Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

60
131
Medium Cost
Sec9

Deploy secure, OAuth 2.0 authenticated Model Context Protocol (MCP) servers on AWS using CDK.

Setup Requirements

  • ⚠️Requires an AWS Account, AWS CLI, Node.js v14+, and AWS CDK installed globally.
  • ⚠️AWS CDK bootstrap is required for the account, and logging into public ECR is necessary for container images.
  • ⚠️Custom domain configurations have strict ACM certificate region requirements: CloudFront certificates must be in us-east-1, and ALB certificates must be in the deployment region.
Verified SafeView Analysis
The guidance emphasizes secure AWS hosting with WAF protection, standards-compliant OAuth 2.0 authentication using Amazon Cognito (RFC9728), and a stateless server architecture. No direct code execution or obfuscation risks were identified in the provided text, and the architecture diagram suggests a well-secured deployment.
Updated: 2025-11-18GitHub
60
291
High Cost
Shy2593666979 icon

AgentChat

by Shy2593666979

Sec2

An AI Agent platform for building, deploying, and managing AI assistants that integrate various tools, Large Language Models (LLMs), knowledge bases (RAG), and Model Context Protocol (MCP) servers.

Setup Requirements

  • ⚠️Requires Docker (v20.10+) and Docker Compose (v2.0+) for deployment.
  • ⚠️Requires various paid AI/tool API keys (e.g., OpenAI, Anthropic, Tavily, Alibaba Cloud, AMap) to enable full functionality.
  • ⚠️The `convert_to_pdf` tool implicitly requires LibreOffice to be installed in the backend environment/Docker image.
Review RequiredView Analysis
Critical vulnerability due to `exec()` of potentially user-controlled Python code for custom agents (`src/backend/agentchat/services/autobuild/client.py`) without clear sandboxing mechanisms. High risk from a hardcoded default JWT secret (`src/backend/agentchat/api/JWT.py`) and various default API keys in `config.yaml` (e.g., AMap, Tavily, Alibaba Cloud Delivery, various LLMs) that could be active if not overridden. The use of MD5 hashing for passwords (`src/backend/agentchat/api/services/user.py`) is insecure. Command execution via `subprocess.run` for the `convert_to_pdf` tool is present, though its current usage appears constrained.
Updated: 2026-01-12GitHub
60
7
Low Cost
ulasbilgen icon

mcp2skill-tools

by ulasbilgen

Sec4

Enables AI coding assistants like Claude Code to interact with various Model Context Protocol (MCP) servers and their tools via a unified REST API gateway.

Setup Requirements

  • ⚠️Requires Node.js >= 18.0.0 and npm >= 9.0.0.
  • ⚠️The `mcp2rest` daemon must be running for `mcp2scripts` or generated skills to function.
  • ⚠️For production deployments, `mcp2rest` requires a reverse proxy with authentication (e.g., Nginx, Caddy) to prevent unauthenticated arbitrary code execution if exposed to a public network. Default host `localhost` is safe for development.
  • ⚠️Using `mcp2rest service install` will configure it as a PM2 service, which requires PM2 to be available (implicitly handled by `npx pm2`).
Verified SafeView Analysis
The `mcp2rest` gateway allows dynamic addition of new MCP servers via its `POST /servers` REST API endpoint. When a server is added, `mcp2rest` executes `npx <package> [args]` to spawn the MCP server process. If the `mcp2rest` API is exposed on a public network (e.g., by configuring `--host 0.0.0.0`) *without a protective reverse proxy and authentication*, an attacker could use the `POST /servers` endpoint to add and execute arbitrary `npm` packages with arbitrary arguments, leading to remote code execution on the host machine. The documentation explicitly warns that 'Production users should put gateway behind reverse proxy (nginx) with auth.' This is a critical security step that is left to the user. Additionally, API keys and sensitive environment variables are stored in plaintext in `~/.mcp2rest/config.yaml`, necessitating secure file permissions.
Updated: 2025-11-25GitHub
60
80
High Cost
ankimcp icon

anki-mcp-server

by ankimcp

Sec9

This server seamlessly integrates Anki with AI assistants via the Model Context Protocol (MCP), enabling natural language interaction, dynamic note creation/editing, and interactive review sessions.

Setup Requirements

  • ⚠️Requires Anki desktop application with the AnkiConnect plugin installed and running.
  • ⚠️Requires Node.js version 20 or higher.
  • ⚠️Using the optional remote mode via ngrok requires a separate global ngrok installation (`npm install -g ngrok`) and a configured ngrok auth token.
Verified SafeView Analysis
The server includes an `OriginValidationGuard` to prevent DNS rebinding attacks on its HTTP interface, validating `Origin` and `Referer` headers against configurable allowed patterns (defaulting to localhost/127.0.0.1). Communication with Anki is handled via the local AnkiConnect plugin, limiting network exposure. The optional `ngrok` integration for public access is opt-in and requires the user to perform external setup, placing responsibility on the user. No hardcoded secrets were identified.
Updated: 2026-01-15GitHub
60
165
High Cost
alexei-led icon

aws-mcp-server

by alexei-led

Sec7

The AWS MCP Server allows AI assistants to execute AWS CLI commands and access AWS environment context, providing a powerful interface for cloud management and automation.

Setup Requirements

  • ⚠️Requires AWS CLI to be installed and configured with valid credentials.
  • ⚠️Requires Python 3.13+.
  • ⚠️Docker is highly recommended for enhanced security and a consistent execution environment.
Verified SafeView Analysis
The server *directly executes* AWS CLI commands via subprocess without application-layer command filtering, relying entirely on the host's IAM policies for authorization. It includes strong OS-level sandboxing (Landlock/Bubblewrap/Seatbelt) and recommends Docker hardening (read-only filesystem, dropped capabilities, PID limits) to mitigate host-level risks. However, a permissive IAM policy could allow the AI to perform destructive or unintended actions, as the server does not perform command validation beyond ensuring it's an 'aws' command. No hardcoded secrets or 'eval' patterns found.
Updated: 2025-12-02GitHub
60
69
Medium Cost

rohlik-mcp

by tomaspavlin

Sec7

Enhances LLMs with grocery shopping capabilities across Rohlik Group's online services.

Setup Requirements

  • ⚠️Requires Rohlik Group account (username/password) for a supported region (e.g., Rohlik.cz, Knuspr.de).
  • ⚠️Relies on a reverse-engineered Rohlik API, which may violate Rohlik's terms of service and carries inherent risks like potential instability or account issues.
  • ⚠️Requires Node.js and NPM/NPMX installed locally, and specific configuration within Claude Desktop's `claude_desktop_config.json`.
Verified SafeView Analysis
Uses real Rohlik account credentials (username/password) that are passed via environment variables. The server interacts with a reverse-engineered Rohlik API, which may violate Rohlik's terms of service and could lead to account issues. Running `npx` executes remote code. Debug mode (`ROHLIK_DEBUG`) could expose sensitive information in local logs if not properly secured.
Updated: 2025-11-17GitHub
60
8
Low Cost
iceener icon
Sec7

Control a Tesla vehicle remotely via the Tessie API using the Model Context Protocol (MCP) for AI agents.

Setup Requirements

  • ⚠️Requires a Tessie account and API access token, which is a paid service.
  • ⚠️Requires your Tesla vehicle's VIN to be configured as an environment variable.
  • ⚠️For Cloudflare Worker deployment, a KV namespace (`TOKENS`) must be created and configured in `wrangler.toml`.
  • ⚠️A random bearer token must be generated and configured (`BEARER_TOKEN`) for client authentication to the MCP server.
Verified SafeView Analysis
The server employs good practices for secret management (environment variables), encryption (AES-256-GCM for storage), and logging (redacting sensitive data). Client authentication uses a bearer token, which is validated against an environment variable. However, a critical security risk for production deployments is that the `isAllowedOrigin` function in `src/shared/mcp/security.ts` currently returns `true` for all origins, effectively disabling origin validation. The `README.md` explicitly warns about this, emphasizing the deployer's responsibility to harden the HTTP layer with proper token validation, secure storage, TLS, strict CORS/origin checks, rate limiting, and audit logging for remote deployments. If deployed without addressing the `isAllowedOrigin` placeholder, it becomes vulnerable to Cross-Origin Resource Sharing (CORS) attacks. For local development, this is generally acceptable.
Updated: 2025-12-09GitHub
60
145
Medium Cost
postmanlabs icon

postman-mcp-server

by postmanlabs

Sec9

The Postman MCP Server connects Postman to AI tools, giving AI agents and assistants the ability to access workspaces, manage collections and environments, evaluate APIs, and automate workflows through natural language interactions.

Setup Requirements

  • ⚠️Requires a valid Postman API Key, which may necessitate a paid Postman plan for certain advanced features like Enterprise tagging, private, or partner workspaces.
  • ⚠️Requires Node.js version 20.0.0 or higher.
  • ⚠️Specific toolsets (Minimal, Full, Code) are enabled via command-line flags (`--minimal`, `--full`, `--code`) or environment variables, with 'minimal' being the default if no flag is specified.
Verified SafeView Analysis
The server demonstrates strong security practices for API key management, requiring the `POSTMAN_API_KEY` environment variable and explicitly stating not to hardcode secrets. It uses a robust HTTP client (`fetch`) with timeouts and filters out potentially problematic headers. There are no instances of `eval` or obvious code obfuscation found. Network requests are well-encapsulated within the `PostmanAPIClient`. Telemetry data is reported asynchronously, which is a common practice for usage analytics and does not present an immediate security risk, though users should be aware of data collection. The use of `newman` for running collections is a standard tool but like any subprocess execution, requires careful handling of inputs.
Updated: 2026-01-09GitHub
60
92
High Cost
OctopusDeploy icon

mcp-server

by OctopusDeploy

Sec8

The server enables AI assistants to inspect, query, and diagnose problems within an Octopus Deploy instance by exposing its API as MCP tools.

Setup Requirements

  • ⚠️Requires Node.js >= v20.0.0
  • ⚠️Requires an Octopus Deploy instance accessible via HTTPS
  • ⚠️Requires an Octopus Deploy API Key for authentication
Verified SafeView Analysis
The server explicitly prioritizes security by defaulting to read-only operations and requiring API keys via environment variables or CLI arguments. It uses Zod for input validation, mitigating common injection risks. The primary security consideration, as noted in the README, is the inherent risk of reading potentially sensitive deployment logs and variables from the Octopus instance, which could be exposed if the connected AI client is not trusted. However, this is a risk associated with how the tool is used by the end-user rather than a vulnerability in the server's implementation.
Updated: 2026-01-19GitHub
60
163
High Cost
tableau icon

tableau-mcp

by tableau

Sec9

The Tableau MCP server provides a standardized interface for AI tools to interact with Tableau Cloud or Server, enabling AI-powered analytics, data exploration, and insight generation from Tableau workbooks, views, datasources, and Pulse metrics.

Setup Requirements

  • ⚠️Requires configuration of Tableau connection details (TABLEAU_SERVER, TABLEAU_SITE_NAME) and an authentication method (PAT_VALUE/PAT_NAME, UAT_PUBLIC_KEY, or DIRECT_TRUST_USERNAME) via environment variables.
  • ⚠️If OAuth is enabled, requires robust setup including `OAUTH_JWE_PRIVATE_KEY` and client registration.
  • ⚠️Data retrieval tools (`query-datasource`, `get-view-image`, list tools with high limits) can return large datasets or base64 encoded images, potentially leading to high token usage and longer response times. Users are advised to use aggregation and filters.
Verified SafeView Analysis
The server demonstrates strong security practices, particularly in its OAuth implementation with explicit SSRF mitigation using `isSSRFSafeURL` and DNS resolution. All sensitive configurations, including authentication secrets (PATs, UAT public keys, OAuth private keys, datasource credentials), are externalized to environment variables, preventing hardcoding. Logging includes masking of sensitive data when not in debug mode. However, the reliance on environment variables for critical secrets means secure environment management is crucial, as misconfiguration could expose sensitive information.
Updated: 2026-01-17GitHub
60
171
Low Cost
8beeeaaat icon

touchdesigner-mcp

by 8beeeaaat

Sec6

Enables AI agents to control and operate TouchDesigner projects programmatically, allowing for node manipulation, Python script execution, and project querying.

Setup Requirements

  • ⚠️Requires TouchDesigner (latest version recommended) to be running and accessible.
  • ⚠️The folder structure of the `mcp_webserver_base.tox` component must be preserved after extraction within TouchDesigner.
  • ⚠️Requires Node.js 18.x or later for NPM package usage, or Docker and Docker Compose for containerized deployment.
Verified SafeView Analysis
The server's core functionality includes executing arbitrary Python code (`exec_python_script`) directly within the TouchDesigner environment, which is inherently powerful and could be misused by an unconstrained AI agent. While the `get_module_help` tool's Python `help()` proxy was hardened to prevent code injection, the `exec_python_script` explicitly uses `exec` and `eval` as intended mechanisms. Network configurations default to loopback for HTTP mode in Docker, limiting external exposure by default. The security score reflects the high capabilities granted to an AI agent, which require careful management of the AI's permissions and input, rather than unaddressed vulnerabilities within the server's own implementation of its stated purpose.
Updated: 2026-01-10GitHub
60
205
Medium Cost
nailuoGG icon

anki-mcp-server

by nailuoGG

Sec9

Enables Large Language Models (LLMs) to interact with and manage Anki flashcards and decks using the AnkiConnect add-on, providing tools for creating, updating, searching, and organizing learning material.

Setup Requirements

  • ⚠️Requires the Anki desktop application to be installed and running on the local machine.
  • ⚠️Requires the AnkiConnect add-on to be installed within Anki.
Verified SafeView Analysis
The server operates locally, communicating via standard I/O (stdio) with the LLM client and connecting to AnkiConnect on 'localhost' (default port 8765 or user-specified local port). This architecture minimizes external network exposure. No hardcoded secrets or 'eval' statements were found. The primary security consideration is the potential misuse of Anki control by a compromised LLM, which is an inherent functional risk rather than a vulnerability in the server code itself. Robust error handling is implemented for AnkiConnect communication issues.
Updated: 2026-01-13GitHub
PreviousPage 36 of 760Next