Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

56
118
Low Cost
paiml icon
Sec8

Provides a high-performance Model Context Protocol (MCP) server that acts as a toolkit for AI agents, offering a comprehensive suite of tools for code analysis, refactoring, quality gates, technical debt grading, and project context generation to enable automated fixes and quality-driven development.

Setup Requirements

  • ⚠️Requires Rust toolchain (rustup, cargo, clippy) to be installed on the host system.
  • ⚠️Relies on the 'git' command-line tool for code churn and context analysis capabilities.
  • ⚠️The primary interface is via the Model Context Protocol (MCP), necessitating a compatible client for interaction.
  • ⚠️Distributed consensus (async_raft) functionality is currently commented out, indicating it's not yet designed for distributed fault tolerance.
  • ⚠️Some advanced features might require specific external dependencies or API keys (e.g., 'libsql' for TDG storage persistence, 'OPENAI_API_KEY' for certain semantic search/embedding features).
  • ⚠️The `installer.sh` script is designed for Unix-like systems (Linux, macOS) and is not compatible with Windows.
Verified SafeView Analysis
The server leverages Rust's type safety and `PathBuf` for file operations, reducing direct shell injection risks. External commands like `cargo clippy` and `git` are invoked with explicit arguments and working directories. `installer.sh` uses `sha256sum` for integrity verification. Potential indirect risks include exploitation if analyzing a malicious project (e.g., via `.cargo/config.toml` in `cargo clippy` context) or fetching untrusted code via `git_clone`. No hardcoded secrets are visible in the provided code snippets. Overall, good practices are followed, but reliance on external tool invocation always carries inherent contextual risks.
Updated: 2026-01-15GitHub
56
438
High Cost
kimtaeyoon83 icon
Sec9

Provides a Model Context Protocol server to retrieve YouTube video transcripts, including language fallback, timestamps, and ad filtering.

Setup Requirements

  • ⚠️Requires Node.js 18 or higher.
Verified SafeView Analysis
The server's source code does not contain direct usage of 'eval' or obvious obfuscation techniques. It makes legitimate HTTPS requests to www.youtube.com to fetch video data and transcripts. Input parameters such as 'url' and 'lang' are validated, and network requests include timeouts (30 seconds). No hardcoded sensitive credentials or API keys were observed that are required for the server's operation. The 'OPENAI_API_KEY' mentioned in evals is for testing purposes, not for the server itself.
Updated: 2025-12-24GitHub
56
112
Low Cost
smart-mcp-proxy icon

mcpproxy-go

by smart-mcp-proxy

Sec9

MCPProxy super-charges AI agents with intelligent tool discovery, massive token savings, and built-in security quarantine against malicious Model Context Protocol (MCP) servers.

Setup Requirements

  • ⚠️Docker Desktop is required for Docker Security Isolation features if using stdio servers with isolation enabled.
  • ⚠️Go 1.22+ is required for building from source.
  • ⚠️`mcpproxy trust-cert` command is required for full HTTPS setup and trusting the local CA certificate.
  • ⚠️An API key is required for REST API access (auto-generated by default and stored in config).
Verified SafeView Analysis
The server demonstrates a strong focus on security. Key features include: 1. Automatic quarantine system to block Tool Poisoning Attacks (TPA) from new/untrusted MCP servers. 2. Docker isolation for stdio-based MCP servers, providing process, file system, and network isolation, with auto-detection of runtimes. 3. Secure secrets management using OS-native keyring (macOS Keychain, Linux Secret Service, Windows Credential Manager). 4. 8-layer security model for local socket/pipe communication between tray and core. 5. Sandboxed JavaScript code execution with no direct file/network access. 6. HTTPS support with local CA certificate management. 7. Intent-based tool splitting for fine-grained permission control in IDEs, validating agent intent against tool variants (read, write, destructive). Default to localhost-only binding and auto-generated API key for REST API authentication.
Updated: 2026-01-19GitHub
56
79
Medium Cost

AgentUp

by lukehinds

Sec9

A developer-first framework for building, deploying, and managing secure, scalable, and configurable AI agents, supporting various agent types (reactive, iterative) and the Model-Context Protocol (MCP) for seamless interactions.

Setup Requirements

  • ⚠️Requires an external AI provider API key (e.g., OpenAI, Claude, etc.), which may incur costs.
Verified SafeView Analysis
The framework is built with a strong emphasis on security, featuring fine-grained access control, OAuth2, JWT, and API key authentication. It utilizes modern development practices like static analysis (`.bandit`, `.pre-commit-config.yaml`) and CI/CD for quality assurance. While the framework itself is designed to be secure, the overall security of agents built with it will also depend on the external AI providers used, configured plugins, and specific agent implementations.
Updated: 2025-11-17GitHub
56
37
Medium Cost
krokozyab icon

Agent-Fusion

by krokozyab

Sec3

Facilitates AI coding assistants by providing intelligent local RAG for code and documents, and optionally coordinates multiple AI agents for complex tasks.

Setup Requirements

  • ⚠️Requires Java Runtime Environment (JRE 17+ recommended).
  • ⚠️Requires external AI coding assistants (e.g., Claude Code CLI, OpenAI Codex CLI) to connect via MCP. It does not include the LLM models itself.
  • ⚠️Optional manual setup for larger/custom embedding models (download ONNX file, configure path).
  • ⚠️Web dashboard listens on 0.0.0.0 by default, exposing it to the network without authentication.
Review RequiredView Analysis
The server's web dashboard (default 0.0.0.0:8081) and MCP server (default 127.0.0.1:3000, configurable) lack explicit authentication and authorization. This makes them vulnerable to unauthorized access and arbitrary tool execution by any network-reachable client. Deserialization of potentially malicious content from proposals or snapshots, and path traversal vulnerabilities via file system operations, are potential risks. The absence of built-in access control is a critical security flaw for multi-user or networked deployments beyond a strictly isolated local development environment.
Updated: 2025-11-24GitHub
56
141
Low Cost
makeplane icon

plane-mcp-server

by makeplane

Sec7

Provides AI agents with tools to interact with Plane APIs for project and work item management.

Setup Requirements

  • ⚠️Requires Python 3.10+ and associated dependencies (handled by `uvx` if used, otherwise manual `pip install`).
  • ⚠️For local `stdio` transport, `PLANE_API_KEY` and `PLANE_WORKSPACE_SLUG` environment variables are required.
  • ⚠️For self-hosting `http` transport with OAuth, `PLANE_OAUTH_PROVIDER_CLIENT_ID`, `PLANE_OAUTH_PROVIDER_CLIENT_SECRET`, and `PLANE_OAUTH_PROVIDER_BASE_URL` environment variables must be configured on the server. Optional Redis host/port if using Redis for OAuth client storage.
Verified SafeView Analysis
The server's HTTP transport mode uses a broad CORS configuration (`allow_origins=["*"]`), which is generally not recommended for production environments as it allows cross-origin requests from any domain. While authentication mechanisms (OAuth, API keys) are in place, restricting origins to known clients is a best practice. Authentication relies on securely managed API keys, OAuth tokens, or environment variables, which places responsibility on the user for credential security. No obvious 'eval' or malicious patterns were found in the provided source code.
Updated: 2026-01-15GitHub
55
83
Medium Cost
timescale icon

tiger-cli

by timescale

Sec5

Tiger CLI provides a Model Context Protocol (MCP) server that enables AI assistants to interact with Tiger Cloud database services, manage service lifecycles, execute SQL queries, and access documentation via proxied tools.

Setup Requirements

  • ⚠️Requires authentication via `tiger auth login` or environment variables `TIGER_PUBLIC_KEY` and `TIGER_SECRET_KEY`.
  • ⚠️Database services created by MCP tools will incur costs on the Tiger Cloud platform.
  • ⚠️The MCP server runs in the foreground when started with `tiger mcp start`.
  • ⚠️Setting up the MCP client (e.g., AI assistant, IDE) is required after `tiger mcp install`.
Review RequiredView Analysis
The codebase demonstrates secure credential handling practices, using system keyrings, .pgpass files, or PGPASSWORD environment variables. Critical issues around credential exposure and resource leaks have been fixed. However, a high-severity concern remains regarding insufficient input validation for user-provided psql arguments, which could lead to command injection vulnerabilities if malicious arguments are crafted. This issue is marked 'UNDER REVIEW' in the internal code review. The server also proxies tools from a remote documentation MCP server, introducing a dependency on an external service that should be considered for supply chain risk.
Updated: 2026-01-17GitHub
55
127
Low Cost
classfang icon

ssh-mcp-server

by classfang

Sec8

Bridging AI assistants to remote SSH server operations for command execution, file transfer, and server status retrieval via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires valid SSH credentials (host, port, username, password or private key) for target server(s).
  • ⚠️MCP configuration in the `args` array requires each command-line argument and its value to be separate elements, not combined with spaces.
  • ⚠️It is strongly recommended to configure command whitelists to restrict executable commands for security.
  • ⚠️Local paths for file uploads and downloads are strictly validated to be within the current working directory of the `ssh-mcp-server` process.
  • ⚠️Requires Node.js runtime to execute via NPX.
Verified SafeView Analysis
The server implements important security features such as credential isolation (SSH credentials are not directly exposed to AI models), command whitelisting and blacklisting (strongly recommended to configure whitelists), and local path traversal protection for file uploads/downloads. Private keys are read from the local filesystem. A documented limitation is the lack of built-in rate limiting, which could expose the server to denial-of-service (DoS) attacks if not run behind a protective layer. Users are explicitly warned about the risks of running without command whitelists.
Updated: 2026-01-14GitHub
55
1
Medium Cost
AnCarsenat icon

minecode-mcp

by AnCarsenat

Sec9

Provides AI assistants with real-time access to Minecraft data, documentation, and datapack generators for development.

Setup Requirements

  • ⚠️Requires an MCP client (e.g., GitHub Copilot, Claude Desktop) to connect.
  • ⚠️Requires Python 3.10 or newer.
  • ⚠️Relies on external internet access to Minecraft Wiki, Mojira, Spyglass MC API, and Misode data endpoints.
Verified SafeView Analysis
The server primarily functions as an intermediary to established, public Minecraft-related APIs (Minecraft Wiki, Mojira, Spyglass, Misode). It does not appear to use 'eval', 'exec', or dangerous system commands on user-supplied input. Network risks are limited to outbound requests to known legitimate endpoints. The 'validate_datapack' tool is currently a simulated stub, mitigating potential file system interaction risks. The server communicates via standard I/O, not opening network ports.
Updated: 2026-01-18GitHub
55
1
Medium Cost
lipeiying24-sys icon

OpenWebIDE

by lipeiying24-sys

Sec8

An AI-powered serverless cloud IDE that facilitates code development and interaction with GitHub repositories using AI agents.

Setup Requirements

  • ⚠️Requires a Cloudflare account for deployment.
  • ⚠️Requires a Google Gemini API Key or an OpenAI-compatible API Key (usage may incur costs).
  • ⚠️Requires a GitHub Personal Access Token (PAT) with 'repo', 'workflow', and 'read:org' scopes.
Verified SafeView Analysis
The Cloudflare Worker backend uses environment variables for AI API keys, which is good practice. The GitHub Personal Access Token (PAT) is handled as an Authorization header, which is standard. The system does not use 'eval' or similar dangerous functions. CORS is set to `*`, which broadly allows requests from any origin; while not ideal for all APIs, it's a common pattern for public Cloudflare Workers and relies on the GitHub PAT for authorization rather than origin restriction. The AI's generated tool arguments are directly passed to Octokit, relying on the defined input schemas and Octokit's own validation, meaning prompt engineering plays a crucial role in preventing unintended actions.
Updated: 2025-12-14GitHub
55
1
Medium Cost
see-quick icon

strimzi-mcp-server

by see-quick

Sec9

Enables AI assistants to manage and troubleshoot Strimzi Kafka clusters and their related resources on Kubernetes via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Java 21+ to run.
  • ⚠️Requires access to a Kubernetes cluster with Strimzi installed.
  • ⚠️Needs a valid kubeconfig file configured for Kubernetes cluster access, with sufficient RBAC permissions for Strimzi resources.
Verified SafeView Analysis
The server uses `KubernetesClient` which relies on local kubeconfig or in-cluster service accounts, requiring appropriate RBAC permissions for Strimzi custom resources and standard Kubernetes resources (Pods, Secrets, Events). It accesses sensitive information like KafkaUser passwords from Kubernetes Secrets, which is necessary for `get_user_credentials` functionality. Communication occurs over standard I/O (stdio), avoiding direct network listeners and reducing external attack surface. No `eval` or similar dynamic code execution, hardcoded credentials (other than implicit kubeconfig usage), or obfuscation patterns were found. The primary security consideration is ensuring the Kubernetes credentials used by the server have the least privilege necessary for its operations.
Updated: 2026-01-18GitHub
55
136
Low Cost
silenceper icon

mcp-k8s

by silenceper

Sec7

Facilitates natural language interaction and automation for Kubernetes cluster management and Helm operations via the Model Control Protocol (MCP).

Setup Requirements

  • ⚠️Requires access to a Kubernetes cluster (via kubeconfig file or in-cluster configuration).
  • ⚠️Docker daemon must be running if using the Docker deployment method.
  • ⚠️Kubernetes resource write operations (create, update, delete) and most Helm write operations (install, upgrade, uninstall, repo add/remove) are disabled by default and must be explicitly enabled via command-line flags.
Verified SafeView Analysis
The server implements granular control over Kubernetes and Helm write operations via explicit flags and states adherence to RBAC and input validation. However, when deployed in SSE or Streamable HTTP modes, it exposes HTTP endpoints to manage a Kubernetes cluster. The README warns that users 'need to pay attention to security' for remote deployments, implying that external authentication/authorization layers might be necessary as the server itself doesn't provide them beyond relying on Kubernetes RBAC, which poses a potential risk if not properly secured externally.
Updated: 2026-01-15GitHub
PreviousPage 41 of 760Next