Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(7756)

56
169
Low Cost
quarkiverse icon

quarkus-mcp-server

by quarkiverse

Sec8

This project demonstrates a secure Model Context Protocol (MCP) Server-Sent Events (SSE) server built with Quarkus, showcasing integration with Keycloak and GitHub for authentication, and implementing various MCP features like tools, prompts, and resources.

Setup Requirements

  • ⚠️Requires manual registration of a GitHub OAuth2 application and providing the client ID/secret in `application.properties` for production mode.
  • ⚠️Potential Keycloak Dev Services startup issues on some macOS systems may require adding `quarkus.keycloak.devservices.java-opts=-XX:UseSVE=0` to configuration.
  • ⚠️GitHub OAuth2 configuration may require `prod.quarkus.oidc.login.credentials.client-secret.method=post` if a 401 error occurs after login.
Verified SafeView Analysis
The server uses standard security practices with OpenID Connect (OIDC) and OAuth2 for authentication via Keycloak/GitHub. There are no obvious hardcoded production secrets in the provided code; client IDs and secrets are expected to be provided externally via configuration. No `eval` or obfuscation patterns were found. The 'dev mode' uses default Keycloak credentials (alice/alice) which are explicitly for development and not for production. Overall security depends heavily on correct deployment and secure configuration of external identity providers.
Updated: 2025-12-10GitHub
56
79
Medium Cost

AgentUp

by lukehinds

Sec9

A developer-first framework for building, deploying, and managing secure, scalable, and configurable AI agents, supporting various agent types (reactive, iterative) and the Model-Context Protocol (MCP) for seamless interactions.

Setup Requirements

  • ⚠️Requires an external AI provider API key (e.g., OpenAI, Claude, etc.), which may incur costs.
Verified SafeView Analysis
The framework is built with a strong emphasis on security, featuring fine-grained access control, OAuth2, JWT, and API key authentication. It utilizes modern development practices like static analysis (`.bandit`, `.pre-commit-config.yaml`) and CI/CD for quality assurance. While the framework itself is designed to be secure, the overall security of agents built with it will also depend on the external AI providers used, configured plugins, and specific agent implementations.
Updated: 2025-11-17GitHub
56
37
Medium Cost
krokozyab icon

Agent-Fusion

by krokozyab

Sec3

Facilitates AI coding assistants by providing intelligent local RAG for code and documents, and optionally coordinates multiple AI agents for complex tasks.

Setup Requirements

  • ⚠️Requires Java Runtime Environment (JRE 17+ recommended).
  • ⚠️Requires external AI coding assistants (e.g., Claude Code CLI, OpenAI Codex CLI) to connect via MCP. It does not include the LLM models itself.
  • ⚠️Optional manual setup for larger/custom embedding models (download ONNX file, configure path).
  • ⚠️Web dashboard listens on 0.0.0.0 by default, exposing it to the network without authentication.
Review RequiredView Analysis
The server's web dashboard (default 0.0.0.0:8081) and MCP server (default 127.0.0.1:3000, configurable) lack explicit authentication and authorization. This makes them vulnerable to unauthorized access and arbitrary tool execution by any network-reachable client. Deserialization of potentially malicious content from proposals or snapshots, and path traversal vulnerabilities via file system operations, are potential risks. The absence of built-in access control is a critical security flaw for multi-user or networked deployments beyond a strictly isolated local development environment.
Updated: 2025-11-24GitHub
56
9
Low Cost
uarlouski icon

ssh-mcp-server

by uarlouski

Sec8

Provides AI assistants with secure SSH capabilities for remote command execution, SFTP file transfers, port forwarding, and templated command execution on pre-configured servers.

Setup Requirements

  • ⚠️Requires Node.js 18.0.0 or higher.
  • ⚠️Requires SSH private keys to be configured for target remote servers.
  • ⚠️Mandatory `ssh-mcp-config.json` configuration file with server details and security controls. An empty `allowedCommands` list in this file will disable command validation, allowing any command execution.
Verified SafeView Analysis
The server implements strong security features such as command allowlisting, server host allowlisting, and SSH key-based authentication. The `CommandParser` effectively identifies base commands within complex shell strings (including pipes, chaining, and substitutions) for robust allowlist validation. It explicitly lacks obfuscation and does not appear to have hardcoded secrets. The primary security concern lies with configuration: if the `allowedCommands` list in the configuration file is empty or omitted, the server will permit *all* commands, including potentially dangerous ones, turning a security feature into a significant vulnerability by misconfiguration. Port forwarding is initiated from the local machine (running the AI client) to the remote server, which is generally safe, but granting the AI SSH access to an internal remote network via a tunnel carries inherent risks that must be managed through careful configuration and trust boundaries.
Updated: 2025-12-12GitHub
55
71
Medium Cost
timescale icon

tiger-cli

by timescale

Sec8

Provides a Model Context Protocol (MCP) server for AI assistants to manage and query Tiger Cloud database services programmatically.

Setup Requirements

  • ⚠️Requires `tiger auth login` to authenticate with Tiger Cloud.
  • ⚠️Requires `psql` client installed for `tiger db connect` functionality.
  • ⚠️Go 1.25+ is a required dependency for development and building from source.
  • ⚠️Integration tests require valid Tiger Cloud API keys (`TIGER_PUBLIC_KEY_INTEGRATION`, `TIGER_SECRET_KEY_INTEGRATION`) and will create/delete billable resources.
Verified SafeView Analysis
The CLI and MCP server implement robust security practices for credential handling, including secure storage in system keyrings or with restricted file permissions (0600) and explicit options to disable password saving. It uses PostgreSQL's standard PGPASSWORD environment variable for database connection, which is visible to process debugging tools but is a recommended practice. The internal code review identified a "Needs Review" high-severity issue regarding insufficient input validation for user-provided psql arguments, which could lead to command injection in the psql client process. However, the impact is mitigated as the CLI runs with user privileges, meaning a user capable of injecting commands could also execute them directly. SQL query execution via `db_execute_query` properly uses parameterized queries to prevent SQL injection for parameters, while allowing multi-statement queries without parameters. Overall, the system has a strong security foundation for credential management and API interaction.
Updated: 2025-12-13GitHub
55
113
High Cost
browserstack icon

mcp-server

by browserstack

Sec8

The BrowserStack MCP server enables AI tools and IDEs to manage test cases, execute manual or automated tests on real devices and browsers, debug issues, perform root cause analysis, and implement visual testing and accessibility scans, all through natural language prompts.

Setup Requirements

  • ⚠️Requires Node.js version >= 18.0
  • ⚠️Requires BROWSERSTACK_USERNAME and BROWSERSTACK_ACCESS_KEY environment variables to be set for authentication with BrowserStack APIs.
  • ⚠️For local testing (e.g., local URLs in Live or Accessibility scans), the BrowserStack Local binary must be correctly configured and running, or the server must be permitted to manage its lifecycle.
Verified SafeView Analysis
The server demonstrates good security practices such as sanitizing URL parameters to prevent command injection (`sanitizeUrlParam`), validating URLs and payload sizes in network requests (`apiClient.validateUrl`), and sourcing credentials from environment variables rather than hardcoding. It uses `execSync` and `childProcess.spawn` for system commands (`pgrep`, `taskkill`, `open`, `start`, `xdg-open`) and `browserstack-local` binary management, where arguments are generally fixed or carefully constructed, reducing direct shell injection risk. File system access for listing test files (`listTestFiles`) is an expected feature for a development tool but could potentially expose local file paths if the base directory input is not adequately constrained by the invoking client. The `rejectUnauthorized: false` for custom CA certificates in `apiClient` is a configuration-dependent risk. Overall, while interacting with the local system and external APIs, the implementation shows a conscious effort towards security.
Updated: 2025-12-11GitHub
55
127
Medium Cost
pydantic icon

logfire-mcp

by pydantic

Sec7

Enables LLMs to retrieve and analyze application telemetry data (OpenTelemetry traces and metrics) from Pydantic Logfire using SQL queries.

Setup Requirements

  • ⚠️Requires a Pydantic Logfire read token, which must be created in the Logfire UI for the specific project.
  • ⚠️Requires `uv` (a Python package installer and runner) to be installed.
  • ⚠️The `arbitrary_query` tool allows arbitrary SQL execution, requiring careful LLM prompting and sandboxing to prevent unintended or malicious queries.
Verified SafeView Analysis
The server provides an `arbitrary_query` tool that directly executes SQL, which is powerful and could be misused if an LLM client is not properly constrained. The `find_exceptions_in_file` tool uses f-strings for SQL query construction, which can be a SQL injection risk if `filepath` were to contain untrusted input.
Updated: 2025-11-26GitHub
55
1
Medium Cost
lipeiying24-sys icon

OpenWebIDE

by lipeiying24-sys

Sec8

An AI-powered serverless cloud IDE that facilitates code development and interaction with GitHub repositories using AI agents.

Setup Requirements

  • ⚠️Requires a Cloudflare account for deployment.
  • ⚠️Requires a Google Gemini API Key or an OpenAI-compatible API Key (usage may incur costs).
  • ⚠️Requires a GitHub Personal Access Token (PAT) with 'repo', 'workflow', and 'read:org' scopes.
Verified SafeView Analysis
The Cloudflare Worker backend uses environment variables for AI API keys, which is good practice. The GitHub Personal Access Token (PAT) is handled as an Authorization header, which is standard. The system does not use 'eval' or similar dangerous functions. CORS is set to `*`, which broadly allows requests from any origin; while not ideal for all APIs, it's a common pattern for public Cloudflare Workers and relies on the GitHub PAT for authorization rather than origin restriction. The AI's generated tool arguments are directly passed to Octokit, relying on the defined input schemas and Octokit's own validation, meaning prompt engineering plays a crucial role in preventing unintended actions.
Updated: 2025-12-14GitHub
55
1
High Cost
larpig icon

mcp-rag-agent

by larpig

Sec8

A RAG-based chatbot that provides grounded answers to company policy questions by performing semantic search on an internal document corpus stored in a vector database.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid)
  • ⚠️Requires MongoDB Atlas account with Vector Search support (Paid)
  • ⚠️For 'mcp dev' UI, Node.js is required
Verified SafeView Analysis
The project uses standard practices for handling API keys (environment variables via .env files). The MCP server communicates via stdio, implying local inter-process communication rather than exposing network ports publicly by default, which is generally more secure. No explicit 'eval' or other direct code injection vulnerabilities were found. Potential for prompt injection exists, which is inherent to LLM applications.
Updated: 2025-11-30GitHub
55
1
High Cost

ai-trading-mcp-server

by FajarArrizki

Sec7

AI-powered cryptocurrency trading assistant for real-time market analysis, signal generation, and trade execution.

Setup Requirements

  • ⚠️Requires API Key for AI Provider (e.g., OpenRouter), which is a paid service.
  • ⚠️Requires Hyperliquid Wallet API Key and Account Address for live trading (sensitive credentials).
  • ⚠️Requires Node.js 20+ and pnpm for local development and execution.
Verified SafeView Analysis
The project uses Zod for input validation and explicitly warns about production hardening (HTTPS, authentication, rate limiting) for the streaming server. Private keys are expected via environment variables or tool parameters, which is generally good practice. However, there are hardcoded default API keys (e.g., OpenRouter, CoinMarketCap in a test script) which reduce the security score. The nature of financial trading inherently carries high risk if not deployed and managed securely, especially with explicit warnings for 'Local Development Only' without further hardening for production.
Updated: 2025-11-25GitHub
55
22
Low Cost
roddutra icon
Sec8

An MCP gateway that aggregates multiple downstream MCP servers, providing policy-based access control and on-demand tool discovery to optimize context window usage for agents and subagents.

Setup Requirements

  • ⚠️Requires Python 3.12+.
  • ⚠️For macOS GUI applications (e.g., Claude Desktop), environment variables referenced in .mcp.json (e.g., ${API_KEY}) must be explicitly set in the gateway's env object in the MCP client configuration, not just the shell environment.
  • ⚠️For production access control, the .mcp-gateway-rules.json file should be stored outside the project directory (e.g., ~/.claude/mcp-gateway-rules.json) to prevent agents from reading or modifying permissions.
  • ⚠️OAuth with pre-registered applications (e.g., GitHub's direct OAuth flow) is not supported; GitHub MCP requires a Personal Access Token (PAT) via a 'headers' configuration.
Verified SafeView Analysis
The project demonstrates strong security awareness through its 'deny-before-allow' policy, environment variable substitution for secrets, and explicit gating of diagnostic tools behind a debug flag. Critical guidance is provided for storing sensitive access control rules outside the project directory to prevent agent inspection or modification, and OAuth token storage is documented with security recommendations. The main security risks stem from potential misconfiguration of the rules file location or lax permissions on token caches, which are explicitly addressed in the documentation.
Updated: 2025-12-02GitHub
55
1
Low Cost

MCP-server-

by ADVTECH-dev876

Sec5

A Python-based server application handling user authentication, data storage, and potentially managing models or file uploads.

Setup Requirements

  • ⚠️Requires a Python 3.x environment.
  • ⚠️Install dependencies using `pip install -r req.txt`.
  • ⚠️Configuration setup likely required in `config.py` or via environment variables.
Review RequiredView Analysis
Cannot perform a detailed security audit without access to source code. Potential risks like 'eval' or unhandled network vulnerabilities cannot be assessed. The score is speculative due to lack of information.
Updated: 2025-11-18GitHub
PreviousPage 39 of 647Next