Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(7756)

56
587
High Cost
joreilly icon
Sec9

Provides a Model Context Protocol (MCP) server exposing Fantasy Premier League player and fixture data as tools for AI models like Claude Desktop.

Setup Requirements

  • ⚠️Requires Java Runtime Environment (JRE) to execute the compiled JAR.
  • ⚠️Requires building the `shadowJar` Gradle task for the `mcp-server` module to generate the executable JAR.
  • ⚠️Integration with external applications (e.g., Claude Desktop) requires manual configuration, including updating a path to the server JAR.
Verified SafeView Analysis
The MCP server utilizes standard I/O for communication, limiting network attack surface. The data exposed (FPL player/fixture information) is public. Tool outputs use `toString()` for lists, which is verbose but unlikely to contain sensitive data. The `FantasyPremierLeagueAgent` module, if deployed alongside, defaults to an empty `apiKeyGoogle`, which would prevent LLM interaction without proper configuration, but this is not a direct security vulnerability of the core MCP server itself.
Updated: 2025-12-09GitHub
56
351
Medium Cost
eat-pray-ai icon

yutu

by eat-pray-ai

Sec9

Automate YouTube workflows by manipulating resources like videos, playlists, channels, comments, and captions through a CLI tool and an MCP server for AI assistants.

Setup Requirements

  • ⚠️Requires a Google Cloud Platform account and project setup, including enabling YouTube Data API v3 and generating OAuth Client ID credentials (Web Application type).
  • ⚠️Requires manual download of `client_secret.json` and interactive authentication (`yutu auth`) to obtain `youtube.token.json`.
  • ⚠️API quota limits (10,000 units/day) are in place, with operations costing between 1 (e.g., list activities) and 1600 (e.g., insert video) units. High usage can quickly deplete quotas.
Verified SafeView Analysis
The server handles OAuth2 authentication, requiring users to set up Google Cloud Platform credentials (`client_secret.json`) and store the resulting token (`youtube.token.json`) locally. These sensitive files are expected to be managed by the user, or passed as base64-encoded environment variables. The OAuth flow involves opening a browser and a local web server (http://localhost:8216) for callback, which is standard. The `OpenURL` utility uses `exec.Command` to open the authorization URL in the browser, which is acceptable in this context but generally `exec.Command` should be reviewed for potential command injection if inputs were untrusted. No direct `eval` or intentional obfuscation was found. The MCP server listens on `localhost`, limiting direct network exposure to the local machine.
Updated: 2025-12-13GitHub
56
124
Medium Cost
reza-gholizade icon

k8s-mcp-server

by reza-gholizade

Sec7

Provides a standardized Model Context Protocol (MCP) interface for interacting with Kubernetes clusters and Helm releases, enabling programmatic control and observation.

Setup Requirements

  • ⚠️Requires Go 1.23 or later installed for local compilation and execution.
  • ⚠️Requires access to a functional Kubernetes cluster and appropriate RBAC permissions for the server's operations.
  • ⚠️Requires proper Kubernetes authentication setup (e.g., a kubeconfig file, in-cluster service account, or explicit API server URL/token environment variables). Insufficient or incorrect permissions are a common friction point.
Verified SafeView Analysis
The server's core functionality involves directly interacting with the Kubernetes API and executing Helm commands based on client input, which inherently requires significant privileges within the Kubernetes cluster. The `CreateOrUpdateResourceJSON`, `CreateOrUpdateResourceYAML`, `HelmInstall`, `HelmUpgrade`, `HelmUninstall`, `HelmRollback`, and `HelmRepoAdd` functions directly apply user-provided Kubernetes manifests and Helm operations. The example `ClusterRole` provided in the README grants broad `*` permissions (`get`, `list`, `watch`, `create`, `update`, `patch`, `delete`) on core and `apps` API groups. This wide scope means that if the server itself is compromised or exposed to unauthorized users, it could be used to make extensive, potentially destructive, changes to the cluster. However, the project incorporates several good security practices: it supports a `--read-only` flag to disable all write operations, runs as a non-root user (`appuser` UID 1001) in Docker containers, and offers flexible authentication methods (environment variables for kubeconfig content/API server/token, in-cluster service account) to avoid hardcoding credentials. No obvious `eval`-like functions, hardcoded secrets, or malicious patterns were found in the provided Go source code. The primary security concern lies in properly securing access to the server's HTTP endpoints and ensuring the Kubernetes Service Account used by the server adheres to the principle of least privilege for the specific use case.
Updated: 2025-12-15GitHub
56
6
Medium Cost

agentic-ai-workshop

by JNPRAutomate

Sec7

This workshop focuses on exploring and implementing agentic AI patterns for network automation and management plane control using various networking protocols and operational tasks.

Setup Requirements

  • ⚠️Requires access to an LLM provider (e.g., OpenAI API Key, Anthropic API Key) or a local LLM setup (e.g., Ollama).
  • ⚠️Requires a lab environment with network devices or simulators (e.g., GNS3, EVE-NG, physical lab) for practical application of network automation use cases.
  • ⚠️Assumes familiarity with Python for running and customizing agents.
Verified SafeView Analysis
Cannot perform a detailed security audit without access to the code. Assumes a workshop environment. Potential risks could arise from LLM interactions (e.g., prompt injection, data leakage) and direct interaction with network devices if agents are configured to make changes without proper safeguards.
Updated: 2025-11-18GitHub
56
338
Low Cost
TheLunarCompany icon

lunar

by TheLunarCompany

Sec3

A programmable API gateway/proxy designed to intercept, analyze, and manage HTTP traffic. It enforces policies such as rate limiting, caching, retries, authentication, and dynamic routing based on configurable 'flows'. It also provides observability features like HAR collection, custom metrics, and AI token counting, operating within a distributed environment and communicating with a central 'Lunar Hub'.

Setup Requirements

  • ⚠️Requires a separate 'Lunar Proxy' service to operate as an interceptor (implied by Python example app's README).
  • ⚠️Requires a Redis instance (or Redis Cluster) for state management (queues, quotas).
  • ⚠️Some features (e.g., async queue, async retry processors) are marked as 'pro' version only.
  • ⚠️Requires several environment variables for configuration, including TENANT_NAME, LUNAR_API_KEY, BIND_PORT, ENGINE_ADMIN_PORT, LUNAR_SPOE_PROCESSING_TIMEOUT_SEC, and LUNAR_PROXY_PROCESSORS_DIRECTORY.
Review RequiredView Analysis
Critical security risks identified: 1. The `custom_script_processor.go` explicitly allows execution of user-provided JavaScript code via `gojaVM`, which is an 'eval' equivalent. This poses a severe remote code execution (RCE) risk if not rigorously sandboxed and restricted to trusted sources. 2. The `flows-validator` service exposes an HTTP endpoint (`/validate-flows`) that accepts base64 encoded YAML files, writes them to a temporary directory, and then processes them. This vulnerability could be exploited for arbitrary file uploads, directory traversal, resource exhaustion, or even RCE if the YAML parsing or validation process itself is vulnerable. 3. Several network services (admin API, async service API) are exposed, requiring robust external authentication and authorization measures.
Updated: 2025-12-12GitHub
56
2
Low Cost
thejens icon

lyngdorf-mcp

by thejens

Sec8

A Model Context Protocol (MCP) server for controlling Lyngdorf Audio devices (TDAI, MP, and CD series) via TCP, featuring auto-discovery, volume safety, and built-in documentation.

Setup Requirements

  • ⚠️Requires Node.js 22+.
  • ⚠️Relies on the `dns-sd` utility (native on macOS/Linux; may require Bonjour Print Services on Windows) for mDNS device discovery.
Verified SafeView Analysis
The server utilizes `child_process.spawn` to execute the `dns-sd` system utility for mDNS device discovery. While arguments for `dns-sd` are internally managed or derived from parsed `dns-sd` output, reliance on external executables always carries a minor risk of platform-specific inconsistencies or vulnerabilities in compromised environments. The `LYNGDORF_IP` environment variable allows manual IP specification, bypassing discovery, which could direct the server to an untrusted device if misconfigured. Volume control features include explicit safety checks (warning and hard limits). No `eval` or obvious hardcoded secrets were found.
Updated: 2025-12-04GitHub
56
54
Low Cost
portel-dev icon

ncp

by portel-dev

Sec7

NCP acts as a universal orchestrator for Model Context Protocol (MCP) servers, allowing AI agents to discover, manage, and execute tools from various sources (local, remote, internal, CLI, skills, photons) via a unified interface, while providing intelligent search, security controls, and scheduling capabilities. Its core function is to reduce tool-use hallucination and token consumption for AI.

Setup Requirements

  • ⚠️Requires Node.js runtime environment.
  • ⚠️External MCPs often require separate installation and authentication (e.g., `gh auth login` for GitHub CLI, or providing API keys).
  • ⚠️Enabling global CLI access via symlink to `/usr/local/bin/ncp` on macOS/Linux may require `sudo` privileges.
  • ⚠️Native dialogs for user confirmations (`zenity`, `osascript`, `powershell`) may require specific system dependencies, falling back to console prompts if unavailable.
Review RequiredView Analysis
The server's core functionality includes executing arbitrary TypeScript code (Code-Mode) and interacting with external MCPs, which inherently carries high risk. Robust security measures are in place to mitigate these risks, such as sandboxing code execution (worker_threads/vm.runInContext), network policy management (deny-by-default, allowlist, elicitation for user consent), explicit command validation to prevent shell injection, secure credential storage, and user elicitation (native dialogs or prompts) for dangerous operations. Output filtering also prevents sensitive information leaks from subprocesses. While comprehensive, the complexity and inherent nature of executing arbitrary code means a residual risk remains, requiring continuous auditing and vigilance. User supervision via confirmation dialogues is a critical safety feature.
Updated: 2025-12-14GitHub
56
103
Medium Cost
juspay icon

neurolink

by juspay

Sec8

A comprehensive AI development platform offering tools for code generation, refactoring, testing, and documentation, integrated with multiple AI providers and an extensible plugin architecture for advanced orchestration.

Setup Requirements

  • ⚠️Requires API Keys for all cloud AI providers (OpenAI, Anthropic, Google AI, AWS Bedrock, Azure, Mistral, HuggingFace), which can be paid services.
  • ⚠️Requires a local Ollama installation and running daemon if using the Ollama provider.
  • ⚠️Requires AWS or GCP account setup for Bedrock/Vertex, including proper IAM roles/permissions.
  • ⚠️May require a Redis instance if configured for conversation memory or a Mem0 API Key for Mem0 integration.
Verified SafeView Analysis
The project demonstrates strong efforts in input validation (Zod schemas), credential masking in logs, and content filtering via guardrails. Use of 'child_process.spawn' for external MCP servers is a potential risk but appears mitigated by configuration-based control rather than direct user input. Overall, it seems reasonably secure for its type, given explicit security features and patterns. No obvious 'eval' abuse was found.
Updated: 2025-12-15GitHub
56
120
Medium Cost
nulab icon
Sec8

Integrate Backlog API with AI agents (e.g., Claude) to manage projects, issues, wikis, and Git repositories through natural language commands.

Setup Requirements

  • ⚠️Requires a Backlog account with API access and an API key.
  • ⚠️Requires Docker or Node.js (v22+) runtime environment.
  • ⚠️Initial setup involves configuring MCP settings in your AI agent (e.g., Claude Desktop/Cline/Cursor) with environment variables.
  • ⚠️The 'project' toolset is highly recommended as many other tools depend on project data as an entry point.
Verified SafeView Analysis
The server relies on API keys passed via environment variables, which is a standard secure practice. Input validation is performed using Zod schemas for all tool parameters, mitigating common injection risks. GraphQL parsing for field selection is used, which typically processes queries safely by selecting existing keys. Configuration can be loaded from a `.backlog-mcp-serverrc.json` file in the home directory, but environment variables take precedence, offering a safeguard against untrusted local configurations. No direct use of 'eval' or other highly dangerous functions was found without clear justification.
Updated: 2025-12-02GitHub
56
71
Medium Cost
iceener icon
Sec7

Provides an LLM-friendly interface to control Spotify playback, search music, and manage playlists/saved songs, enabling voice control and smart-home automations.

Setup Requirements

  • ⚠️Requires Spotify Developer App registration with specific redirect URIs configured.
  • ⚠️For production/remote deployments, `RS_TOKENS_ENC_KEY` (or `TOKENS_ENC_KEY` for Workers KV) is critical for encrypting OAuth tokens; without it, tokens are stored in plaintext.
  • ⚠️The default origin validation allows *any origin* in production (src/shared/mcp/security.ts); this must be customized for public-facing deployments with a strict allowlist.
Verified SafeView Analysis
The core OAuth 2.1 PKCE implementation and encrypted token storage (for Node.js/Bun file system and Cloudflare Workers KV) are well-engineered. Rate limiting and concurrency control are present. However, the `isAllowedOrigin` function in `src/shared/mcp/security.ts` defaults to allowing *any origin* in production, which is a significant vulnerability if deployed publicly without customization. The default permissive CORS (`*`) also requires hardening for production. The README provides a clear warning about hardening for remote deployment, but the default implementation is insecure for public-facing use.
Updated: 2025-12-09GitHub
56
213
Medium Cost
magicyuan876 icon

mineru-tianshu

by magicyuan876

Sec3

Provides an API gateway for AI assistants (like Claude Desktop) to invoke a multi-modal AI data preprocessing platform, converting various data types (documents, images, audio, video) into structured Markdown and JSON formats.

Setup Requirements

  • ⚠️Requires NVIDIA GPU with Compute Capability >= 8.5 (especially for PaddleOCR-VL and MinerU, for GPU-accelerated processing)
  • ⚠️Depends on external backend services (FastAPI API server and LitServe GPU Workers) for actual data processing.
  • ⚠️Requires FFmpeg for video processing and BioPython for bioinformatics format parsing.
  • ⚠️First run will download large AI models (e.g., YOLO11x, SenseVoice, PaddleOCR-VL, MinerU) which can be several gigabytes, requiring significant disk space and a reliable internet connection.
Review RequiredView Analysis
Critical issues include: 1. The `file_url` parameter in the `parse_document` tool directly makes HTTP GET requests, which presents a significant Server-Side Request Forgery (SSRF) vulnerability if the input URL is not strictly validated (e.g., against an allowlist or blocking internal IPs), which is not evident in the provided code for `mcp_server.py`. 2. The `JWT_SECRET_KEY` is hardcoded to a default development value in `docker-compose.dev.yml`, explicitly `dev-secret-key-change-in-production`, which is a critical security risk if used in production or if the development environment is exposed.
Updated: 2025-12-12GitHub
56
108
Low Cost
paiml icon
Sec3

Zero-configuration AI context generation and code quality analysis for AI agents like Claude Code.

Setup Requirements

  • ⚠️Requires Rust/Cargo toolchain for installation from source or crates.io (Docker images are an alternative).
  • ⚠️Project-specific development workflow enforces 'ZERO BRANCHING' and 'pmat-book' documentation synchronization via mandatory Git hooks, which could be a friction point for contributors.
  • ⚠️Known critical vulnerability (570 'unwrap()' calls) requires immediate attention for production stability.
Review RequiredView Analysis
CRITICAL: The codebase has 570 known 'unwrap()' calls in production code, identified as a 'Cloudflare-class defect' which can lead to unhandled panics and system instability. While mechanisms like `cargo-audit` and `clippy` are integrated, this specific vulnerability significantly lowers the overall security posture. Addressing this is a high-priority item on the project's roadmap.
Updated: 2025-12-13GitHub
PreviousPage 38 of 647Next