Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(7756)

58
96
High Cost
Sec7

An AI agent system for deep code analysis and reasoning, likely leveraging large language models (LLMs).

Setup Requirements

  • ⚠️Requires Node.js and npm to install dependencies and run.
  • ⚠️Requires a Google Gemini API Key (Paid) for interaction with the Gemini LLM (inferred from test-gemini.js).
  • ⚠️Environment variables must be configured based on the .env.example file to provide necessary API keys and settings.
Verified SafeView Analysis
Relies on external AI APIs (e.g., Gemini) for core functionality, introducing network dependencies. Environment variables are used for sensitive configurations, which is standard practice. Without code content, specific 'eval' or obfuscation checks are not possible.
Updated: 2025-11-18GitHub
58
3
Low Cost
jpinsonneau icon

mcp-shield

by jpinsonneau

Sec3

Provides an OAuth proxy for Model Context Protocol (MCP) servers on OpenShift, handling OAuth 2.0 discovery, client registration, token exchange, and enhancing security with a proxy token system.

Setup Requirements

  • ⚠️Requires deployment on or with network access to an OpenShift cluster for full OAuth integration.
  • ⚠️If integrating with `mcp-gateway`, specific code modifications are required in `mcp-gateway` itself to enable standalone tool forwarding (details provided in `docs/mcp-gateway-changes.md`).
  • ⚠️The `OAUTH_AUTHORIZATION_SERVERS` environment variable is mandatory and must be correctly configured with the public URL where MCP Shield is accessible.
  • ⚠️When deploying with `loki-mcp-server`, the Loki MCP image (`quay.io/jpinsonn/loki-mcp:dev` in examples) might need to be built from source if not available in a public registry.
Review RequiredView Analysis
The server's HTTP client (`internal/handlers/oauth_token.go`) explicitly disables SSL certificate verification (`InsecureSkipVerify: true`) when communicating with the OpenShift OAuth token endpoint. This critically exposes the system to man-in-the-middle attacks, even if intended for environments with self-signed certificates. Additionally, the `INSPECTOR_ORIGIN` environment variable, used for CORS headers, defaults to '*' (allowing all origins) if not explicitly set. While convenient for development, this is a significant security risk in production, potentially exposing sensitive information or allowing unauthorized cross-origin requests.
Updated: 2025-12-01GitHub
58
41
High Cost
mkellerman icon

bmad-mcp-server

by mkellerman

Sec7

Provides AI assistants with access to a comprehensive software development methodology (BMAD) including specialized agents, automated workflows, and resources through the Model Context Protocol.

Setup Requirements

  • ⚠️Node.js 18+ required.
  • ⚠️Git command-line client must be installed and configured for Git remote functionality (e.g., SSH keys for private repositories).
  • ⚠️Requires an MCP-compatible client for interaction (e.g., Claude Desktop, VS Code with Copilot).
Verified SafeView Analysis
The server's core functionality involves cloning Git repositories from arbitrary URLs specified by the user or CLI arguments. While Git operations are handled with proper path sanitization (e.g., using `path.join`), the content of these remote repositories is not inherently trusted. However, the execution model of BMAD agents within this server is to generate text-based prompts and instructions for an LLM, rather than executing arbitrary code from the loaded content directly within the Node.js process, which mitigates direct code execution risks. No use of `eval` or similar dynamic code execution found. No hardcoded production secrets identified.
Updated: 2025-12-08GitHub
58
3
Medium Cost
broisnischal icon

vite-mcp

by broisnischal

Sec7

A Vite plugin that provides Model Context Protocol (MCP) server capabilities for browser development, enabling AI agents to interact with and observe browser environments in real-time.

Setup Requirements

  • ⚠️Requires the target browser page to be open and the Vite dev server running for the browser bridge to be active.
  • ⚠️For Single Page Applications (SPAs) or Server-Side Rendered (SSR) frameworks (e.g., React Router, Remix), a manual `import 'virtual:mcp';` must be added at the very top of the app's entry file.
  • ⚠️For TypeScript projects, you may need to update `tsconfig.json` to include type declarations for `virtual:mcp`.
Verified SafeView Analysis
The plugin runs within a Vite development server and sets up a WebSocket connection (HMR) to a browser-side bridge. This bridge executes adapter handlers based on messages received over the WebSocket. While this is the core functionality, and input/output schemas are used for validation, an attacker gaining control of the WebSocket channel could potentially execute arbitrary browser-side JavaScript through forged tool calls. The HTTP endpoints also use `Access-Control-Allow-Origin: *`, which is common for dev servers but means they are accessible from any origin. For its intended use as a local development tool, the risks are generally acceptable, but it's important to be aware of the direct code execution mechanism in the browser environment.
Updated: 2025-12-13GitHub
58
52
Medium Cost
ankimcp icon

anki-mcp-server

by ankimcp

Sec9

Seamlessly integrates Anki with AI assistants through the Model Context Protocol for natural language interaction with flashcards and spaced repetition systems.

Setup Requirements

  • ⚠️Requires Anki desktop application with AnkiConnect plugin installed and configured.
  • ⚠️Node.js 20+ runtime is required.
  • ⚠️Using `--ngrok` requires global installation of `ngrok` and a configured auth token.
  • ⚠️Updating notes (`updateNoteFields`) will silently fail if the target note is open in the Anki browser.
Verified SafeView Analysis
The server includes an `OriginValidationGuard` to mitigate DNS rebinding attacks in HTTP mode, a critical security measure for local proxies. It binds to `127.0.0.1` by default and allows `ALLOWED_ORIGINS` to be configured. The `AnkiConnectClient` supports an optional API key. The `--ngrok` feature, while convenient, correctly warns users about the privacy implications of exposing a local service publicly. No `eval` or hardcoded sensitive data found.
Updated: 2025-12-14GitHub
58
3
Medium Cost
Dav082004 icon
Sec8

Automate project management and issue creation using GitHub Copilot and MCP Server by transforming requirements into actionable GitHub tasks.

Setup Requirements

  • ⚠️Requires GitHub Copilot CLI installation (npm install)
  • ⚠️Requires GitHub account authentication for CLI tools
  • ⚠️Requires configuration of GitHub MCP Server (setup details not provided in source code)
  • ⚠️GitHub Copilot Pro subscription needed for advanced automatic issue resolution (optional)
Verified SafeView Analysis
The provided 'SOURCE CODE' is limited to markdown files (README and project requirements) and does not include the actual server-side code for 'GitHub MCP Server'. Therefore, a direct security audit of the server's implementation is not possible based on the given information. The security score reflects the absence of immediately apparent risks in the provided documentation, assuming standard security practices for GitHub Copilot CLI installation and authentication are followed. The underlying GitHub Copilot CLI and GitHub MCP Server would require their own security audits.
Updated: 2025-11-29GitHub
58
33
Medium Cost
railsblueprint icon

blueprint-mcp

by railsblueprint

Sec8

Enables AI assistants to control a real browser (Chrome, Firefox, Opera) through a browser extension, ideal for interacting with logged-in sessions and avoiding bot detection.

Setup Requirements

  • ⚠️Requires Node.js 18+ to run the server.
  • ⚠️Requires a specific browser extension (Blueprint MCP for Chrome/Firefox/Opera) to be installed and manually connected in the browser.
  • ⚠️PRO features (cloud relay, multiple browsers) require OAuth2 authentication, which involves an interactive browser login flow.
  • ⚠️The default port (5555) might already be in use by another instance, requiring manual killing of the process or specifying a different port.
Verified SafeView Analysis
The server design uses a browser extension for automation, which inherently involves executing JavaScript in the browser context via DevTools Protocol (`Runtime.evaluate`). This means the AI agent effectively has the ability to run arbitrary JavaScript on the web pages it controls. The default local WebSocket connection (`127.0.0.1:5555`) is secure. The PRO tier uses OAuth2 authentication for cloud relay connections, with tokens stored securely using file locking (`proper-lockfile`). JWTs are decoded by the client but not validated, relying on the relay server for validation, which is an appropriate separation of concerns. No obfuscation or obvious malicious patterns were found in the provided code. The project is transparent about the inherent security implication of giving AI control over a browser.
Updated: 2025-12-08GitHub
58
111
High Cost
CelestoAI icon

agentor

by CelestoAI

Sec6

A framework for building, prototyping, and deploying scalable AI agents with tool integration and multi-agent communication capabilities.

Setup Requirements

  • ⚠️Requires API keys for LLMs (OpenAI, Gemini, etc.), Celesto AI, WeatherAPI.com, and Bright Data (for LinkedIn scraping), which are typically paid services.
  • ⚠️The `PostgreSQLTool`, if used, allows agent-generated arbitrary SQL execution, posing a significant security risk for database access.
  • ⚠️The `GitTool`, if used, enables agents to perform sensitive Git operations (cloning, committing, pushing) which could lead to unintended changes or data loss.
  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Deployment to cloud requires `lightning deploy` (for LitServe) or `celesto deploy` (for Celesto AI platform).
Review RequiredView Analysis
The framework allows for the integration and deployment of various tools, some of which expose significant security risks if not carefully managed. The `PostgreSQLTool` allows agents to execute arbitrary SQL queries, posing a direct SQL injection vulnerability if the LLM's inputs are not perfectly aligned or if the agent is exploited. The `GitTool` enables arbitrary Git operations (clone, push, commit), which could lead to repository corruption or data loss if misused. The `fastmcp` proxy feature (part of `celesto_sdk`) can proxy to any remote MCP server, requiring users to ensure the `remote_url` is trusted. API keys are handled via environment variables, which is good practice, but the presence of powerful tools necessitates strict access control and LLM safety measures.
Updated: 2025-12-14GitHub
57
512
Medium Cost
Canner icon

wren-engine

by Canner

Sec8

The Wren MCP Server acts as a semantic layer for the Wren Engine, providing a Model Context Protocol (MCP) interface for AI agents to interact with enterprise data sources, enabling accurate and governed data querying through semantic understanding.

Setup Requirements

  • ⚠️Requires JDK 21+ for the underlying Wren Engine Java component.
  • ⚠️Relies on 'uv' (a fast Python package manager) for setting up the Python environment for the MCP server.
  • ⚠️Critical environment variables (WREN_URL, CONNECTION_INFO_FILE, MDL_PATH) must be correctly configured.
Verified SafeView Analysis
The system correctly handles sensitive database connection information (e.g., credentials) via environment variables or external configuration files, preventing hardcoded secrets. Internal 'eval' functions in the Rust core are type-safe expression evaluators, not general-purpose code execution, limiting injection risks. Primary security considerations are operational, focusing on securing the network endpoints of the distributed components (MCP server, Ibis server, Wren Engine) and ensuring appropriate file permissions for configuration and MDL files.
Updated: 2025-12-08GitHub
57
71
High Cost
stevereiner icon

flexible-graphrag

by stevereiner

Sec8

The Flexible GraphRAG MCP Server provides a Model Context Protocol (MCP) interface for AI assistants (like Claude Desktop) to interact with a sophisticated RAG and GraphRAG system for document processing, knowledge graph auto-building, hybrid search, and AI Q&A.

Setup Requirements

  • ⚠️Requires a separate FastAPI backend server (flexible-graphrag) running on port 8000.
  • ⚠️Requires Python 3.10+, UV package manager, Node.js 16+, npm/yarn, and either Ollama or an OpenAI API key.
  • ⚠️Critical: Switching between different LLM embedding models (e.g., OpenAI vs. Ollama) necessitates manual deletion of existing vector indexes due to dimension incompatibility.
  • ⚠️Critical: For Ollama, the `OLLAMA_NUM_PARALLEL=4` environment variable must be set system-wide (not in `.env`) and the Ollama service restarted to enable parallel document processing and prevent errors.
Verified SafeView Analysis
The system follows good practices by externalizing sensitive credentials into environment variables (`.env`). However, the frontend UI code includes default `admin/admin` credentials for CMIS/Alfresco forms, which, while meant as placeholders, could lead to users inadvertently operating with insecure defaults if not properly configured in the backend's `.env` file. The server connects to various external data sources (S3, GCS, SharePoint, etc.) requiring API keys and access tokens; proper management of these credentials is critical to avoid unauthorized access or data exposure. There are no obvious signs of malicious patterns, `eval` usage on untrusted input, or obfuscation in the truncated code.
Updated: 2025-11-26GitHub
57
14
Low Cost
PatrickSys icon
Sec9

Provides AI coding agents with real-time, context-aware understanding of a specific codebase, including internal libraries, team patterns, and architectural conventions, to improve code generation and review.

Setup Requirements

  • ⚠️Requires OPENAI_API_KEY if 'openai' is chosen as embedding provider (default is local 'transformers.js').
  • ⚠️Initial indexing can take several minutes (e.g., 2-5 mins for 30k files) as it processes and embeds the entire codebase.
  • ⚠️The default 'transformers' embedding provider will download a ~130MB model locally on its first run.
Verified SafeView Analysis
The server primarily operates on local codebases and uses standard configuration methods for sensitive data like API keys (environment variables). It relies on established local ML/DB libraries (@xenova/transformers, @lancedb/lancedb). Network calls for embeddings are made to OpenAI (if configured) or for local model downloads, which are expected for its functionality. There are no obvious hardcoded secrets, 'eval' usage, or other direct malicious patterns identified in the provided source.
Updated: 2025-12-11GitHub
57
161
High Cost
kevinwatt icon

yt-dlp-mcp

by kevinwatt

Sec8

Provides AI agents with tools to interact with video platforms for content retrieval, metadata extraction, searching, and transcription.

Setup Requirements

  • ⚠️Requires `yt-dlp` to be installed globally on the host system.
  • ⚠️Requires Node.js and `ejs` (or PhantomJS) to be installed for full YouTube functionality (e.g., signature solving for some formats).
  • ⚠️Linux users may need the `secretstorage` Python module for browser cookie extraction.
Verified SafeView Analysis
The server relies heavily on executing the external `yt-dlp` binary with user-provided URLs and parameters. While the code implements robust URL validation, filename sanitization, and Zod schema validation to mitigate injection risks, the inherent nature of spawning external processes always carries some risk if `yt-dlp` itself has vulnerabilities or if the sanitization has unknown bypasses. Temporary files for subtitles/transcripts are created in the system's temporary directory and are safely cleaned up. Cookie handling is done via environment variables (file path or browser extraction), which is a secure practice and prevents hardcoding credentials. No 'eval' or malicious obfuscation patterns were detected.
Updated: 2025-12-07GitHub
PreviousPage 36 of 647Next