Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

66
228
High Cost
aws-samples icon
Sec6

Implements a sample stateful MCP (Model Context Protocol) server with echo functionality, deployable on AWS ECS Fargate using Python.

Setup Requirements

  • ⚠️Requires Python 3.12+ (or Node.js for other examples).
  • ⚠️Requires Docker/Podman for local builds and containerization.
  • ⚠️Deployment requires AWS CLI, AWS SAM CLI (or Terraform/CDK), and appropriately configured AWS credentials.
  • ⚠️Access to specific AWS Bedrock models is required for agent-based examples, which may incur costs.
Verified SafeView Analysis
Multiple examples within the repository demonstrate hardcoded secrets for JWT signing (`'jwt-signature-secret'`) and authorization tokens (`'good_access_token'`). While noted as sample values in the READMEs, deploying these patterns to a production environment without proper secret management (e.g., AWS Secrets Manager, environment variables with controlled access) poses a severe security risk. External API calls are made to `ip-api.com` and `frankfurter.app` by some agents.
Updated: 2026-01-08GitHub
66
311
Low Cost
apappascs icon

mcp-servers-hub

by apappascs

Sec10

This repository serves as a hub to discover and rank the top 100 most popular Model Context Protocol (MCP) servers based on GitHub stars, aggregating information from various MCP registries.

Verified SafeView Analysis
The provided source code is a README.md file and does not contain any executable server logic. Therefore, this repository, as analyzed from the provided source, does not introduce runtime security risks associated with server operation. The security of the *listed* MCP servers cannot be assessed without their respective source codes.
Updated: 2026-01-19GitHub
66
261
Medium Cost
spences10 icon

mcp-omnisearch

by spences10

Sec9

Provides a unified interface for various search, AI response, content processing, and enhancement tools via Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires API keys for each desired external provider (e.g., TAVILY_API_KEY, PERPLEXITY_API_KEY, KAGI_API_KEY).
  • ⚠️GitHub API Key requires a personal access token with *no scopes selected* for public repository access, as per specific setup instructions to ensure security.
  • ⚠️Understanding the different 'modes' and 'extract_depth' for processing tools (e.g., Firecrawl, Exa) is crucial for optimal usage.
Verified SafeView Analysis
The server demonstrates good security practices: API keys are loaded from environment variables, preventing hardcoding. Input validation is performed using `valibot` for tool parameters. Large outputs are handled by writing to the system's temporary directory with `randomUUID` for file names, mitigating path traversal risks. URLs provided by users for content processing are validated using `is_valid_url`. Network requests use a centralized `http_json` utility with timeouts and robust error handling. No obvious use of `eval` or direct system commands with unsanitized user input was found. The specific instruction for GitHub API keys (no scopes) also highlights a security-conscious design.
Updated: 2026-01-15GitHub
65
90
Medium Cost
poly-mcp icon

Polymcp

by poly-mcp

Sec8

A comprehensive TypeScript framework for building and orchestrating Model Context Protocol (MCP) servers and AI agents, enabling LLMs to intelligently discover, select, and execute external tools.

Setup Requirements

  • ⚠️Requires Node.js 18.0.0 or higher.
  • ⚠️Requires Docker Desktop or daemon running for Docker sandbox features (optional).
  • ⚠️Requires LLM API keys (OpenAI, Anthropic, Kimi, DeepSeek) for cloud LLM providers, or Ollama for local LLM inference (optional).
Verified SafeView Analysis
The project demonstrates a strong commitment to security, particularly with its `DockerSandboxExecutor` which provides robust isolation, resource limits, and network/filesystem restrictions for untrusted code execution. For in-process code execution (`SandboxExecutor`), it employs a `vm2` sandbox with explicit blocking of dangerous patterns (`require`, `fs`, `eval`). File operations (`readFile`, `writeFile`, `listDirectory`) are protected against directory traversal by validating paths against the current working directory. The `shellCommand` tool also includes explicit blocking of high-risk commands (`rm -rf`, `sudo`, `|`, `>`). While `vm2` and shell command execution carry inherent risks (and `vm2` has had vulnerabilities in the past), the extensive mitigations, including logging redaction, tool allow/denylists, and budget controls in `UnifiedPolyAgent`, demonstrate a multi-layered security approach. Examples for hardcoded secrets (`JWT_SECRET`, `API_KEY`) are clearly marked for production changes.
Updated: 2026-01-16GitHub
65
199
Medium Cost

mcp_massive

by massive-com

Sec6

An AI agent orchestration server, likely interacting with LLMs and managing multi-agent workflows.

Setup Requirements

  • ⚠️Docker required
  • ⚠️Requires local/remote LLM provider (e.g., OpenAI API Key, Ollama, etc.)
Review RequiredView Analysis
Code content not available for deep inspection. Assumed network risks due to 'server' nature and potential for unauthenticated endpoints. No 'eval' or obfuscation detected based on file names alone.
Updated: 2025-11-18GitHub
65
225
Medium Cost
volcengine icon

mcp-server

by volcengine

Sec9

Provides natural language access to Volcengine Content Delivery Network (DCDN) services, enabling queries and analysis of domain configuration and monitoring data.

Setup Requirements

  • ⚠️Requires Python 3.11 or higher.
  • ⚠️Requires 'uv' (Astral's dependency manager and runner) to be installed for local execution and dependency management.
  • ⚠️Requires 'VOLCENGINE_ACCESS_KEY' and 'VOLCENGINE_SECRET_KEY' environment variables set with appropriate permissions for Volcengine DCDN APIs.
Verified SafeView Analysis
Credentials (VOLCENGINE_ACCESS_KEY, VOLCENGINE_SECRET_KEY) are securely read from environment variables, which is a standard practice for sensitive information. No direct 'eval' or obvious code injection vulnerabilities were found in the provided DCDN server source. The system relies on the security of the environment where it's deployed to protect these environment variables and ensure least privilege for the API keys.
Updated: 2026-01-12GitHub
65
273
Low Cost
zueai icon

mcp-manager

by zueai

Sec4

A web GUI to easily manage and configure Model Context Protocol (MCP) servers for the Claude Desktop app on MacOS, generating terminal commands for installation and setup.

Setup Requirements

  • ⚠️Requires MacOS as it targets the Claude Desktop app on that OS.
  • ⚠️Requires Node.js and uv (Python package manager) installed locally via terminal commands.
  • ⚠️Requires manual execution of generated terminal commands, which can include high-privilege operations like `sudo npm link` for some MCP servers.
  • ⚠️Requires obtaining and inputting API keys/tokens for various third-party services (e.g., Brave Search, AWS, GitHub) into the GUI, which are then included in the generated configuration.
Verified SafeView Analysis
The `mcp-manager` application itself is a client-side React web GUI and does not inherently contain direct security vulnerabilities like `eval` of user input or hardcoded active secrets. Placeholder environment variables are present in `src/server-configs.ts` but are explicitly for user configuration. However, the core function of this manager is to *generate and instruct users to execute terminal commands* (`npx`, `uvx`, `node`, `curl | sh`, `npm install`, `sudo npm link`) which download and run external code (MCP servers) on the user's system. This requires significant trust in the external MCP server packages and the generated commands. Executing `sudo npm link` as part of the setup for some servers (e.g., Exa) grants high privileges, posing a severe risk if the external package or its dependencies were compromised. Users must exercise extreme caution and vet all external code before running the generated commands.
Updated: 2025-12-03GitHub
65
236
High Cost
Arenukvern icon

mcp_flutter

by Arenukvern

Sec4

Connects Flutter applications with AI coding assistants to enable real-time debugging, UI inspection, and dynamic tool interaction for development workflows.

Setup Requirements

  • ⚠️Requires running the Flutter app with `--disable-service-auth-codes` due to a security workaround, disabling VM service authentication.
  • ⚠️Mandates integration of the `mcp_toolkit` package into the Flutter app's `pubspec.yaml` and initialization of `MCPToolkitBinding` in `main.dart`.
  • ⚠️Requires manual configuration within the specific AI assistant (e.g., Cursor, Cline, Claude), often involving absolute paths to the server executable and specific flags like `--no-resources` for client compatibility.
Review RequiredView Analysis
Requires the Flutter application to be run with `--disable-service-auth-codes`, which bypasses VM service authentication and creates a potential vulnerability if the VM service port (default 8182) is exposed beyond localhost. While intended for local debug environments, this is a significant security compromise. The `--save-images` flag saves screenshots to local disk, which could expose sensitive data if the Flutter app displays it.
Updated: 2026-01-17GitHub
65
125
Medium Cost
nesquikm icon

mcp-rubber-duck

by nesquikm

Sec9

An MCP (Model Context Protocol) server that acts as a bridge to query multiple OpenAI-compatible LLMs, enabling multi-agent AI workflows and providing an AI 'rubber duck' debugging panel.

Setup Requirements

  • ⚠️Requires Node.js 20 or higher.
  • ⚠️Requires at least one API key for a supported LLM provider (e.g., OpenAI, Gemini, Groq) for core functionality.
  • ⚠️For Claude Desktop integration, `MCP_SERVER=true` environment variable must be set in the client's config, and API keys for LLM providers must be provided.
  • ⚠️Docker with `buildx` is recommended for building multi-architecture images, and Docker Compose for easy deployment.
  • ⚠️Ollama or LM Studio require local instances running if used as providers.
Verified SafeView Analysis
The server demonstrates a strong commitment to security through several features: a robust MCP tool approval service with 'always', 'trusted', and 'never' modes, session-based approvals, and per-server trusted tool lists. It incorporates a pluggable 'Guardrails' system for runtime safety, including Rate Limiting, Token Limiting, Pattern Blocking, and PII Redaction. Sensitive data is actively sanitized from logs using `SafeLogger`. Input validation is performed for external tool calls via AJV. Global error handlers (`uncaughtException`, `unhandledRejection`) are in place for crash diagnosis and stability. API keys are managed via environment variables or config files, avoiding hardcoding in the codebase. Network calls to external LLMs and MCP servers are inherent to its bridging function but are managed within these security layers. The project structure and practices suggest a high degree of security awareness for its intended use case.
Updated: 2026-01-19GitHub
65
25
Low Cost
kitwork icon

kitwork

by kitwork

Sec6

A lightweight workflow engine for automating tasks, orchestrating services, building serverless functions, and creating API endpoints via YAML.

Setup Requirements

  • ⚠️Requires familiarity with YAML for workflow, API, and schedule definitions.
  • ⚠️Browser automation with `Chromedp` may require a headless Chrome/Chromium browser installation or runtime environment.
  • ⚠️Database interaction (e.g., PostgreSQL) requires explicit configuration of credentials (user, password, host, port) in YAML files like `database/postgres.yaml`.
Verified SafeView Analysis
The system is designed to execute arbitrary JavaScript scripts, database queries, HTTP requests, and browser automation steps defined within YAML workflow files. This inherent power means security heavily relies on the trustworthiness of the provided workflow definitions. Secrets are stored in YAML files (e.g., `secret/telegram.yaml`), which, while using placeholders, can be a risk if not properly managed (e.g., through environment variable overrides or encryption) in a production environment. The manifesto mentions 'Core can also read files dynamically,' which, if exploitable via untrusted YAML, could lead to local file access.
Updated: 2025-12-11GitHub
65
136
Medium Cost
microsoft icon

mcp-interviewer

by microsoft

Sec8

A Python CLI tool to evaluate Model Context Protocol (MCP) servers for agentic use-cases, by inspecting capabilities, running functional tests, and providing LLM-as-a-judge evaluations.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid for default model configuration)
  • ⚠️Python 3.11+ required
  • ⚠️Docker (or similar containerization) recommended for target server to mitigate execution risks
  • ⚠️Requires explicit acceptance of risk for functional testing via CLI prompt or `--accept-risk` flag
Verified SafeView Analysis
The `mcp-interviewer` tool itself does not contain obvious vulnerabilities like `eval` or hardcoded secrets. Its primary security risk stems from its intended function: executing user-provided MCP server commands in a child process and invoking their tools. This inherently involves interacting with potentially untrusted external code. The project demonstrates strong security awareness by explicitly warning users about these risks in the README and CLI (e.g., `--test` flag requires `accept-risk` confirmation) and recommending running target servers in isolated containers. Adherence to these best practices is crucial for safe operation.
Updated: 2025-12-15GitHub
65
277
Low Cost
milisp icon

mcp-linker

by milisp

Sec7

A desktop GUI application for syncing and managing AI Model Context Protocol (MCP) server configurations across various AI clients and providing a marketplace for server templates.

Setup Requirements

  • ⚠️Requires Node.js 20+, Bun, and Rust toolchain for development/building.
  • ⚠️Certain features (e.g., cloud sync, team management) require user authentication via Supabase.
  • ⚠️Local MCP servers (stdio type) may require specific runtimes like Python, Node.js, or UV, which the app attempts to auto-detect/install.
  • ⚠️Relies on `git` command-line tool for cloning repositories and diffing.
Verified SafeView Analysis
The application relies on a remote API (api.mcp-linker.store) for marketplace, cloud sync, and authentication, introducing third-party dependency risks. It fetches and executes Dynamic Extension (DXT) manifests from GitHub, which are validated by a Zod schema but still represent a supply chain risk. Direct execution of external commands (git, uv, node, python, bun, claude) from user-provided or marketplace configurations expands the attack surface, though common for such tools. User configurations from deep links are parsed and then handled by the Rust backend, which is safer than direct frontend eval. Encryption keys are used for cloud sync, and strong cryptography (ring::aead) is employed in the Rust backend for data protection. Authentication uses Supabase, which should handle user credentials securely. Overall, the architecture has common risks associated with desktop apps that interact with external services and execute code, but shows efforts in mitigating some of them.
Updated: 2026-01-06GitHub
PreviousPage 32 of 760Next