Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

64
171
High Cost
PipedreamHQ icon

mcp-chat

by PipedreamHQ

Sec8

An AI chat application that leverages Pipedream's Model Context Protocol (MCP) to integrate with thousands of APIs and perform tool-based actions, serving as a reference for building powerful AI chat solutions.

Setup Requirements

  • ⚠️Requires a Pipedream Account and OAuth Credentials (External service dependency and setup).
  • ⚠️Requires at least one of OpenAI, Anthropic, or Google Generative AI API keys (Paid services, essential for AI functionality).
  • ⚠️Persistence features require a PostgreSQL database setup (e.g., Neon Serverless Postgres), with local development optionally using Docker.
Verified SafeView Analysis
The application employs best practices such as using `process.env` for environment variables, `bcrypt-ts` for password hashing (if credentials login is enabled), and `zod` for input validation on file uploads, storing them via `@vercel/blob`. Auth.js provides a robust authentication framework. A minor concern is `dangerouslyAllowSVG: true` in `next.config.ts` which could pose an XSS risk if SVGs from untrusted sources were allowed, though `remotePatterns` are specified to restrict domains. `ignoreBuildErrors: true` in TypeScript config is a build-time warning and not a direct security vulnerability. Overall, the security posture is good for its functionality.
Updated: 2026-01-16GitHub
64
151
Low Cost
paoloricciuti icon

tmcp

by paoloricciuti

Sec8

A server implementation for the Model Context Protocol (MCP) to enable LLMs to access external context and tools.

Setup Requirements

  • ⚠️Requires installation of a specific schema adapter (e.g., @tmcp/adapter-valibot, @tmcp/adapter-zod) corresponding to the chosen validation library.
  • ⚠️Requires installation of a specific transport (e.g., @tmcp/transport-stdio, @tmcp/transport-http) for communication.
  • ⚠️For remote/distributed deployments, a session manager (e.g., @tmcp/session-manager-redis, @tmcp/session-manager-postgres) is recommended for persistent state, requiring setup of an external database or service.
Verified SafeView Analysis
The project uses standard development practices including TypeScript, ESLint, and Prettier, which contribute to code quality and reduce common vulnerabilities. It implements JSON-RPC 2.0 and OAuth 2.1, with an emphasis on security features like PKCE and HTTPS for OAuth. Input parsing (JSON.parse) from external sources (stdin, HTTP body) is handled within try-catch blocks. While the default CORS policy for HTTP transport is permissive (`*`), it is configurable. There are no obvious signs of 'eval', obfuscation, hardcoded production secrets, or malicious patterns in the provided source code. The LLM sampling (`server.message`) requests are initiated by the server but executed by the client, with client-side user consent and controls, mitigating direct server-side LLM cost/abuse concerns.
Updated: 2026-01-19GitHub
64
433
High Cost
SylphxAI icon

pdf-reader-mcp

by SylphxAI

Sec7

Provides a robust server for AI agents to extract text, images, and metadata from PDF documents, preserving content order for better comprehension.

Setup Requirements

  • ⚠️Requires Node.js 22.0.0 or higher.
  • ⚠️The server, when processing local file paths, has read access to the file system where it is deployed, constrained by the permissions of the running Node.js process. Ensure proper sandboxing if exposing to untrusted agents.
  • ⚠️Extracting full text and especially images from large PDFs can be memory intensive, requiring adequate system resources for optimal performance and stability. The server limits PDF input size to 100MB.
Verified SafeView Analysis
The server correctly uses `path.resolve` to handle file paths, accepting both absolute and relative paths. It has robust input validation via `vex` and implements size limits (100MB) for PDF files to prevent memory exhaustion. Per-page error handling enhances reliability. No direct `eval` or command injection vulnerabilities are apparent. However, as a local file system access tool, it grants the AI agent (and thus, potentially a compromised agent or user) the ability to read any file on the system within the permissions of the running Node.js process. While this is an intended feature for an MCP server, it represents a security boundary that implementers should be aware of regarding the hosting environment and client trust.
Updated: 2025-12-17GitHub
64
154
Medium Cost
xpack-ai icon
Sec5

XPack is an open-source marketplace that enables users to create and sell their own Model Context Protocol (MCP) services.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose for easy deployment.
  • ⚠️Default administrator credentials ('admin'/'123456789') are hardcoded and must be changed immediately after installation.
  • ⚠️The Docker deployment uses `privileged: true` for database and messaging containers, which is insecure for production use and should be re-evaluated or hardened.
Review RequiredView Analysis
The quick-start script uses `curl | bash` which is generally risky if the source is untrusted, though in this case it's for self-hosting the provided open-source code. The Docker Compose deployment uses `privileged: true` for MySQL, Redis, and RabbitMQ containers, which significantly reduces container isolation and is a major security concern for production environments. Default hardcoded passwords (`mysql_ZTdhRB`, `redis_6sJZDm`, `rabbitmq_Gs123dA`, `admin`/`123456789`) are present in `docker-compose.yml` and `quick-start.sh`, requiring immediate change for any non-demo deployment. The backend uses `ast.literal_eval` for parsing certain parameters, which is safer than `eval` but still requires careful validation of input to prevent unexpected code execution.
Updated: 2026-01-16GitHub
64
367
High Cost
magicyuan876 icon

mineru-tianshu

by magicyuan876

Sec8

Enterprise-grade AI data preprocessing platform for converting diverse unstructured multi-modal data (documents, images, audio, video, bioinformatics formats) into structured Markdown and JSON formats, leveraging GPU acceleration and a robust task management system with user authentication and MCP protocol integration.

Setup Requirements

  • ⚠️Requires Docker 20.10+ and Docker Compose 2.0+ for the recommended deployment.
  • ⚠️NVIDIA GPU and NVIDIA Container Toolkit are mandatory for utilizing GPU-accelerated AI engines (MinerU, PaddleOCR-VL, SenseVoice, YOLO11x, LaMa) which are central to the platform's functionality.
  • ⚠️Large AI models (totaling several GBs) are downloaded on the first run, which can take significant time and requires a stable internet connection, potentially with proxy configuration for users in certain regions.
  • ⚠️Crucial environment variables such as `JWT_SECRET_KEY` (no default in production), `RUSTFS_ACCESS_KEY`, `RUSTFS_SECRET_KEY` (insecure defaults), and `RUSTFS_PUBLIC_URL` (no default) must be properly configured for a secure and functional production deployment.
Verified SafeView Analysis
The project implements robust JWT and API Key authentication with role-based access control. The `JWT_SECRET_KEY` is correctly parameterized for production, avoiding hardcoded secrets. However, `RUSTFS_ACCESS_KEY` and `RUSTFS_SECRET_KEY` have insecure default values (`rustfsadmin`) in `docker-compose.yml`, which must be explicitly overridden in the `.env` file for production deployments. File uploads via the MCP server (Base64 or URL) are first saved to temporary files before internal API submission, a generally safe practice. Command execution through `subprocess.run` (e.g., `ffmpeg`) appears to use fixed commands with internal file paths, mitigating command injection risks. Ensure `ALLOWED_ORIGINS` is restricted in production.
Updated: 2026-01-19GitHub
64
10
Medium Cost
DavidFuchs icon

mcp-uptime-kuma

by DavidFuchs

Sec9

Provides a Model Context Protocol (MCP) interface for real-time Uptime Kuma monitoring data.

Setup Requirements

  • ⚠️Requires a running Uptime Kuma v2 instance.
  • ⚠️Requires Node.js 18+ to run directly, or Docker for containerized deployment/testing.
  • ⚠️Authentication requires Uptime Kuma URL and credentials (username/password/2FA token or JWT token) as environment variables.
Verified SafeView Analysis
No direct 'eval' or malicious patterns found. Uses Zod for input/output validation, and filters sensitive data like `steamAPIKey` from settings. CORS defaults to '*' for HTTP transport, which is common but less restrictive than specific origins. Authentication credentials are handled via environment variables.
Updated: 2025-11-29GitHub
64
11
Medium Cost
BiboyQG icon

WeChat-MCP

by BiboyQG

Sec8

Automate WeChat interactions on macOS for LLMs, enabling programmatic control over chat, contact management, and Moments (social feed) publishing via accessibility APIs and screen capture.

Setup Requirements

  • ⚠️Requires macOS operating system.
  • ⚠️WeChat for Mac application must be installed and actively running.
  • ⚠️Python 3.12+ is required.
  • ⚠️Requires granting Accessibility permissions to the terminal application (e.g., Terminal.app, iTerm2) in macOS System Settings, enabling it to control other applications.
Review RequiredView Analysis
The server leverages macOS Accessibility APIs and screen capture to directly control the WeChat application. This requires granting significant system-level permissions to the terminal running the server, which inherently carries a risk. While the source code does not contain 'eval', obfuscation, hardcoded secrets, or overt malicious patterns, the power of UI automation means that if a controlling LLM or user misuses the exposed tools, it could perform unintended actions within WeChat (e.g., sending messages, adding contacts, publishing posts). Trust in the LLM and careful permission management are critical.
Updated: 2025-12-12GitHub
63
194
High Cost
metorial icon
Sec8

An open source integration platform for agentic AI, connecting AI models to external APIs, data sources, and tools.

Setup Requirements

  • ⚠️Requires Docker, Bun runtime, Go runtime, PostgreSQL, Redis, and MongoDB installed and configured.
  • ⚠️GitHub App registration and configuration is necessary for SCM integration features.
  • ⚠️Designed for developers, implying a complex setup and operational overhead for self-hosting.
Verified SafeView Analysis
The project demonstrates a strong commitment to security with a dedicated Go module for Server-Side Request Forgery (SSRF) protection, explicitly used in critical network-facing TypeScript modules like `provider-oauth` and `callbacks`. Sensitive configurations (DB URLs, API keys, secrets) are managed via environment variables and robust password hashing (Bun.password). Input validation is applied, and structured protocols like gRPC are used for inter-service communication. Markdown rendering uses `rehypeSanitize` for XSS. The system's nature, involving custom code execution and external integrations, inherently requires meticulous implementation to mitigate risks, but core architectural decisions appear sound.
Updated: 2026-01-19GitHub
63
370
Medium Cost
hustcc icon

mcp-mermaid

by hustcc

Sec9

Generate Mermaid diagrams and charts from textual syntax, primarily for AI models or documentation platforms to visualize information dynamically.

Setup Requirements

  • ⚠️Requires Playwright Chromium browser engine to be installed and available in the execution environment. This is typically handled automatically by a `postinstall` script for local installations or by `npx` for on-demand CLI usage.
Verified SafeView Analysis
The server utilizes `mermaid-isomorphic` to render diagrams, which involves creating temporary CSS files in the operating system's temporary directory. Input validation is robustly handled using the Zod library, and no direct `eval` calls or other obvious malicious patterns were identified in the provided source code. For HTTP streamable transport, `cors` is configured with `origin: "*"`; while broad, this is not considered a vulnerability given the tool's specific purpose of generating diagrams from provided syntax.
Updated: 2025-12-16GitHub
63
217
Medium Cost
marcelmarais icon

spotify-mcp-server

by marcelmarais

Sec9

Enables AI assistants to control Spotify playback and manage playlists via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires a Spotify Premium account for full playback control functionality.
  • ⚠️Requires creating a Spotify Developer application to obtain Client ID, Client Secret, and set a Redirect URI.
  • ⚠️Manual authentication process involving running a script (`npm run auth`) and opening a browser to authorize the application. The redirect URI must be a localhost address for automatic token exchange.
Verified SafeView Analysis
The server uses standard OAuth 2.0 for Spotify API authentication, storing tokens and client secrets in a local `spotify-config.json` file. It enforces `localhost` for the redirect URI during the authorization flow, preventing token leakage to external domains. OAuth state parameter is generated and verified to protect against CSRF. While the configuration file stores sensitive tokens unencrypted, this is a common practice for local applications and the file is explicitly excluded from version control in examples. No 'eval' or malicious patterns were found in the source code.
Updated: 2026-01-12GitHub
63
269
High Cost
metorial icon

metorial-index

by metorial

Sec7

A background service that builds and maintains a comprehensive public catalog of Model Context Protocol (MCP) servers, enriching their metadata through automated fetching from repositories and AI-driven content generation.

Setup Requirements

  • ⚠️Requires GITHUB_TOKEN environment variable (Personal Access Token for GitHub API access).
  • ⚠️Requires OPENAI_API_KEY environment variable (Paid OpenAI API calls, potentially expensive depending on usage).
  • ⚠️The 'start' script (`prisma db push --force-reset`) will reset the database on every execution, leading to data loss if not handled externally.
  • ⚠️Relies on 'bun' as the package manager and runtime environment.
Verified SafeView Analysis
The project relies on environment variables for sensitive API keys (GitHub, OpenAI), which is a good practice. It processes external YAML files and feeds their content to an AI model for generation. While `yaml.parse` is generally safer than `yaml.load` for untrusted input, large or malformed YAML could potentially cause resource exhaustion or unexpected behavior. No direct remote code execution vulnerabilities are apparent in the provided code, but careful input validation is crucial when interacting with external content and APIs.
Updated: 2025-12-31GitHub
63
99
Medium Cost
aliyun icon
Sec8

Orchestrates various AlibabaCloud ACK and Kubernetes management, observability, and diagnostic tools into a unified AI-native toolset, enabling AI agents to interact with and manage container services through natural language.

Setup Requirements

  • ⚠️Requires Alibaba Cloud Access Key ID and Secret with specific RAM permissions (CS, Log, ARMS read-only minimum).
  • ⚠️Requires Python 3.12+ and a running Kubernetes cluster (preferably Alibaba Cloud ACK) accessible from the server.
  • ⚠️The `kubectl` command-line tool must be installed and configured in the environment for `ack_kubectl` functionality.
Verified SafeView Analysis
The server can execute arbitrary `kubectl` commands, including mutating operations, if `--allow-write` is enabled. It implements command filtering to prevent interactive commands and restrict write operations when `allow_write` is false. Sensitive credentials (Access Key ID/Secret) are configured via environment variables or command-line arguments, not hardcoded. Users should carefully manage the `--allow-write` flag due to the powerful capabilities granted to the AI agent.
Updated: 2026-01-15GitHub
PreviousPage 33 of 760Next