secrets (e.g., Kubernetes secrets via the operator). Input validation is performed at multiple layers (MCP parameters, envelope structure). Dynamic code loading in the runtime is module-based, reducing the risk associated with direct 'eval'. Default credentials for local development are well-documented. Robust error handling, timeouts, and graceful shutdown mechanisms enhance resilience.
Updated: 2025-12-14GitHub
62
107
Medium Cost
BingoWon icon

apple-rag-mcp

by BingoWon

Sec9

Provides a comprehensive RAG (Retrieval-Augmented Generation) server for AI agents to search and retrieve content from Apple's developer documentation and WWDC transcripts.

Setup Requirements

  • ⚠️Requires an external PostgreSQL database with pgvector extension for RAG data storage.
  • ⚠️Requires a Cloudflare D1 database for authentication, rate limiting, and logging, configured via Wrangler bindings.
  • ⚠️Requires a DeepInfra API key (a paid service) for embedding generation and AI reranking.
  • ⚠️Designed to be deployed as a Cloudflare Worker, requiring a Cloudflare account and Wrangler CLI setup.
Verified SafeView Analysis
The server uses Cloudflare Workers, which provides a secure execution environment. Sensitive configurations (API keys, database credentials) are correctly handled via environment variables (Cloudflare Secrets) and not hardcoded. Database interactions use parameterized queries via 'postgres' library, reducing SQL injection risks. Input validation for URLs and queries is in place, and URL normalization helps prevent malformed requests. Logging includes user and request details for auditing. Dual-model fallback for reranking adds resilience. Background D1 writes ensure logging does not block the main request, enhancing performance and stability.
Updated: 2025-12-08GitHub
62
19
High Cost
CooperCyberCoffee icon

opencti_mcp_server

by CooperCyberCoffee

Sec9

Connects Claude Desktop to OpenCTI's threat intelligence platform for AI-augmented threat intelligence analysis and reporting, enabling natural language queries and context-aware responses.

Setup Requirements

  • ⚠️Requires Claude Desktop for MCP integration.
  • ⚠️Requires OpenCTI 6.x instance.
  • ⚠️Requires Claude Pro subscription (if using cloud LLM) or local LLM (e.g., Ollama) running for AI analysis.
Verified SafeView Analysis
Comprehensive security audit report is provided within the codebase. The project implements multi-layered security controls including TLP filtering (server-side and client-side), robust input validation (against SQL/XSS/template injection, path traversal, null bytes), secure configuration practices (e.g., `yaml.safe_load()`), rate limiting, and detailed audit logging with SHA256 integrity hashing for tamper detection. Default network binding is `127.0.0.1` (localhost only). Dependencies are actively monitored for CVEs and explicitly updated (e.g., `cryptography` CVE fixes in v0.4.2). Parameter sanitization is performed before logging sensitive data.
Updated: 2025-11-29GitHub
62
61
Medium Cost
skilder-ai icon

skilder

by skilder-ai

Sec9

Skilder is an infrastructure layer for AI agent tooling, providing a private tool registry with embedded runtimes that works across any agent environment.

Setup Requirements

  • ⚠️Requires Docker to run the entire platform.
  • ⚠️A one-time setup step (`npm run setup-local`) is required to generate cryptographic keys, which depends on Node.js locally.
  • ⚠️Local development requires Node.js v22+.
Verified SafeView Analysis
The system demonstrates a strong focus on security. Cryptographic keys (JWT and NATS operator keys) are generated and managed securely outside the repository (`dev/.docker-keys/`) with strict file permissions, or via Docker volumes in production, preventing hardcoded secrets. Authentication enforces database-verified workspace access, mitigating stale token issues. Rate limiting is implemented for API calls, OAuth, and key validation. OAuth uses encryption for client secrets and a nonce-based state service for CSRF protection. GraphQL subscriptions include periodic re-validation of user access. While `whitelist=0.0.0.0/0` is used for Dgraph Alpha in development, production `docker-compose.yml` uses more restrictive IP whitelisting. No `eval` or intentional obfuscation was found.
Updated: 2025-12-14GitHub
62
157
Medium Cost
huggingface icon

hf-mcp-server

by huggingface

Sec5

Connects LLMs to the Hugging Face Hub and Gradio AI applications, enabling access to models, datasets, documentation, and job management.

Setup Requirements

  • ⚠️Requires a Hugging Face account and personal access token (`HF_TOKEN`) for most functionalities and higher API rate limits.
  • ⚠️Requires Node.js runtime (v18+ recommended) to execute the server.
  • ⚠️Requires active internet connectivity to interact with the Hugging Face Hub and remote Gradio Spaces.
Review RequiredView Analysis
The server uses `child_process.spawn` and `shell-quote` for the `hf_jobs` tool, which can execute arbitrary commands on the host. While input is validated with Zod, direct shell execution of user-supplied commands is an inherent high-risk area. The `DEFAULT_HF_TOKEN` is explicitly warned about in the README, indicating awareness, but its presence as a fallback for unauthenticated requests still carries risk. All external network calls are to trusted Hugging Face domains, mitigating certain network risks.
Updated: 2025-12-05GitHub
62
223
High Cost
azure-ai-foundry icon

mcp-foundry

by azure-ai-foundry

Sec2

A Model Context Protocol (MCP) server for Azure AI Foundry, providing a unified set of tools for interacting with Azure AI models, knowledge bases (AI Search), evaluation services, and finetuning operations.

Setup Requirements

  • ⚠️Requires 'uv' (universal Python package manager) for execution.
  • ⚠️Requires Azure CLI to be installed and configured for Azure resource management tools.
  • ⚠️Extensive Azure cloud service dependencies (Azure AI Search, Azure OpenAI, Azure AI Project, Azure Cognitive Services) requiring active subscriptions and API keys/credentials.
  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Setting `SWAGGER_PATH` environment variable is required for dynamic Swagger tool registration.
Review RequiredView Analysis
CRITICAL: The `az` helper function, used by `mcp.tool` functions like `create_azure_ai_services_account` and `create_foundry_project`, directly passes user-controlled `subscription_id` and `resource_group` parameters to `subprocess.run` without sufficient sanitization. This creates a severe command injection vulnerability. CRITICAL: The dynamic Swagger tool execution (`swagger.py`) uses `url.replace(placeholder, str(param_value))` to construct URLs from path parameters without URL encoding. This allows for URL injection/path traversal if `param_value` contains malicious characters (e.g., `/../` or encoded slashes).
Updated: 2025-11-19GitHub
62
61
Medium Cost
AlpinAI icon

2ly

by AlpinAI

Sec9

Skilder is an infrastructure layer for AI agent tooling, providing a private tool registry and embedded runtimes for integrating with various agent frameworks and custom tools.

Setup Requirements

  • ⚠️Requires Docker for deployment (local or production).
  • ⚠️Node.js v22+ is required for local development.
  • ⚠️Requires initial generation of cryptographic keys via `npm run setup-local` (or `sh ./generate-keys.sh`) for local development, which are then stored in `dev/.docker-keys/`.
  • ⚠️Relies on NATS and Dgraph as core infrastructure components, which are managed via Docker Compose.
Verified SafeView Analysis
The project demonstrates robust security practices for a distributed system, including the use of generated cryptographic keys for JWTs and NATS, strong password hashing (scrypt with peppering), and database-backed access validation for tokens (mitigating stale token issues). It features distributed rate limiting for API keys and OAuth initiation. GraphQL subscriptions are periodically re-validated for workspace access, which is a commendable measure against permission revocation during active sessions. While development configurations expose certain services (e.g., Dgraph, NATS Dashboard) and use broad CORS settings (origin: '*'), these are explicitly for development and should be hardened for production deployment.
Updated: 2025-12-14GitHub
62
161
High Cost
mixelpixx icon

KiCAD-MCP-Server

by mixelpixx

Sec8

Enables AI assistants to interact with KiCAD for PCB design automation, providing comprehensive tool schemas and real-time project state access for intelligent PCB design workflows.

Setup Requirements

  • ⚠️Requires KiCAD 9.0 or higher, with its Python module (`pcbnew`) installed and accessible in the Python environment.
  • ⚠️Requires proper configuration of `PYTHONPATH` in the MCP client's environment variables to locate KiCAD's Python modules.
  • ⚠️For real-time UI synchronization, the KiCAD 9.0+ IPC API Server must be manually enabled in KiCAD preferences (`Preferences > Plugins > Enable IPC API Server`), and KiCAD must be running with a board open.
  • ⚠️Node.js 18+ and Python 3.10+ are required, with specific versions of `kicad-python` and `kicad-skip`.
Verified SafeView Analysis
The server uses `child_process.spawn` and `exec` (in Node.js) and `subprocess` (in Python) to interact with KiCAD and its command-line tools. This is inherent to its functionality. It operates primarily via STDIO transport, limiting direct network exposure. Environment variables are loaded via `dotenv`, indicating that sensitive data like API keys are intended to be managed externally rather than hardcoded. The use of IPC via Unix Sockets/Named Pipes for KiCAD 9.0+ is a secure local communication mechanism. However, as it executes external commands, a compromise of the underlying Python or KiCAD interface could lead to arbitrary code execution within the server's privileges. No explicit obfuscation or overtly malicious patterns were observed.
Updated: 2025-12-09GitHub
62
29
Low Cost
buremba icon

1mcp

by buremba

Sec9

Orchestrates AI agent tool calls by executing JavaScript/TypeScript code in a WASM sandbox, reducing LLM context bloat and managing security policies.

Setup Requirements

  • ⚠️Requires Node.js version >=22.0.0.
  • ⚠️Initial setup requires network access to download WASM runtimes (QuickJS/Pyodide) from CDN.
  • ⚠️Python dependencies must be 'wheel-only' (no native extensions or sdists) and compatible with Pyodide.
Verified SafeView Analysis
The project demonstrates robust security considerations with a multi-layered approach, including WASM sandbox isolation (QuickJS/Pyodide), cryptographic signing of execution capsules (Ed25519), and double-enforcement of network and filesystem policies (browser and server). Path traversal protections and IP literal blocking are implemented. The specification indicates that critical security issues identified in development have been addressed. However, it notes that upstream MCP servers are fully trusted by the relay server (requiring external security measures for those services) and current rate limiting is basic (queue depth of 100). Code execution uses `vm.evalCode` within the sandboxed runtime, which is controlled by the capsule builder.
Updated: 2025-12-08GitHub
PreviousPage 32 of 647Next