Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

63
255
High Cost
claude-did-this icon

MCPControl

by claude-did-this

Sec6

A Windows control server for the Model Context Protocol, enabling AI models to programmatically control system operations such as mouse, keyboard, window management, and screen capture.

Setup Requirements

  • ⚠️Supports Windows only.
  • ⚠️The `keysender` provider requires native build tools (VC++ workload, Python for node-gyp) to compile native modules.
  • ⚠️The `autohotkey` provider requires AutoHotkey v2.0+ to be installed on the system.
  • ⚠️Optimal click accuracy is achieved in a virtual machine at 1280x720 resolution, suggesting potential issues at other resolutions or multi-monitor setups.
  • ⚠️HTTPS/TLS certificates are mandatory for production deployments for secure remote access.
Review RequiredView Analysis
This software grants AI models direct, programmatic control over the operating system's UI (mouse, keyboard, window management, screen capture), which is an inherently high-risk capability. The AutoHotkey provider executes dynamically generated scripts via `execSync`, which is a powerful and potentially risky operation. While strong input validation (Zod schemas, detection of dangerous key combinations) and mandatory HTTPS for remote production deployments are implemented to mitigate risks, the fundamental nature of the tool requires extreme caution. The project explicitly warns users of its experimental and potentially dangerous nature.
Updated: 2025-12-02GitHub
63
223
Medium Cost
carterlasalle icon

mac_messages_mcp

by carterlasalle

Sec7

Enables AI assistants to interact with the macOS Messages app for reading, sending, and searching messages, including universal messaging capabilities with SMS/RCS fallback.

Setup Requirements

  • ⚠️Requires macOS 11+ and the Messages app to be configured and active.
  • ⚠️Requires 'Full Disk Access' permission for the terminal application or AI assistant in macOS System Settings.
  • ⚠️Requires Python 3.10+ and the 'uv' package manager to be installed first.
Verified SafeView Analysis
The application requires 'Full Disk Access' permission on macOS for the terminal or AI application, which grants high privileges and should be granted with caution. It interacts with macOS system services (AppleScript) and SQLite databases. While efforts are made to sanitize user inputs for AppleScript commands using string replacement to prevent injection, and parameterized queries are used for SQLite, direct interaction with shell commands (`subprocess.run(cmd, shell=True)`) in `get_addressbook_contacts_subprocess` is generally discouraged even if the command string is static. If exposed via `mcp-proxy` for Docker, binding to `0.0.0.0` is a network security risk if not properly restricted or authenticated in production.
Updated: 2026-01-18GitHub
62
191
Medium Cost
dynatrace-oss icon

dynatrace-mcp

by dynatrace-oss

Sec9

The Dynatrace MCP Server allows AI Assistants to interact with the Dynatrace observability platform, bringing real-time observability data directly into development workflows for contextual debugging, security insights, and automation.

Setup Requirements

  • ⚠️Requires a valid Dynatrace Platform Environment URL (DT_ENVIRONMENT).
  • ⚠️Interactive OAuth 2.0 Authorization Code Flow requires human intervention to open a browser and grant access if no other authentication credentials are provided.
  • ⚠️Using capabilities that query Dynatrace Grail (e.g., `execute_dql`) may incur additional costs based on data scanned. The server includes budget tracking (DT_GRAIL_QUERY_BUDGET_GB) but vigilance is advised.
Verified SafeView Analysis
The server implements OAuth 2.0 flows (Client Credentials and Authorization Code with PKCE) for authentication, using `node:crypto` for secure random generation and hashing. Secrets are expected via environment variables, and the OAuth client ID for the interactive flow is a hardcoded non-secret identifier. A temporary local HTTP server is started for OAuth redirect handling, binding to localhost or a Codespaces-forwarded URL, which is a standard pattern for interactive flows. No `eval` or obvious malicious code patterns were found. The project is open-source, promoting transparency.
Updated: 2026-01-19GitHub
62
75
Low Cost
Intina47 icon

context-sync

by Intina47

Sec8

Context Sync provides AI systems with persistent, queryable memory across all development tools, sessions, and projects, allowing AI to remember codebase details, architectural decisions, and conversation history.

Setup Requirements

  • ⚠️Requires Node.js 16+.
  • ⚠️Notion integration requires a Notion API token and sharing specific pages with the integration.
  • ⚠️Restarting your AI tool (e.g., Claude Desktop, Cursor, VS Code) is often required after installation or configuration changes.
Verified SafeView Analysis
The server operates locally, minimizing network exposure. File operations include path validation and size limits, and require explicit user approval for writes/deletes. Git integration uses `execSync` for external commands, which is a potential risk vector but is constrained to `git` commands and attempts to sanitize inputs using quoted paths. No hardcoded secrets were identified; Notion API keys are expected to be user-configured. The architecture is 'local-first' and 'open source' promoting transparency and user control over data.
Updated: 2026-01-10GitHub
62
107
Medium Cost
BingoWon icon

apple-rag-mcp

by BingoWon

Sec9

Provides a comprehensive RAG (Retrieval-Augmented Generation) server for AI agents to search and retrieve content from Apple's developer documentation and WWDC transcripts.

Setup Requirements

  • ⚠️Requires an external PostgreSQL database with pgvector extension for RAG data storage.
  • ⚠️Requires a Cloudflare D1 database for authentication, rate limiting, and logging, configured via Wrangler bindings.
  • ⚠️Requires a DeepInfra API key (a paid service) for embedding generation and AI reranking.
  • ⚠️Designed to be deployed as a Cloudflare Worker, requiring a Cloudflare account and Wrangler CLI setup.
Verified SafeView Analysis
The server uses Cloudflare Workers, which provides a secure execution environment. Sensitive configurations (API keys, database credentials) are correctly handled via environment variables (Cloudflare Secrets) and not hardcoded. Database interactions use parameterized queries via 'postgres' library, reducing SQL injection risks. Input validation for URLs and queries is in place, and URL normalization helps prevent malformed requests. Logging includes user and request details for auditing. Dual-model fallback for reranking adds resilience. Background D1 writes ensure logging does not block the main request, enhancing performance and stability.
Updated: 2025-12-08GitHub
62
503
High Cost
cyberkaida icon
Sec8

Provides an MCP (Model Context Protocol) server to expose Ghidra's reverse engineering capabilities for AI models and automated binary analysis in a headless environment.

Setup Requirements

  • ⚠️Requires a pre-existing Ghidra installation with `GHIDRA_INSTALL_DIR` environment variable set.
  • ⚠️Requires building the Java Ghidra extension with Gradle and manual installation of the resulting .zip file into Ghidra.
  • ⚠️Requires Java 21 Runtime Environment.
  • ⚠️Requires Python and specific dependencies via `pip install -r tests/requirements.txt`.
Verified SafeView Analysis
The MCP server is a network service, which carries inherent risks. However, it provides API key authentication, which should be enabled for production use. No obvious 'eval' or hardcoded secrets were found in the provided source code. Tool operations are primarily interactions with Ghidra's robust APIs within a transaction management system.
Updated: 2026-01-19GitHub
62
19
High Cost
CooperCyberCoffee icon

opencti_mcp_server

by CooperCyberCoffee

Sec9

Connects Claude Desktop to OpenCTI's threat intelligence platform for AI-augmented threat intelligence analysis and reporting, enabling natural language queries and context-aware responses.

Setup Requirements

  • ⚠️Requires Claude Desktop for MCP integration.
  • ⚠️Requires OpenCTI 6.x instance.
  • ⚠️Requires Claude Pro subscription (if using cloud LLM) or local LLM (e.g., Ollama) running for AI analysis.
Verified SafeView Analysis
Comprehensive security audit report is provided within the codebase. The project implements multi-layered security controls including TLP filtering (server-side and client-side), robust input validation (against SQL/XSS/template injection, path traversal, null bytes), secure configuration practices (e.g., `yaml.safe_load()`), rate limiting, and detailed audit logging with SHA256 integrity hashing for tamper detection. Default network binding is `127.0.0.1` (localhost only). Dependencies are actively monitored for CVEs and explicitly updated (e.g., `cryptography` CVE fixes in v0.4.2). Parameter sanitization is performed before logging sensitive data.
Updated: 2025-11-29GitHub
62
112
Low Cost
VectifyAI icon

pageindex-mcp

by VectifyAI

Sec8

This MCP server acts as a bridge, enabling LLM-native, reasoning-based RAG on documents (local or online PDFs) for MCP-compatible agents like Claude and Cursor, without requiring a vector database locally.

Setup Requirements

  • ⚠️Requires Node.js >=18.0.0
  • ⚠️Requires OAuth authentication with the PageIndex service, involving a browser redirect.
  • ⚠️Relies on connection to a remote PageIndex API ('https://chat.pageindex.ai' by default).
  • ⚠️Document size limit of 100MB for PDF processing.
Verified SafeView Analysis
The server uses standard OAuth 2.1 for authentication, involving a temporary local HTTP server for callback and storing tokens with restrictive file permissions (0o600). It handles local and remote PDF uploads, performing validation (size, PDF magic bytes) to mitigate risks, and uploads files via signed URLs to a remote PageIndex API. No 'eval', code obfuscation, or hardcoded secrets were identified. The primary network risks are inherent in fetching external PDFs and relying on the security of the remote PageIndex API, though the local server includes validation steps.
Updated: 2026-01-19GitHub
62
61
Medium Cost
skilder-ai icon

skilder

by skilder-ai

Sec9

Skilder is an infrastructure layer for AI agent tooling, providing a private tool registry with embedded runtimes that works across any agent environment.

Setup Requirements

  • ⚠️Requires Docker to run the entire platform.
  • ⚠️A one-time setup step (`npm run setup-local`) is required to generate cryptographic keys, which depends on Node.js locally.
  • ⚠️Local development requires Node.js v22+.
Verified SafeView Analysis
The system demonstrates a strong focus on security. Cryptographic keys (JWT and NATS operator keys) are generated and managed securely outside the repository (`dev/.docker-keys/`) with strict file permissions, or via Docker volumes in production, preventing hardcoded secrets. Authentication enforces database-verified workspace access, mitigating stale token issues. Rate limiting is implemented for API calls, OAuth, and key validation. OAuth uses encryption for client secrets and a nonce-based state service for CSRF protection. GraphQL subscriptions include periodic re-validation of user access. While `whitelist=0.0.0.0/0` is used for Dgraph Alpha in development, production `docker-compose.yml` uses more restrictive IP whitelisting. No `eval` or intentional obfuscation was found.
Updated: 2025-12-14GitHub
62
223
High Cost
azure-ai-foundry icon

mcp-foundry

by azure-ai-foundry

Sec2

A Model Context Protocol (MCP) server for Azure AI Foundry, providing a unified set of tools for interacting with Azure AI models, knowledge bases (AI Search), evaluation services, and finetuning operations.

Setup Requirements

  • ⚠️Requires 'uv' (universal Python package manager) for execution.
  • ⚠️Requires Azure CLI to be installed and configured for Azure resource management tools.
  • ⚠️Extensive Azure cloud service dependencies (Azure AI Search, Azure OpenAI, Azure AI Project, Azure Cognitive Services) requiring active subscriptions and API keys/credentials.
  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Setting `SWAGGER_PATH` environment variable is required for dynamic Swagger tool registration.
Review RequiredView Analysis
CRITICAL: The `az` helper function, used by `mcp.tool` functions like `create_azure_ai_services_account` and `create_foundry_project`, directly passes user-controlled `subscription_id` and `resource_group` parameters to `subprocess.run` without sufficient sanitization. This creates a severe command injection vulnerability. CRITICAL: The dynamic Swagger tool execution (`swagger.py`) uses `url.replace(placeholder, str(param_value))` to construct URLs from path parameters without URL encoding. This allows for URL injection/path traversal if `param_value` contains malicious characters (e.g., `/../` or encoded slashes).
Updated: 2025-11-19GitHub
62
114
Low Cost
marcuspat icon

turbo-flow-claude

by marcuspat

Sec8

An advanced agentic development environment designed for AI-powered coding, orchestration, and quality assurance, facilitating complex software development workflows.

Setup Requirements

  • ⚠️Requires API keys for Anthropic, OpenRouter, Google Gemini, OpenAI, Grok (for PAL MCP and Claudish)
  • ⚠️Node.js (LTS, v20+) is required
  • ⚠️Git is required for cloning and agent management
  • ⚠️DevPod needs to be installed for cloud/remote workspace setup (macOS: brew install, Windows: choco install, Linux: curl script)
  • ⚠️PAL MCP server requires manual `.env` file configuration after setup
  • ⚠️Playwright requires installation of browser binaries
  • ⚠️Python tools (uv, specify-cli) are installed via `uv`
Verified SafeView Analysis
The project emphasizes 'Verification-First Development' and 'Byzantine Fault Tolerance' within its agentic workflows, includes dedicated security agents (e.g., `github-security-manager`, `qe-security-scanner`), and has a security policy for vulnerability reporting. API keys for various AI models (Anthropic, OpenAI, Gemini, Grok, OpenRouter, n8n) are explicitly documented to be configured via environment variables (e.g., in `.env` files for PAL MCP), which is a good practice. The `claude --dangerously-skip-permissions` option is noted as an explicit user choice. Overall, the environment is designed with a strong security posture and provides tools for secure development, but ultimate safety depends on user configuration and operational practices.
Updated: 2026-01-18GitHub
62
157
Low Cost
notargs icon

UnityNaturalMCP

by notargs

Sec7

Integrates Unity Editor with Model Context Protocol (MCP) clients like AI coding assistants, enabling direct execution of Unity C# tools from these clients.

Setup Requirements

  • ⚠️Requires Unity 6000.0 or later.
  • ⚠️Requires Node.js 18.0.0 or later for the 'mcp-stdio-to-streamable-http' proxy if not using Streamable HTTP directly.
  • ⚠️Requires specific Unity packages (UniTask, NugetForUnity) and NuGet packages (System.Text.Json, ModelContextProtocol, Microsoft.Extensions.DependencyInjection), with ModelContextProtocol being in preview.
  • ⚠️WSL2 setup requires specific '.wslconfig' and caution regarding binding IP to '*' in Unity settings.
Verified SafeView Analysis
The server explicitly mentions a cautionary setup step for WSL2 that involves binding the IP address to '*' (all interfaces), which is generally not recommended for security unless properly firewalled. The project is also noted as being in 'preview stage', which often implies less mature security hardening. No direct 'eval' or malicious patterns were observed in the provided snippets.
Updated: 2026-01-19GitHub
PreviousPage 34 of 760Next