Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(7756)

55
92
Medium Cost
cyberbuff icon
Sec7

Provides an MCP server to access, validate, and execute Atomic Red Team security tests, primarily for integration with AI assistants and development tools.

Setup Requirements

  • ⚠️The `execute_atomic` tool is disabled by default and requires setting `ART_EXECUTION_ENABLED=true` environment variable, which comes with a severe security warning to only enable in controlled, isolated environments.
  • ⚠️Git must be installed on the host system for the `refresh_atomics` tool to download the Atomic Red Team repository.
  • ⚠️Requires Python 3.10+ runtime environment to function.
Verified SafeView Analysis
The server includes a critical `execute_atomic` tool that runs system commands, inherently posing a high security risk. However, it is disabled by default (`ART_EXECUTION_ENABLED=false`) with explicit warnings in the documentation. Input validation is implemented for file paths and technique IDs (e.g., in `read_atomic_document` and `query_atomics`) to prevent path traversal and malformed inputs. Authentication via a static bearer token is supported but disabled by default, which is a significant risk for remote deployments, especially if `execute_atomic` is enabled and the server listens on `0.0.0.0` (default host). Users must implement proper network isolation and authentication when deploying remotely with execution enabled.
Updated: 2025-12-13GitHub
55
1
Low Cost
DisanduP icon
Sec8

Converts Mermaid diagram code into Draw.io (MxGraph) XML format, enabling visualization tools and AI agents to work with structured diagram data. It also supports generating basic Markdown representations of Mermaid code and validating syntax.

Setup Requirements

  • ⚠️Requires Node.js v18 or higher.
  • ⚠️Requires `@modelcontextprotocol/sdk/server` npm package to be installed.
  • ⚠️Designed to be run as a Model Context Protocol (MCP) server, requiring integration with an MCP-compatible client (e.g., a BMAD agent or IDE with MCP support) to be fully utilized.
Verified SafeView Analysis
The server's core function is text-to-XML transformation. Input parsing for Mermaid code is handled by custom internal logic without using 'eval()' or dynamic code execution, mitigating direct code injection risks. File system access is limited to internal configuration and style files within the server's directory. No hardcoded secrets were found. Potential vulnerabilities are primarily confined to the robustness of the parsing logic against highly malformed or extremely large inputs, which could lead to resource exhaustion (DoS) rather than arbitrary code execution.
Updated: 2025-12-03GitHub
55
1
Low Cost
cameronking4 icon
Sec8

Optimizes LLM tool calling by generating and executing JavaScript code in a sandboxed environment, reducing tokens and latency for complex multi-tool workflows, including MCP integration.

Setup Requirements

  • ⚠️Requires a Vercel account for Sandbox execution.
  • ⚠️Requires `VERCEL_TOKEN` environment variable for Vercel Sandbox.
  • ⚠️Requires Node.js 18+ and `npm` for `stdio` transport MCP servers.
  • ⚠️Requires at least one AI provider API key (Anthropic, OpenAI, or Vercel AI Gateway).
Verified SafeView Analysis
The system executes LLM-generated JavaScript code within Vercel Sandbox, which provides strong isolation, mitigating direct host system compromise. `new Function(code)` is used solely for syntax validation, not direct execution on the host. The MCP `stdio` transport feature (e.g., `npx mcp-server-commands`) runs predefined commands specified in `mcp-config.ts`, not dynamically generated by the LLM, preventing direct command injection into the host OS. Parameter normalization in `mcp-bridge.ts` adds a layer of defense against malformed inputs. A minor concern for a production system is the hardcoded Firecrawl API key in `mcp-config.ts` (though acceptable for a POC), which should ideally be an environment variable. The long `maxDuration` for the API route and sandbox (up to 10 and 5 minutes respectively) could be a theoretical vector for resource exhaustion if not managed by Vercel's platform, but within the sandbox environment, this is primarily a cost/performance consideration.
Updated: 2025-12-03GitHub
55
1
High Cost
1600822305 icon
Sec3

A powerful Android APK reverse engineering MCP server for decompiling, modifying, repackaging, and fast DEX memory editing of APK files.

Setup Requirements

  • ⚠️Requires Java 17+ runtime environment.
  • ⚠️Manual download of 'APKEditor.jar' from a specific GitHub release is required, and it must be placed in the 'libs/' directory.
  • ⚠️Manual build of 'dex-editor.jar' from the 'java-core' project using Gradle is required, and it must be copied to the 'libs/' directory.
  • ⚠️Requires 'apksigner.jar' to be copied from the Android SDK build-tools directory.
Review RequiredView Analysis
The server uses subprocess calls extensively, which are generally handled safely by passing arguments as lists, mitigating direct shell injection. However, the `file_utils` functions (e.g., `file_read`, `file_write`, `file_delete`, `file_copy`, `file_move`, `file_patch`, `file_insert`) take arbitrary `file_path` or `dir_path` arguments. This design permits a malicious client (or an agent controlled by a malicious user) to read, write, or delete files anywhere on the host system where the server process has permissions. This represents a significant sandbox escape vulnerability. Additionally, regular expression-based operations (e.g., `fast_manifest_patch`, `search_text`) could be susceptible to ReDoS (Regular expression Denial of Service) if user-provided patterns are not properly validated or sanitized by the MCP client. The system relies on several external Java JARs (`APKEditor.jar`, `dex-editor.jar`, `jadx-core`) and system tools (`apksigner`, `adb`), whose security and integrity are critical. Hardcoded debug keystore credentials are used as a default, which is standard for Android development but highlights the potential for misuse if not understood by the user.
Updated: 2025-12-11GitHub
55
1
Low Cost
neosun100 icon

glm-asr

by neosun100

Sec4

Provides an all-in-one speech recognition service with Web UI, REST API, and MCP integration.

Setup Requirements

  • ⚠️Requires NVIDIA GPU with 6GB+ VRAM.
  • ⚠️Requires Docker with NVIDIA Container Toolkit OR Python 3.10+, CUDA 12.x, and FFmpeg for local installation.
  • ⚠️Relies on downloading a 1.5B parameter model (GLM-ASR-Nano-2512) from HuggingFace, which will consume local storage and bandwidth.
Review RequiredView Analysis
The model loading (`AutoModelForCausalLM.from_pretrained`) and VAD model loading (`torch.hub.load`) use `trust_remote_code=True` and `trust_repo=True` respectively. This allows arbitrary code execution from the specified HuggingFace model or GitHub repository, posing a significant security risk if the external source is compromised or malicious. While common in the ML ecosystem for flexibility, it requires explicit trust in the model/repository maintainers. The MCP server's `transcribe` tool accepts `audio_path` directly, which could lead to path traversal if the MCP client is untrusted or improperly configured, although the web API handles file uploads to a temporary directory.
Updated: 2025-12-14GitHub
55
130
Low Cost
rocketship-ai icon

rocketship

by rocketship-ai

Sec8

The Rocketship MCP server acts as a knowledgeable assistant for AI coding agents, providing guidance, examples, schema information, and CLI usage patterns to help them write better Rocketship tests without directly generating code.

Setup Requirements

  • ⚠️Node.js 18+ is required to run the server.
  • ⚠️During the build process (`npm run embed-knowledge`), the full Rocketship Go CLI repository (including its Go toolchain) must be present and compilable for the introspection script to generate embedded knowledge.
  • ⚠️The server's knowledge (examples, schema, CLI guidance) is embedded during its build step; it does not dynamically introspect the CLI at runtime.
Verified SafeView Analysis
The server's core runtime logic, exposed to AI agents, primarily performs string manipulation and object lookups based on pre-embedded knowledge. Tool arguments are schema-validated, mitigating direct command injection risks. The use of `execSync` for CLI introspection is isolated to build-time scripts (`scripts/cli-introspection.js`, called by `scripts/embed-knowledge.js`), meaning potentially dangerous external command execution does not happen dynamically based on live agent input. No `eval` or obvious malicious patterns were found in the runtime code. The main security considerations are around the integrity of the build environment where the introspection is performed, and the broader security of the AI agent system (Rocketship's `agent` plugin) that *consumes* this MCP server's output and interacts with LLMs.
Updated: 2025-12-11GitHub
55
1
Low Cost
castle-studio-work icon

geminicli-manage-addon

by castle-studio-work

Sec9

A text-based user interface (TUI) tool for locally managing Geminicli extensions and Model Context Protocol (MCP) servers.

Setup Requirements

  • ⚠️Requires Node.js >= 18.0.0 to be installed.
  • ⚠️Requires Geminicli to be installed and configured separately.
  • ⚠️When run via Geminicli's slash command, users must press Ctrl+F to interact with the TUI.
  • ⚠️Changes made through the tool require restarting Geminicli for them to take effect.
Verified SafeView Analysis
The application primarily interacts with local configuration files in the `~/.gemini` directory using standard Node.js `fs` module operations (read, write, copy). It explicitly backs up files before saving. There are no signs of network communication, `eval` usage, `child_process` execution beyond the main program's launch, or hardcoded sensitive information. File operations are confined to expected configuration paths in the user's home directory.
Updated: 2025-11-30GitHub
55
1
Medium Cost
openSVM icon

dflow-mcp

by openSVM

Sec9

Provides a Model Context Protocol (MCP) interface to access real-time and historical prediction market data from Kalshi/DFlow.

Setup Requirements

  • ⚠️Requires Bun (recommended) or Node.js 18+ to run.
  • ⚠️Manual MCP client integration requires specific JSON configuration for `command` and `args` pointing to the server's executable.
  • ⚠️Network requests are made to an external prediction market API (`https://prediction-markets-api.dflow.net` or `https://api.llm.dflow.org`), incurring data transfer and external API usage costs.
Verified SafeView Analysis
The server acts as a proxy for an external API. It utilizes robust JSON schema validation for all tool inputs, preventing common injection vulnerabilities. URL construction in the API client is safe, concatenating a fixed base URL with validated paths, mitigating SSRF risks. There are no direct usages of dangerous functions like `eval` or `child_process.exec` with user-controlled input in the main server logic. CORS headers are configured for public access in the Netlify deployment. The `generateCandlestickChart` function (present in the Netlify function but not `src/index.ts`) is safe, transforming numeric data into ASCII art within bounded dimensions. Overall, the implementation is solid for its purpose as a data proxy.
Updated: 2025-12-02GitHub
55
1
Low Cost
senseiBas icon
Sec10

Provides current date and time information to an MCP-compatible AI model, preventing stale context.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Manual configuration in Claude Desktop's `claude_desktop_config.json` is required, potentially including an absolute path for `PYTHONPATH` if the package is not installed globally or within a standard virtual environment.
Verified SafeView Analysis
The server's design is minimal and focuses solely on providing date/time information. It uses standard Python libraries (`datetime`, `zoneinfo`) and communicates only via stdin/stdout through the MCP SDK. No dangerous patterns like `eval`, arbitrary file access, or external network calls are present. No hardcoded credentials were found. Input schemas are empty, preventing arbitrary user input processing.
Updated: 2025-12-03GitHub
55
1
Low Cost
aimlsolutions-nyc icon

mcp-fastmcp-starter

by aimlsolutions-nyc

Sec9

Provides a minimal, production-minded MCP-shaped tool server for building agentic AI services with typed tool contracts and deterministic JSON I/O via FastAPI.

Setup Requirements

  • ⚠️Requires Python 3.10 or newer.
  • ⚠️Manual virtual environment setup and dependency installation are required before running.
Verified SafeView Analysis
The server uses FastAPI and Pydantic for input validation, which significantly reduces common web vulnerabilities. Tool dispatch is explicit and hardcoded, preventing dynamic code execution. No `eval` or `exec` functions are used, and no hardcoded secrets or malicious patterns were identified in the provided source code. The `/invoke` endpoint relies on Pydantic's `model_validate` for robust argument handling, enhancing security against malformed inputs.
Updated: 2025-12-14GitHub
55
1
Low Cost
cased icon
Sec9

Enables Claude to perform detailed code analysis, structural overview, symbol extraction, code search, and dependency mapping within a repository using the `kit` CLI.

Setup Requirements

  • ⚠️Requires the `kit` CLI tool to be installed (Python 3.9+ is a prerequisite for `kit`).
  • ⚠️Dependency graph visualization (`--visualize`) requires `Graphviz` to be installed.
  • ⚠️Semantic search requires the `sentence-transformers` Python package, though `kit` prompts for its installation if missing.
Verified SafeView Analysis
The plugin itself consists of documentation and configuration for Claude to invoke the `kit` CLI tool. It does not contain server-side code, direct `eval` calls, obfuscation, or hardcoded secrets. The primary security considerations lie in the `kit` CLI tool's own security and the sandboxing/sanitization mechanisms of the Claude Code environment executing shell commands. Assuming a secure execution environment, the plugin's instructions are safe.
Updated: 2025-12-01GitHub
55
73
Medium Cost
GDKsoftware icon

Delphi-MCP-Server

by GDKsoftware

Sec8

Implements the Model Context Protocol (MCP) in Delphi to enable AI-powered development workflows and integrate with clients like Claude Code.

Setup Requirements

  • ⚠️Requires Delphi 12 Athens or later.
  • ⚠️For Linux builds, requires Delphi Enterprise with Linux platform support and PAServer running on the target machine.
  • ⚠️Requires OpenSSL DLLs (e.g., libcrypto-3.dll, libssl-3.dll for TaurusTLS) to be present with the executable for HTTPS/SSL.
Verified SafeView Analysis
The server framework appears well-structured, supporting JSON-RPC 2.0, CORS configuration, and modern SSL/TLS (TaurusTLS with OpenSSL 3.x). No 'eval' or obvious malicious patterns are present in the provided truncated code snippets. The tool system uses RTTI-based discovery; the security of tools largely depends on their implementation (e.g., 'list_files' could expose risks if not carefully contained). The framework itself seems robust, but practical security relies on careful configuration and secure tool development by the user.
Updated: 2025-12-11GitHub
PreviousPage 41 of 647Next