Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(6642)

100
24949
Medium Cost
github icon
Sec9

Connects AI tools (agents, assistants, chatbots) directly to GitHub's platform, enabling natural language interactions for repository management, issue/PR automation, code analysis, and workflow automation.

Setup Requirements

  • ⚠️GitHub Personal Access Token (PAT) required for authentication
  • ⚠️Docker required for containerized deployment (recommended method)
  • ⚠️Requires a compatible MCP host application (e.g., VS Code, Claude, Cursor) to interact with the server
Verified SafeView Analysis
The project explicitly addresses secure handling of GitHub Personal Access Tokens (PATs), recommending environment variables and `.env` files to avoid hardcoding or committing tokens. It uses standard Go libraries and does not show signs of 'eval' or obfuscation. Network communication is expected to be with the GitHub API via HTTPS. Overall, it follows good security practices for handling secrets, placing the responsibility on the user to manage their PAT securely.
Updated: 2025-12-05GitHub
100
19478
Medium Cost
1Panel-dev icon

MaxKB

by 1Panel-dev

Sec6

An enterprise-grade intelligent agent platform for building knowledge bases, RAG, complex workflows, and AI agents, targeting intelligent customer service and office assistants.

Setup Requirements

  • ⚠️Requires Docker for easy deployment, or manual setup of Python environment, PostgreSQL, and Redis.
  • ⚠️Requires configuration of Large Language Models (LLMs) from various providers (e.g., OpenAI, Anthropic, Tencent, etc.) or local models, which may involve obtaining API keys or setting up local inference servers.
  • ⚠️Default administrator password 'MaxKB@123..' is set upon initial setup and should be changed immediately.
Verified SafeView Analysis
The server includes dynamic Python code execution capabilities (e.g., `ToolExecutor.exec_code`) for AI tools, which is inherently high-risk, though attempts are made to sandbox execution (`sandbox.c`). Extensive file processing is present, which could be a vector for vulnerabilities if not meticulously secured. Credential management involves RSA encryption, which is a good practice. URL validation (`is_private_ip`) is implemented to prevent SSRF in file handling. Potential for SQL injection exists if raw SQL queries, especially through custom compilers, are not perfectly parameterized, although Django ORM is generally robust. Overall, security is actively considered, but the nature of dynamic execution and file processing requires continuous vigilance.
Updated: 2025-12-05GitHub
100
3050
Low Cost
wong2 icon
Sec10

A central directory for discovering and referencing various Model Context Protocol (MCP) servers, clients, and frameworks for AI agents.

Verified SafeView Analysis
The provided "source code" is a static README.md file. It contains no executable code, network interactions, or hardcoded secrets. Therefore, it presents no inherent security risks. Any potential risks would stem from interacting with the external links or projects referenced within the README, which are beyond the scope of this source code analysis.
Updated: 2025-11-23GitHub
100
10098
High Cost
0xJacky icon

nginx-ui

by 0xJacky

Sec4

Nginx Log Analysis and Management UI with AI Assistant features for configuration, monitoring, and debugging across clustered Nginx instances.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid) for AI chat and code completion features.
  • ⚠️Requires Nginx installation and configuration, with accessible log and config paths.
  • ⚠️Requires downloading a GeoLite2 database for geo-IP log analytics (needs internet access).
  • ⚠️Best deployed via Docker Compose for a complete setup.
Review RequiredView Analysis
CRITICAL VULNERABILITY: The application uses MD5 to hash a secret key which is then used to derive the AES key for encrypting sensitive data like OTP secrets. MD5 is cryptographically broken and should never be used for key derivation, making encrypted data highly vulnerable. Additional Concerns: - While path validation is implemented for file operations (config, logs, certs), the robustness of `helper.CopyFile` in `api/streams/duplicate.go` and the `internal/backup.Restore` function is critical. Without a deeper dive, there's a potential risk of path traversal or arbitrary file overwrites during these sensitive operations. - Remote node synchronization relies on secure token management. Compromise of these tokens would allow control over remote Nginx instances. - LLM integration introduces inherent prompt injection risks, although system prompts are used to guide the AI.
Updated: 2025-12-06GitHub
100
2264
Low Cost
microsoft icon

mcp

by microsoft

Sec8

Provides AI agents with local-first Model Context Protocol (MCP) integration and tooling for Azure, offering access to Azure API specifications, resource definitions, and best practices in Visual Studio Code and other compatible clients.

Setup Requirements

  • ⚠️Requires Node.js (Latest LTS version, e.g., Node 20+) for `npx` installation.
  • ⚠️Manual configuration in `mcp.json` or equivalent requires precise pathing and argument syntax (e.g., `--project` for dotnet run).
  • ⚠️Development builds and VSIX packaging use PowerShell scripts (`.ps1`).
  • ⚠️The server functions as a backend for AI agents/IDEs; direct user interaction is limited to CLI commands for diagnostics.
Verified SafeView Analysis
The server emphasizes 'local-first security' and primarily uses standard I/O (stdio) for communication when integrated with clients like VS Code, reducing direct network exposure. Telemetry collection is explicitly tied to VS Code's user settings, allowing users to opt-out. However, the installation via `npx` relies on trusting external npm packages. Additionally, a debug profile (`debug-remotemcp`) shows the capability to run with HTTP transport and outgoing authentication, implying that the server (or tools it exposes) can make external network calls to Azure APIs if configured this way. Hardcoded `aiKey` values in `package.json` appear to be placeholders, not active secrets.
Updated: 2025-12-06GitHub
100
1607
Medium Cost
samanhappy icon

mcphub

by samanhappy

Sec8

A hub for managing, orchestrating, and providing a unified API for various Model Context Protocol (MCP) servers and their tools, including user management, OAuth services, and discovery of external servers.

Setup Requirements

  • ⚠️Requires Node.js (>=20.0.0).
  • ⚠️Smart Routing feature requires an OpenAI API Key (paid service) and a PostgreSQL database with `pgvector` extension if enabled.
  • ⚠️Cloud Market feature requires a MCPROUTER_API_KEY for API access.
  • ⚠️Running in database mode (`DB_URL` environment variable set) requires a PostgreSQL database with `pgvector` extension.
Verified SafeView Analysis
The system includes user authentication and role-based access control, with password hashing for user credentials. It leverages `@node-oauth/oauth2-server` for robust OAuth 2.0 implementation. Environment variables (like API keys) are typically loaded from `process.env` or `mcp_settings.json` and warned if not set in production. The `StdioClientTransport` allows administrators to configure and execute arbitrary commands, which is a core feature for managing external MCP servers; this capability is restricted to authenticated users with write permissions, implying trust in administrators not to inject malicious commands. No direct `eval` or blatant unauthenticated Remote Code Execution (RCE) vectors were identified. File uploads for DXT archives are handled with `AdmZip.extractAllTo` to a temporary, generated directory, reducing path traversal risks.
Updated: 2025-12-06GitHub
100
2925
Low Cost
cameroncooke icon

XcodeBuildMCP

by cameroncooke

Sec7

A Model Context Protocol (MCP) server that provides Xcode-related tools for AI assistants, enabling programmatic interaction with Xcode projects, simulators, devices, and Swift packages.

Setup Requirements

  • ⚠️Requires macOS, Node.js (>=18.x), and Xcode 16 to be installed locally.
  • ⚠️Requires an MCP-compatible AI client (e.g., OpenAI Codex CLI, Claude Code CLI, Smithery) for interaction.
  • ⚠️Dynamic tool discovery (`discover_tools`) uses an LLM, implying a connected LLM provider and potential associated API costs for the client.
  • ⚠️Code signing setup is required for deploying apps to physical iOS/iPadOS/visionOS devices.
Verified SafeView Analysis
The server uses `child_process.spawn` and `execSync` for system commands, which is expected for a developer tool. Many calls explicitly use `shell: true` which, while safe for fixed commands, could be a vector for shell injection if user-provided strings are not properly sanitized. Specifically, `stop_mac_app` uses `pkill -f "${params.appName}" || osascript -e 'tell application "${params.appName}" to quit'` with `sh -c`. If `appName` (a Zod `z.string()`) is provided by a malicious MCP client without further shell-specific sanitization, it could lead to arbitrary command execution. Project scaffolding downloads templates from GitHub, introducing a supply chain risk if the template repo is compromised. Sentry integration is present for error reporting, which sends environment information to a third-party (opt-out is available).
Updated: 2025-12-01GitHub
100
2565
Medium Cost
kreuzberg-dev icon

kreuzberg

by kreuzberg-dev

Sec7

High-performance document intelligence platform for extracting text, metadata, and structured information (tables, images, chunks) from over 50 diverse document formats (PDFs, Office, images, HTML, etc.). It offers advanced OCR capabilities, multilingual support, and features like chunking, embeddings, and keyword extraction. Functionality is exposed via multiple language bindings and a Micro-service Communication Protocol (MCP) server for flexible integration.

Setup Requirements

  • ⚠️Native Binary Dependency: All language bindings and the CLI depend on a compiled Rust FFI library. Users might need to build it with a Rust toolchain or ensure pre-compiled binaries are available for their specific platform.
  • ⚠️External Tool Dependencies (Conditional): Full functionality for certain document types or advanced features requires external system-level tools. This includes Tesseract OCR (with language packs), LibreOffice (for older .doc, .ppt, .xls formats), and Pandoc (for various text-based formats like Markdown, LaTeX).
  • ⚠️Language Runtime Setup: Requires a compatible runtime environment (e.g., Python 3.8+, Node.js 18+, Ruby, Go, .NET) depending on the chosen client library or execution method.
Verified SafeView Analysis
The core library is implemented in Rust, providing strong memory safety. However, the system integrates with multiple language bindings and invokes external command-line tools (e.g., Tesseract, LibreOffice, Pandoc) for specific functionalities, which expands the attack surface. The MCP server handles file content (via paths or base64 encoded data) and configuration inputs. While input validation (e.g., path traversal checks in `_validate_file_path`) and resource management (e.g., `max_concurrent_extractions`) are in place, direct file access based on user input always carries inherent risks. Thorough sandboxing and strict input sanitization are crucial for deployments exposed to untrusted data. No obvious hardcoded secrets were identified in the truncated source code.
Updated: 2025-12-06GitHub
100
4419
High Cost
mrexodia icon

ida-pro-mcp

by mrexodia

Sec3

An AI-powered reverse engineering assistant that integrates IDA Pro with Model Context Protocol clients for enhanced analysis.

Setup Requirements

  • ⚠️Requires Python 3.11 or higher.
  • ⚠️Requires IDA Pro 8.3 or higher (9 recommended); IDA Free is not supported.
  • ⚠️Requires IDA Pro GUI to be running (unless using `idalib-mcp` for headless mode).
  • ⚠️Debugger operations require the `--unsafe` flag due to inherent risks.
Review RequiredView Analysis
The `py_eval` tool, marked as `@unsafe`, allows arbitrary Python code execution within the IDA Pro context. While explicitly flagged as unsafe, exposing such a powerful capability to an external client (LLM, potentially compromised) introduces significant risk. An attacker or a malfunctioning LLM could execute malicious code, interact with the file system, or manipulate IDA's state. Although default network configuration binds to localhost and includes CORS protections, the presence of this tool necessitates extreme caution, especially if `--unsafe` is enabled.
Updated: 2025-11-28GitHub
100
1720
Medium Cost
metatool-ai icon

metamcp

by metatool-ai

Sec8

Dynamically aggregates multiple MCP servers into a unified MetaMCP server, applies middleware, and exposes them through configurable API endpoints.

Setup Requirements

  • ⚠️Docker and Docker Compose are highly recommended for local development and production deployment.
  • ⚠️A PostgreSQL database is required for persistent storage of configurations and user data.
  • ⚠️Critical environment variables (e.g., `BETTER_AUTH_SECRET`, `POSTGRES_PASSWORD`) must be changed from their default values in production environments for security.
  • ⚠️If integrating custom MCP servers with additional dependencies, a custom Dockerfile will be necessary to install these dependencies and mitigate cold start issues.
  • ⚠️The frontend development container setup requires a reliable network connection for initial dependency installation and image building.
Verified SafeView Analysis
The project uses `helmet` and explicit CORS policies for different routers. OAuth 2.1 with PKCE is implemented following modern security recommendations for token generation, redirect URI validation, and secret handling. Rate limiting is present for OAuth endpoints, though it's in-memory and less robust for distributed deployments. Default secrets (`BETTER_AUTH_SECRET`, `POSTGRES_PASSWORD`) are hardcoded in `docker-compose.dev.yml` and `example.env` for convenience, but clearly marked for production changes. Public endpoints use `cors({ origin: true })` but rely on API key or OAuth for authorization. Overall, strong security practices are applied for its architectural pattern.
Updated: 2025-11-24GitHub
100
3277
Medium Cost
antvis icon
Sec8

Generates various data visualization charts (including common charts and maps) using the AntV engine, facilitating data analysis and presentation through a Model Context Protocol server.

Setup Requirements

  • ⚠️Relies on an external AntV chart generation service (`VIS_REQUEST_SERVER`) for rendering charts; charts are not generated locally by this server.
  • ⚠️Geographic visualization tools (`generate_district_map`, `generate_path_map`, `generate_pin_map`) are limited to map generation within China due to AMap service integration.
  • ⚠️Requires Node.js to run directly via `npx` or `node`.
Verified SafeView Analysis
No direct 'eval' or code obfuscation found. The server relies on an external AntV chart generation service (`VIS_REQUEST_SERVER`) for rendering, which implies trust in that external service. The `streamable` HTTP transport uses `cors` with `origin: '*'`, which is a broad policy that allows cross-origin requests from any domain. If publicly exposed, this endpoint should be protected with additional authentication/authorization layers.
Updated: 2025-12-05GitHub
100
2801
Low Cost
punkpeye icon

fastmcp

by punkpeye

Sec9

Build Model Context Protocol (MCP) servers in TypeScript with features like session management, authentication (including OAuth), streaming, and type-safe tool/resource/prompt definitions.

Setup Requirements

  • ⚠️Optional JWKS (JSON Web Key Set) verification requires manual installation of the `jose` peer dependency (`npm install jose`).
  • ⚠️OAuth authentication requires pre-configuration with an upstream provider (e.g., Google, GitHub, Azure) and setting corresponding environment variables (e.g., `GOOGLE_CLIENT_ID`, `GOOGLE_CLIENT_SECRET`).
  • ⚠️For OAuth functionality, the `baseUrl` of the FastMCP server and the `redirectPath` (`/oauth/callback` by default) must be correctly configured in your upstream OAuth provider's settings.
Verified SafeView Analysis
The framework demonstrates strong security practices, especially around OAuth flows, token storage (encryption and token swap by default), and PKCE implementation. Sensitive keys are expected to be provided via environment variables, not hardcoded. The `authenticate` function, `imageContent` and `audioContent` helpers allow custom logic or fetching from external/local paths; developers using the framework must ensure proper input sanitization and validation for user-controlled inputs to prevent risks like SSRF or path traversal. The optional 'jose' dependency for JWKS verification is a well-regarded cryptographic library.
Updated: 2025-12-05GitHub
PreviousPage 4 of 554Next