Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(7756)

61
192
Low Cost
opensolon icon

solon-ai

by opensolon

Sec4

The Model Context Protocol (MCP) server provides an infrastructure for AI models to interact with external tools, resources, and prompts, enabling standardized asynchronous and synchronous communication.

Setup Requirements

  • ⚠️Requires a valid Baidu AppBuilder API Key for the 'solon-ai-search-baidu' module, which needs to be replaced in `TestUtils.java` for testing or configured appropriately for production.
  • ⚠️Requires a Java Development Kit (JDK) to build and run the application.
  • ⚠️Requires a compatible MCP client or an external AI service endpoint (e.g., Baidu AI Search) to interact with the server's functionalities.
Review RequiredView Analysis
1. **Arbitrary Command Execution Risk (High)**: The `StdioClientTransport` component, when used by a client connecting to this server, leverages `ProcessBuilder` to execute commands. If the `command` and `args` parameters provided to `ServerParameters` are sourced from untrusted or unvalidated external configuration (e.g., dynamic properties or instructions from a potentially compromised MCP server), it could lead to arbitrary command execution on the client's machine. 2. **Network Interaction Risks**: The `WebRxSseClientTransport` and `WebRxStreamableHttpTransport` dynamically receive message endpoints from the server. While standard for interactive protocols, a compromised MCP server could direct clients to malicious network resources. 3. **JSON Deserialization**: The use of `ObjectMapper` for deserializing JSON messages (`McpSchema.deserializeJsonRpcMessage`) is present. If not configured securely (e.g., allowing polymorphic deserialization without strict type checking), it could lead to remote code execution vulnerabilities. No explicit vulnerability is immediately apparent in the provided code, but it is a common attack vector in Java applications handling external JSON input.
Updated: 2025-12-15GitHub
61
219
High Cost

kagimcp

by kagisearch

Sec9

Provides search and summarization tools to LLMs via the Model Context Protocol (MCP) using Kagi's API.

Setup Requirements

  • ⚠️Requires a Kagi API Key; the search API is currently in closed beta and requires an invitation from Kagi.
  • ⚠️Requires global installation of the 'uv' package manager (for both setup and execution).
  • ⚠️May conflict with the LLM client's built-in web search functionality, requiring manual disabling in the client's settings.
  • ⚠️Local/development setup often requires specifying absolute paths to the project directory in configuration.
Verified SafeView Analysis
The server integrates with the Kagi API for its core functionality. API keys must be securely handled as environment variables. No obvious malicious code or severe vulnerabilities indicated in the provided README and file list. Standard practices like using 'uv' for package management are followed.
Updated: 2025-11-17GitHub
61
108
Low Cost
petabridge icon

memorizer-v1

by petabridge

Sec4

A .NET service enabling AI agents to store, retrieve, and semantically search through long-term memories using vector embeddings and PostgreSQL.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose
  • ⚠️Requires Ollama (local LLM service) for embeddings and chunking
  • ⚠️Requires PostgreSQL with pgvector extension (managed by Docker Compose)
Verified SafeView Analysis
CRITICAL: Hardcoded, weak default credentials (postgres/postgres, admin@example.com/admin) are present for PostgreSQL and pgAdmin in default docker-compose files and appsettings.json. Permissive CORS (AllowedOrigins: '*') is enabled by default. Ports (PostgreSQL 5432, pgAdmin 5050, Ollama 11434, Memorizer API 5000/8080) are exposed directly. While documentation exists for hardening, the default setup poses significant security risks for non-local or production deployments without modification. No 'eval' or obfuscation detected.
Updated: 2025-12-12GitHub
61
165
Low Cost
natsukium icon

mcp-servers-nix

by natsukium

Sec9

A Nix-based framework for configuring and deploying Model Control Protocol (MCP) servers with ready-to-use packages.

Setup Requirements

  • ⚠️Requires Nix installed on the system, including familiarity with flakes for advanced usage.
  • ⚠️Requires understanding of Nix packaging, overlays, and module system concepts.
  • ⚠️Dependencies on specific `nixpkgs` versions (e.g., `nixos-unstable`) might necessitate a modern Nix installation or specific pinning practices.
Verified SafeView Analysis
The framework leverages Nix's sandboxing for reproducible builds, which enhances security. It explicitly addresses secure credential handling via `envFile` and `passwordCommand` options, warning against hardcoding sensitive information directly into Nix configurations, which could expose data in the Nix store. No 'eval' or malicious patterns were found in the provided code snippets. Update scripts use trusted Nix tools and `sed` for local file modifications.
Updated: 2025-12-14GitHub
61
11
Medium Cost
Xeron2000 icon

redBookMCP

by Xeron2000

Sec9

Generate Xiaohongshu-style content, including intelligent outlines and corresponding images, facilitated by an AI agent.

Setup Requirements

  • ⚠️Requires Claude Desktop for integration as an MCP server.
  • ⚠️Requires an external image generation API (e.g., OpenAI compatible) with its associated API URL, API Key, and Model Name, which may be a paid service.
  • ⚠️Requires write permissions to the configured `DATA_DIR` for storing project data and generated images.
Verified SafeView Analysis
The server correctly uses environment variables for all sensitive configurations (API keys, URLs, data directories), preventing hardcoding. It does not use `eval` or similar dangerous functions. File system operations are confined to a configurable `DATA_DIR`. The primary network interaction is with an external, user-configured image generation API, which is standard for its function.
Updated: 2025-12-08GitHub
61
157
Medium Cost
a-bonus icon

google-docs-mcp

by a-bonus

Sec7

Provides a comprehensive Model Context Protocol (MCP) server that enables AI assistants to programmatically interact with Google Docs (reading, writing, formatting, structuring) and manage Google Drive files (discovery, folder management, file operations, document creation).

Setup Requirements

  • ⚠️Requires manual Google Cloud Project setup, including enabling Google Docs/Drive APIs, configuring OAuth consent screen (External user type, adding test users), and creating/downloading OAuth client ID credentials (desktop app type).
  • ⚠️Sensitive `credentials.json` and `token.json` files must be securely managed locally and explicitly excluded from version control (handled by `.gitignore`).
  • ⚠️The 'insertLocalImage' tool uploads images to Google Drive and makes them publicly accessible, which users must be aware of for privacy implications.
Verified SafeView Analysis
The server requests broad Google API scopes ('https://www.googleapis.com/auth/documents' and 'https://www.googleapis.com/auth/drive') for full read/write access to all Google Docs and Drive files, which is high privilege but necessary for full functionality. The 'insertLocalImage' tool explicitly makes uploaded images publicly readable on Google Drive, a significant privacy consideration, though it is documented. Service account authentication relies on an environment variable (`SERVICE_ACCOUNT_PATH`) pointing to a sensitive key file, which if compromised, could expose credentials. Input validation using Zod schemas for tool parameters helps prevent common injection vectors. No direct 'eval' or obvious command injection vulnerabilities were found in the provided code.
Updated: 2025-12-01GitHub
61
475
High Cost
cyberkaida icon
Sec9

Expose Ghidra's reverse engineering capabilities to AI models via a Model Context Protocol (MCP) server, primarily for headless integration and analysis.

Setup Requirements

  • ⚠️Requires Ghidra installation and GHIDRA_INSTALL_DIR environment variable to be set.
  • ⚠️Requires building and installing the ReVa Ghidra extension (Gradle and manual installation steps).
  • ⚠️Python 3.9+ environment with `pyghidra` setup is needed for the CLI and testing frameworks.
Verified SafeView Analysis
The server includes explicit API key authentication, which significantly enhances security, especially when binding to non-localhost interfaces (configurable via 'SERVER_HOST'). Default API keys are UUID-generated, and debug mode is off by default. The core tools interact with Ghidra's internal APIs, which are powerful but constrained within the program's context. Potential risks include misconfiguration (e.g., weak API key, open host without auth) or vulnerabilities in Ghidra's underlying APIs.
Updated: 2025-12-14GitHub
61
148
Medium Cost
gbrigandi icon

mcp-server-wazuh

by gbrigandi

Sec8

This Rust-based server acts as a bridge between a Wazuh SIEM system and applications requiring contextual security data, especially for AI assistants using the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires a running Wazuh server (v4.12 recommended) with its API and Indexer accessible.
  • ⚠️Critical environment variables for Wazuh API and Indexer credentials must be configured (e.g., in a `.env` file or directly in the shell).
  • ⚠️The default `WAZUH_VERIFY_SSL=false` is insecure; for production, it must be explicitly set to `true` with valid SSL certificates.
Verified SafeView Analysis
The server's tools primarily provide read-only access to Wazuh data, limiting the impact of potential misuse. It properly externalizes sensitive credentials to environment variables. However, the default setting of `WAZUH_VERIFY_SSL=false` for Wazuh API and Indexer connections is explicitly insecure and should be set to `true` in production environments after ensuring proper certificate validation.
Updated: 2025-12-12GitHub
61
227
Low Cost
EvalsOne icon

MCP-connect

by EvalsOne

Sec1

A lightweight bridge service that exposes local MCP servers as HTTP APIs, enabling cloud AI tools and agents to interact with various local MCP services via Streamable HTTP or a classic request/response bridge.

Setup Requirements

  • ⚠️Requires Node.js >= 22.0.0 and npm/yarn for local execution.
  • ⚠️Requires `AUTH_TOKEN` to be set for secure operation; defaults to unauthenticated access, which is a major security risk.
  • ⚠️Requires an E2B API Key (`E2B_API_KEY`) for cloud sandbox deployment, along with a Python 3.8+ environment (`pip install -r requirements.txt`).
  • ⚠️The `serverPath` in the `/bridge` endpoint or `command` in `mcp-servers.json` allows arbitrary command execution. Proper whitelisting, sanitization, or containerization is essential when exposing this service to untrusted input.
Review RequiredView Analysis
CRITICAL VULNERABILITIES: The `/bridge` endpoint allows an unauthenticated or authenticated client to specify an arbitrary `serverPath` in the request body. If this `serverPath` is a command (e.g., `rm -rf /`), the `MCPClientManager` will directly execute it via `StdioClientTransport`. This is a direct command injection vulnerability. Additionally, the `AUTH_TOKEN` environment variable defaults to an empty string, meaning the server runs unauthenticated by default. This allows any client to make calls, including exploiting the command injection. The `deploy/e2b/sandbox_deploy.py` script also fetches `startup.sh` and other configuration from a `remote_base` URL by default, which introduces a supply chain risk if the remote source is compromised. Sensitive environment variables like `N8N_API_KEY` can be included in `mcp-servers.json` and are handled via environment variable resolution, requiring careful management to prevent leaks.
Updated: 2025-12-11GitHub
61
189
Medium Cost
nailuoGG icon

anki-mcp-server

by nailuoGG

Sec9

Enables Large Language Models (LLMs) to interact with Anki flashcard software by providing a Model Context Protocol (MCP) server that communicates via AnkiConnect.

Setup Requirements

  • ⚠️Requires Anki desktop application to be installed and running.
  • ⚠️Requires the AnkiConnect add-on to be installed and enabled within Anki.
  • ⚠️Requires Node.js version 18.0.0 or higher.
  • ⚠️Manual configuration is needed in Claude Desktop or Cline settings unless using the provided .mcpb Desktop Extension.
Verified SafeView Analysis
The server primarily acts as a local intermediary between an LLM client and AnkiConnect, which runs locally. No 'eval' or obvious obfuscation was found in the source code. No hardcoded external API keys or secrets were identified. The major security consideration relies on the trust in the AnkiConnect plugin itself and the local Anki environment.
Updated: 2025-12-11GitHub
60
131
Medium Cost
Sec9

Deploy secure, OAuth 2.0 authenticated Model Context Protocol (MCP) servers on AWS using CDK.

Setup Requirements

  • ⚠️Requires an AWS Account, AWS CLI, Node.js v14+, and AWS CDK installed globally.
  • ⚠️AWS CDK bootstrap is required for the account, and logging into public ECR is necessary for container images.
  • ⚠️Custom domain configurations have strict ACM certificate region requirements: CloudFront certificates must be in us-east-1, and ALB certificates must be in the deployment region.
Verified SafeView Analysis
The guidance emphasizes secure AWS hosting with WAF protection, standards-compliant OAuth 2.0 authentication using Amazon Cognito (RFC9728), and a stateless server architecture. No direct code execution or obfuscation risks were identified in the provided text, and the architecture diagram suggests a well-secured deployment.
Updated: 2025-11-18GitHub
60
7
Low Cost
ulasbilgen icon

mcp2skill-tools

by ulasbilgen

Sec4

Enables AI coding assistants like Claude Code to interact with various Model Context Protocol (MCP) servers and their tools via a unified REST API gateway.

Setup Requirements

  • ⚠️Requires Node.js >= 18.0.0 and npm >= 9.0.0.
  • ⚠️The `mcp2rest` daemon must be running for `mcp2scripts` or generated skills to function.
  • ⚠️For production deployments, `mcp2rest` requires a reverse proxy with authentication (e.g., Nginx, Caddy) to prevent unauthenticated arbitrary code execution if exposed to a public network. Default host `localhost` is safe for development.
  • ⚠️Using `mcp2rest service install` will configure it as a PM2 service, which requires PM2 to be available (implicitly handled by `npx pm2`).
Verified SafeView Analysis
The `mcp2rest` gateway allows dynamic addition of new MCP servers via its `POST /servers` REST API endpoint. When a server is added, `mcp2rest` executes `npx <package> [args]` to spawn the MCP server process. If the `mcp2rest` API is exposed on a public network (e.g., by configuring `--host 0.0.0.0`) *without a protective reverse proxy and authentication*, an attacker could use the `POST /servers` endpoint to add and execute arbitrary `npm` packages with arbitrary arguments, leading to remote code execution on the host machine. The documentation explicitly warns that 'Production users should put gateway behind reverse proxy (nginx) with auth.' This is a critical security step that is left to the user. Additionally, API keys and sensitive environment variables are stored in plaintext in `~/.mcp2rest/config.yaml`, necessitating secure file permissions.
Updated: 2025-11-25GitHub
PreviousPage 33 of 647Next