Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

58
3
Medium Cost
mnfst icon
Sec4

Generate Model Context Protocol (MCP) servers from database datasources for integration with AI agents, using a visual canvas interface for tool creation and management.

Setup Requirements

  • ⚠️Requires Node.js 20.x or higher
  • ⚠️Requires npm 9.x or higher
  • ⚠️Requires Docker and Docker Compose (for MySQL database instance)
  • ⚠️Requires an OpenAI API key (paid service) configured in the .env file
  • ⚠️Requires a `CREDENTIALS_ENCRYPTION_KEY` environment variable (32+ characters) for datasource password encryption
Verified SafeView Analysis
This is a Proof-Of-Concept application explicitly labeled as 'Work In Progress' and 'Do not use in production'. **Identified Risks for Production Use:** - **No user authentication or authorization:** All API endpoints and generated MCP servers are publicly accessible without any form of access control. - **Broad CORS policy:** `app.enableCors({ origin: true, credentials: true })` is enabled for all origins in `backend/src/main.ts`. - **Limited Input Sanitization:** Explicitly stated in `CONTRIBUTING.md`. - **No Rate Limiting:** API endpoints lack rate limiting, making them vulnerable to abuse. - **Sensitive Data Exposure:** While datasource credentials are encrypted at rest using AES-256 (via `CREDENTIALS_ENCRYPTION_KEY`), they are accessible to any user of the application (due to lack of auth/auth). File resources uploaded to `public/storage` are directly served and exposed via the MCP protocol, potentially risking sensitive file exposure if not carefully managed. **Positive Security Aspects for POC:** - **Password Encryption:** Datasource passwords are encrypted at rest using a key from environment variables. - **SQL Injection Prevention:** The `QueryGenerationService` explicitly validates that generated SQL queries are `SELECT`-only. The `ToolsService` uses `mysql2/promise` with parameterized queries (`connection.execute(query, values)`) to prevent SQL injection during tool execution. - **Transparent Disclosure:** The project's documentation clearly outlines its security limitations for a POC.
Updated: 2025-11-26GitHub
58
142
Medium Cost
PostHog icon

mcp

by PostHog

Sec8

Provides an AI agent toolkit and server implementation to interact with PostHog analytics data, manage feature flags, create insights, and perform other analytics tasks through natural language queries.

Setup Requirements

  • ⚠️Requires a PostHog Personal API Key for connecting to PostHog data.
  • ⚠️Requires an OpenAI API Key for interactions with OpenAI models (LangChain and AI SDK examples use ChatOpenAI).
  • ⚠️Requires Node.js >=18 for TypeScript development/building and Python >=3.11 for Python examples.
  • ⚠️Deployment of the Cloudflare Worker server (if using the TypeScript implementation) requires a Cloudflare account and Wrangler CLI setup.
  • ⚠️Optional INKEEP_API_KEY environment variable is needed for PostHog documentation search functionality.
Verified SafeView Analysis
The server expects sensitive API keys via Authorization headers or environment variables, which is standard practice. A hardcoded PostHog project API key ('sTMFPsFhdP1Ssg') is used internally for the MCP server's own analytics tracking, not for accessing user-specific data. The `userHash` for caching uses PBKDF2 with a fixed salt ('posthog_mcp_salt'); while not a direct vulnerability, this is less ideal than a unique random salt per user if cache integrity were a primary security boundary. The linter rule `noExplicitAny: 'off'` can subtly hide type-related bugs.
Updated: 2026-01-19GitHub
58
100
High Cost
igrigorik icon

AgentBoard

by igrigorik

Sec6

Integrates AI agents with browser capabilities, enabling interaction with web pages and external Model Context Protocol (MCP) servers through a suite of specialized tools for tasks like content extraction and web automation.

Setup Requirements

  • ⚠️Requires API keys (paid) for OpenAI, Anthropic, or Google AI services to enable default agents.
  • ⚠️User-defined WebMCP scripts are injected directly into the web page's MAIN world, potentially interacting with page JavaScript and DOM. On sites with strict Trusted Types policies, user scripts may not load without explicit user policy creation/acceptance.
  • ⚠️The built-in `get_full_page_context` tool relies on well-structured HTML and JSON-LD for optimal content and metadata extraction. Pages with highly unusual or dynamic DOM structures may yield incomplete or poor results.
Review RequiredView Analysis
The system utilizes dynamic user script injection into the MAIN world of web pages via blob URLs. While efforts are made for sanitization (removing `export`, wrapping in IIFE) and Trusted Types support, direct script injection is an inherent security risk. A malicious user script or a vulnerability in the parsing/injection mechanism could lead to browser context compromise. The `fetch_url` tool can perform CORS-bypassing network requests, optionally including user credentials, which is a powerful capability that could be abused by a malicious LLM prompt or a compromised user script. The `parseMetadataObject` function in `script-parser.ts` and metadata extraction in `src/options/webmcp-scripts.ts` use `new Function()` to parse user-provided metadata, which is a risk if malicious JSON or JavaScript is injected there, though contextually limited. No hardcoded secrets were found. API keys are handled via secure browser storage.
Updated: 2026-01-02GitHub
58
96
High Cost
Sec7

An AI agent system for deep code analysis and reasoning, likely leveraging large language models (LLMs).

Setup Requirements

  • ⚠️Requires Node.js and npm to install dependencies and run.
  • ⚠️Requires a Google Gemini API Key (Paid) for interaction with the Gemini LLM (inferred from test-gemini.js).
  • ⚠️Environment variables must be configured based on the .env.example file to provide necessary API keys and settings.
Verified SafeView Analysis
Relies on external AI APIs (e.g., Gemini) for core functionality, introducing network dependencies. Environment variables are used for sensitive configurations, which is standard practice. Without code content, specific 'eval' or obfuscation checks are not possible.
Updated: 2025-11-18GitHub
58
3
Low Cost
jpinsonneau icon

mcp-shield

by jpinsonneau

Sec3

Provides an OAuth proxy for Model Context Protocol (MCP) servers on OpenShift, handling OAuth 2.0 discovery, client registration, token exchange, and enhancing security with a proxy token system.

Setup Requirements

  • ⚠️Requires deployment on or with network access to an OpenShift cluster for full OAuth integration.
  • ⚠️If integrating with `mcp-gateway`, specific code modifications are required in `mcp-gateway` itself to enable standalone tool forwarding (details provided in `docs/mcp-gateway-changes.md`).
  • ⚠️The `OAUTH_AUTHORIZATION_SERVERS` environment variable is mandatory and must be correctly configured with the public URL where MCP Shield is accessible.
  • ⚠️When deploying with `loki-mcp-server`, the Loki MCP image (`quay.io/jpinsonn/loki-mcp:dev` in examples) might need to be built from source if not available in a public registry.
Review RequiredView Analysis
The server's HTTP client (`internal/handlers/oauth_token.go`) explicitly disables SSL certificate verification (`InsecureSkipVerify: true`) when communicating with the OpenShift OAuth token endpoint. This critically exposes the system to man-in-the-middle attacks, even if intended for environments with self-signed certificates. Additionally, the `INSPECTOR_ORIGIN` environment variable, used for CORS headers, defaults to '*' (allowing all origins) if not explicitly set. While convenient for development, this is a significant security risk in production, potentially exposing sensitive information or allowing unauthorized cross-origin requests.
Updated: 2025-12-01GitHub
58
65
Medium Cost
sonatype icon
Sec7

Connects AI assistants to Sonatype's dependency management and security intelligence platform for real-time insights into open source security, license compliance, and dependency health within the development workflow.

Setup Requirements

  • ⚠️Requires a Sonatype Guide API token for authentication.
  • ⚠️Requires external network access to `https://mcp.guide.sonatype.com/mcp`.
  • ⚠️For IDEs that only support stdio MCP servers (like IntelliJ), `mcp-remote` must be installed globally via npm.
Review RequiredView Analysis
The provided 'source code' consists solely of the `README.md` file. As such, a direct analysis of the server's implementation for security risks like 'eval', obfuscation, or malicious patterns is not possible. The server is described as a remote HTTP service hosted by Sonatype. The setup instructions detail client-side configuration using standard HTTPS and Bearer token authentication. The main security risk for users lies in securing their personal API token, which the README appropriately advises against committing to version control.
Updated: 2026-01-14GitHub
58
3
Medium Cost
lennyzeltser icon

mcp-expertise-toolkit

by lennyzeltser

Sec9

This server turns domain expertise into an AI-accessible knowledge base, delivering structured feedback and guidance to AI assistants for local content analysis.

Setup Requirements

  • ⚠️Requires a Cloudflare account with an R2 bucket configured for expertise YAML files.
  • ⚠️Users must manually create and populate the R2 bucket with their expertise `.yaml` files, replacing `[REPLACE: ...]` placeholders.
  • ⚠️The `toolPrefix` in each expertise YAML file must be unique across all files uploaded to the R2 bucket.
Verified SafeView Analysis
The architecture explicitly prioritizes user privacy, ensuring that user content is analyzed locally by the AI assistant and never sent to this server. Expertise content is loaded from a Cloudflare R2 bucket, which is a secure, managed object storage service. The system uses robust YAML validation with Zod schemas, mitigating risks associated with malformed input. There are no indications of 'eval' usage, code obfuscation, or hardcoded secrets. The server functions primarily as a static content provider (guidelines), reducing dynamic execution risks. Access control is not implemented by default, assuming expertise content is public, but Cloudflare Access could be integrated for private deployments.
Updated: 2026-01-17GitHub
58
119
Medium Cost
kubeflow icon
Sec9

Connect AI agents to Apache Spark History Server for intelligent job analysis and performance monitoring.

Setup Requirements

  • ⚠️Requires an existing Spark History Server running and accessible via network.
  • ⚠️Requires Python 3.12+ for server execution.
  • ⚠️Local testing setup requires Docker for the sample Spark History Server.
Verified SafeView Analysis
The project demonstrates a strong commitment to security with a dedicated `SECURITY.md`, a pre-commit hook to detect hardcoded credentials (`check-config-security.py`), and a configuration system that encourages environment variables for sensitive data. The use of Playwright for HTML rendering introduces a potential attack surface if the target Spark UI is compromised, but this is an inherent risk of browser automation and is generally mitigated by trusting the source (Spark History Server). Boto3 usage for EMR assumes secure AWS credential management in the execution environment. Overall, very good security practices for the technology stack.
Updated: 2026-01-13GitHub
58
3
High Cost
enessari icon
Sec9

The Metabase AI Assistant integrates an AI agent with Metabase to enable AI-powered data exploration, SQL generation, dashboard creation, and Metabase instance management through an MCP client.

Setup Requirements

  • ⚠️Access to Metabase's internal application database credentials (MB_METADATA_*) is required for advanced metadata analytics (Phase 2 & 3 tools).
  • ⚠️Direct database modification tools (e.g., `db_table_create`) may require Metabase username/password authentication rather than just an API key if the API key does not expose the underlying database connection password.
  • ⚠️Requires either an Anthropic API key (`ANTHROPIC_API_KEY`) or an OpenAI API key (`OPENAI_API_KEY`), both of which are paid services and incur usage costs.
Verified SafeView Analysis
The server implements robust security controls for direct database (DDL) operations, including enforced naming prefixes (claude_ai_), explicit approval requirements, dry-run modes, and blacklisting of dangerous SQL commands (e.g., DROP DATABASE, TRUNCATE). The Metabase metadata client is explicitly read-only. Environment variables are used for credentials, preventing hardcoding. A minor theoretical risk exists from `JSON.parse` operations on AI-generated content, though AI models are typically constrained to valid JSON output.
Updated: 2026-01-14GitHub
58
3
Medium Cost
Dav082004 icon
Sec8

Automate project management and issue creation using GitHub Copilot and MCP Server by transforming requirements into actionable GitHub tasks.

Setup Requirements

  • ⚠️Requires GitHub Copilot CLI installation (npm install)
  • ⚠️Requires GitHub account authentication for CLI tools
  • ⚠️Requires configuration of GitHub MCP Server (setup details not provided in source code)
  • ⚠️GitHub Copilot Pro subscription needed for advanced automatic issue resolution (optional)
Verified SafeView Analysis
The provided 'SOURCE CODE' is limited to markdown files (README and project requirements) and does not include the actual server-side code for 'GitHub MCP Server'. Therefore, a direct security audit of the server's implementation is not possible based on the given information. The security score reflects the absence of immediately apparent risks in the provided documentation, assuming standard security practices for GitHub Copilot CLI installation and authentication are followed. The underlying GitHub Copilot CLI and GitHub MCP Server would require their own security audits.
Updated: 2025-11-29GitHub
58
12
Medium Cost
nirholas icon

UCAI

by nirholas

Sec9

Generates Model Context Protocol (MCP) servers from smart contract ABIs, enabling AI agents to interact with blockchain protocols safely and efficiently, incorporating security scanning and contract explanations.

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️For write operations in generated MCP servers, a `PRIVATE_KEY` environment variable must be set (and kept secure).
  • ⚠️For fetching ABIs from Etherscan-family explorers, an `ETHERSCAN_API_KEY` (or network-specific key) environment variable may be required to avoid rate limits.
  • ⚠️Generated MCP servers rely on `web3.py`, requiring RPC access to the target blockchain network.
  • ⚠️Running the generated server requires the `mcp` Python SDK (installed via `requirements.txt`).
Verified SafeView Analysis
The core `abi-to-mcp` CLI and web builder code adheres to good security practices, particularly in handling sensitive information (private keys are loaded from environment variables only, never hardcoded or stored). A key feature is its 'Security Scanner' which analyzes *target smart contracts* for over 50 risk patterns, significantly enhancing the safety for end-users interacting with generated MCP servers. Write operations in generated servers are 'simulation-first' by default, and a read-only mode is available. The main residual risk is the end-user's secure handling of the `PRIVATE_KEY` environment variable when deploying and running generated MCP servers for real write operations.
Updated: 2026-01-19GitHub
58
25
Medium Cost
SimplyLiz icon

CodeMCP

by SimplyLiz

Sec8

Provides deep code intelligence (symbol navigation, impact analysis, architecture maps, ownership, risk assessment) to AI assistants, CLI, and HTTP API.

Setup Requirements

  • ⚠️Requires manual installation of SCIP indexers (e.g., scip-go) for enhanced language analysis, though 'ckb index' provides auto-install guidance.
  • ⚠️Initial setup may require explicitly defining the repository root via CKB_REPO environment variable or --repo flag if running from npx in a non-standard project structure, though a Node.js shim aims to mitigate this.
  • ⚠️Requires Go 1.21+ (if building from source) or Node.js 16+ and Git (if using npm package).
Verified SafeView Analysis
The server exposes HTTP API endpoints, remote federation capabilities, and webhooks, which require careful user configuration for security (e.g., API key management, trusting remote servers). No obvious hardcoded secrets or malicious code patterns were found. The project structure and documentation emphasize security considerations like token authentication.
Updated: 2026-01-19GitHub
PreviousPage 38 of 760Next