Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

58
62
Medium Cost
vintasoftware icon

django-ai-boost

by vintasoftware

Sec9

Provides Model Context Protocol (MCP) tools for AI assistants to introspect and interact with Django project details and runtime information.

Setup Requirements

  • ⚠️Requires Python 3.12+ and Django 4.2+
  • ⚠️A Django project's settings module (e.g., 'myproject.settings') must be specified via DJANGO_SETTINGS_MODULE environment variable or --settings argument.
  • ⚠️For SSE transport in production mode (DEBUG=False), a bearer token (DJANGO_MCP_AUTH_TOKEN env var or --auth-token) is mandatory for security.
Verified SafeView Analysis
The server includes robust authentication mechanisms for SSE transport in production environments (DEBUG=False), requiring a bearer token and explicitly preventing tokens with stdio transport to avoid false security. All exposed tools are designed to be read-only, limiting potential for data modification. Django's ORM is used for database queries, which generally guards against SQL injection, though AI-generated complex filters could still be a concern if not carefully reviewed. No 'eval' or obvious malicious patterns were found in the provided source code.
Updated: 2026-01-09GitHub
57
37
Low Cost
athola icon
Sec9

Manages, validates, analyzes, and synchronizes AI skills and configurations for Claude Code and Codex CLI, also serving them to MCP clients and running subagents.

Setup Requirements

  • ⚠️Requires Anthropic API Key (Paid) for Claude agent execution features.
  • ⚠️Requires OpenAI API Key (Paid) for Codex/OpenAI agent execution features.
  • ⚠️Requires Rust toolchain (1.75+) for building from source (`cargo install`).
Verified SafeView Analysis
The project demonstrates a strong focus on security, with extensive threat modeling documentation, explicit input sanitization to prevent common vulnerabilities (e.g., path traversal, command injection in CLI binary names, GitHub query injection), and the use of environment variables for API keys. It actively audits dependencies using `cargo audit` (evidenced by `audit.toml`). The core server does not execute arbitrary skill code directly; instead, it provides skills to external, trusted AI clients (Claude/Codex), delegating execution risk. HTTP transport supports authentication and TLS. No 'eval' or obvious malicious patterns were found.
Updated: 2026-01-17GitHub
57
529
Medium Cost
Canner icon

wren-engine

by Canner

Sec6

The Wren MCP Server facilitates AI agent integration by providing a Model Context Protocol interface to interact with the Wren Engine for SQL planning and data access.

Setup Requirements

  • ⚠️Requires JDK 21+ for the underlying Java Wren Engine (if used).
  • ⚠️Requires 'uv' Python package manager for environment setup.
  • ⚠️Requires a running Wren Engine (Rust or Java) accessible via `WREN_URL`.
  • ⚠️Relies on environment variables (`WREN_URL`, `CONNECTION_INFO_FILE`, `MDL_PATH`) for configuration, including sensitive database credentials.
Verified SafeView Analysis
The server directly accepts SQL queries from AI agents and forwards them to the Wren Engine (or an external Java engine). While the core Wren Engine (Rust implementation) uses AST-based parsing and rewriting, which is generally more robust against SQL injection than string concatenation, the direct exposure of a SQL input surface remains a significant security concern. The overall security largely depends on the absolute robustness of the Wren Engine's SQL parser and rewriter against all forms of malicious SQL constructs. The Python code itself does not contain obvious hardcoded secrets or arbitrary code execution (`eval`) patterns. Database connection information is loaded from a file, relying on file system security. The `query` tool is explicitly marked with `destructiveHint=True` for AI agents, indicating a potential for data modification or deletion.
Updated: 2026-01-16GitHub
57
37
Medium Cost
athola icon

skrills

by athola

Sec9

A versatile tool to manage, validate, analyze, and synchronize AI skills and agent configurations for Claude Code and Codex CLI, running as an MCP server.

Setup Requirements

  • ⚠️Requires Anthropic or OpenAI API keys (paid services) if using subagent features for API-based LLM interactions (e.g., SKRILLS_CLAUDE_API_KEY, SKRILLS_CODEX_API_KEY).
  • ⚠️Full functionality for CLI-based subagent execution and skill syncing relies on `claude` or `codex` CLI tools being installed and configured locally.
  • ⚠️Installation from source requires a Rust toolchain (>= 1.75).
  • ⚠️For HTTP transport on Linux, users may need to manually enable systemd user lingering or manage the service for persistent operation.
Verified SafeView Analysis
The project demonstrates strong security awareness through a dedicated threat model, comprehensive security documentation, and continuous integration checks (`cargo audit`, `cargo deny`). Explicit mitigations for common vulnerabilities like path traversal and command injection are implemented, alongside input sanitization for CLI binaries. Network transport, when enabled, supports authentication and TLS. API keys for external LLMs are loaded from environment variables, avoiding hardcoding. The core functionality involves executing external CLI tools, which inherently carries a risk if the environment is untrusted, but the project provides robust controls.
Updated: 2026-01-19GitHub
57
143
Low Cost
microsoft icon

mcp-dotnet-samples

by microsoft

Sec9

This MCP server retrieves GitHub Copilot customizations, including instructions, agents, prompts, and collections, from the `awesome-copilot` repository to provide contextual guidance to AI models.

Setup Requirements

  • ⚠️Requires .NET 9 SDK for local execution.
  • ⚠️Requires Docker Desktop for containerized execution.
  • ⚠️Requires Visual Studio Code with C# Dev Kit for local development and MCP integration.
Verified SafeView Analysis
The server's core function is to retrieve markdown and JSON metadata from a public, trusted GitHub repository. It does not contain 'eval', obfuscation, or hardcoded secrets. The 'AllowedHosts: "*"' in appsettings.json is a common development default that should be restricted for production. The primary security consideration would shift to the client (e.g., GitHub Copilot) that consumes and interprets the provided customization content.
Updated: 2026-01-19GitHub
57
164
Medium Cost
joenorton icon

comfyui-mcp-server

by joenorton

Sec9

The server enables AI agents to generate and iteratively refine images, audio, and video using a local ComfyUI instance through the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires a local ComfyUI instance to be installed and running.
  • ⚠️Python 3.8+ is required to run the server.
  • ⚠️The asset registry is ephemeral; generated assets are lost on server restart or after their TTL (24 hours by default).
Verified SafeView Analysis
The server binds to localhost by default and explicitly warns against public exposure without authentication or a reverse proxy. Path traversal attempts for workflow IDs are sanitized and validated. No direct 'eval' or 'exec' found. Asset access is controlled via a registry. The system's security relies on ComfyUI's internal security for asset processing and generation.
Updated: 2026-01-19GitHub
57
384
Low Cost
TheLunarCompany icon

lunar

by TheLunarCompany

Sec3

The Lunar MCP Server acts as an HTTP proxy, designed to intercept, analyze, and manage API traffic within a Python environment, applying policies for caching, throttling, queueing, and collecting data for observability.

Setup Requirements

  • ⚠️Requires a running Redis instance for state management and clustering features.
  • ⚠️Designed to integrate with HAProxy as an SPOE agent for full traffic interception, implying HAProxy is a prerequisite for full functionality.
  • ⚠️The `TENANT_NAME` environment variable is critical and must be set for the server to start.
  • ⚠️If used, the 'CustomScript' processor allows arbitrary JavaScript execution, posing a significant security risk.
Review RequiredView Analysis
The `custom_script_processor.go` explicitly allows users to define and execute arbitrary JavaScript code via the `script_text` parameter using the Goja JavaScript runtime. This feature, without robust sandboxing or strict input validation, presents a significant security risk, as malicious scripts could potentially compromise the server or access sensitive data. While other components appear to be robust Go implementations, this particular processor introduces a critical vulnerability if not handled with extreme caution.
Updated: 2026-01-19GitHub
57
111
High Cost
kapilduraphe icon

mcp-watch

by kapilduraphe

Sec9

A comprehensive security scanner for Model Context Protocol (MCP) servers, detecting various vulnerabilities in their implementations.

Setup Requirements

  • ⚠️Requires Git command-line tool for scanning remote GitHub repositories.
  • ⚠️Requires Node.js (>=16.0.0) and npm installed if not using Docker.
Verified SafeView Analysis
The scanner uses `git clone` to fetch external repositories into a temporary directory. While `spawnSync` with an array of arguments for `git clone` reduces direct shell injection risks into the Git command itself, there's always an inherent, albeit low, risk when executing code from untrusted sources, even in a sandboxed environment. The tool is designed to *detect* dangerous patterns like command injection within the scanned code, not *introduce* them into its own operation. Evidence sanitization is implemented to prevent credential leakage in reports.
Updated: 2025-12-14GitHub
57
32
Medium Cost
d-kimuson icon

modular-mcp

by d-kimuson

Sec9

A proxy server that efficiently manages and loads large tool collections from multiple Model Context Protocol (MCP) servers on-demand for LLMs, reducing context overhead.

Setup Requirements

  • ⚠️Requires Node.js version >=22.0.0.
  • ⚠️Environment variables (e.g., API keys) must be set prior to running if used in the configuration file.
  • ⚠️Experimental built-in OAuth support might require browser interaction for the initial setup, with a `mcp-remote` fallback recommended for robustness.
Verified SafeView Analysis
The server uses Zod for robust configuration validation and environment variable interpolation (`${VAR}` syntax only), with graceful fallback for undefined variables. OAuth tokens and client information are stored locally in the user's home directory. The use of `execSync` for locating `npx` and for the `mcp-remote` fallback is controlled. Built-in OAuth support is marked as experimental, but a fallback to `mcp-remote` provides a robust alternative.
Updated: 2025-11-21GitHub
57
70
Low Cost
huweihua123 icon

stock-mcp

by huweihua123

Sec8

Provides AI Agents with professional-grade stock market analysis capabilities by bridging large language models with real-time financial data.

Setup Requirements

  • ⚠️Requires Python 3.10+ and a running Redis server for caching.
  • ⚠️Optional (but highly recommended) API keys for premium data sources (Tushare, Finnhub) and web search (Tavily, Google) are needed for full functionality.
  • ⚠️MinIO server is required for caching and processing SEC filings, needing specific environment variables configured.
Verified SafeView Analysis
The project follows good security practices by loading API keys and sensitive configurations from environment variables. Input validation is in place via Pydantic models. However, it relies heavily on numerous third-party APIs (financial data, web search) which introduces external trust dependencies. Default MinIO/Redis credentials are for development and should be secured in production. The `edgartools` library used for SEC filings shares an identity (email) with the SEC, which is a privacy consideration.
Updated: 2026-01-18GitHub
57
194
Medium Cost
nickgnd icon

tmux-mcp

by nickgnd

Sec4

Enables AI assistants (like Claude Desktop) to interact with, control, and observe tmux terminal sessions by providing tools for session management and command execution.

Setup Requirements

  • ⚠️Requires Node.js installed and available in the environment.
  • ⚠️Requires tmux installed and running on the host system.
Review RequiredView Analysis
The server's core functionality involves executing arbitrary commands within tmux panes, as explicitly warned in the README ('use it at your own risk ⚠️'). While the `paneId` argument to `tmux send-keys` is escaped to prevent simple single-quote injection (e.g., `paneId.replace(/'/g, "'\\''")`), the `command` string itself, when passed to `tmux send-keys ... Enter`, is the arbitrary command an AI is expected to execute. This means if the controlling AI is compromised or misconfigured, it could issue malicious commands that are then executed directly on the host system within a tmux pane. The `rawMode` and `noEnter` options further complicate monitoring as they disable command status tracking. No hardcoded secrets, obfuscation, or direct network listening (it uses standard I/O for communication) are observed, but the inherent capability to execute arbitrary shell commands poses a significant security risk if not used with extreme caution and trust in the AI's prompts.
Updated: 2026-01-07GitHub
57
175
Medium Cost
mixelpixx icon
Sec7

This MCP server enhances Google search with AI-powered research synthesis, content extraction, source quality assessment, and deduplication, designed to be used by large language models (LLMs) like Claude.

Setup Requirements

  • ⚠️Node.js 18+ required
  • ⚠️Google Custom Search API Key required (Paid API)
  • ⚠️Google Custom Search Engine ID required
Verified SafeView Analysis
The use of `eval` for dynamic imports, while seemingly controlled for a specific SDK, is generally a security concern. The content extraction service fetches content from arbitrary URLs, which could pose a risk if the server were exposed directly to untrusted input (e.g., SSRF vulnerability if not behind an LLM context). Hardcoded secrets are avoided, with API keys properly sourced from environment variables. Prompt injection concerns are shifted to the LLM layer rather than the tool itself, due to its MCP design.
Updated: 2025-12-03GitHub
PreviousPage 39 of 760Next