Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(7756)

55
85
Medium Cost
sulaiman013 icon

powerbi-mcp

by sulaiman013

Sec7

Enables AI assistants to interact with Power BI Desktop and Service for querying data, managing models, and performing safe bulk operations through natural language, ensuring enterprise-grade security and preserving report visual integrity during refactoring.

Setup Requirements

  • ⚠️Requires Windows 10/11 for ADOMD.NET and Power BI Desktop connectivity.
  • ⚠️Requires Power BI Desktop installed for local model interaction and PBIP editing.
  • ⚠️ADOMD.NET client libraries (often bundled with Power BI Desktop or SSMS) must be discoverable.
  • ⚠️Cloud connectivity requires Azure AD App Registration with specific permissions (Dataset.Read.All, Workspace.Read.All) and a Premium Per User (PPU) or Premium Capacity workspace for XMLA endpoint access.
Verified SafeView Analysis
The project integrates a robust security layer for PII detection, audit logging, and access policies, which is a significant positive. However, it relies on environment variables for sensitive cloud credentials (TENANT_ID, CLIENT_ID, CLIENT_SECRET), which is good practice but requires careful management outside the code. The use of 'eval' for .NET assembly loading in connectors, while common for .NET interop, carries inherent risks. Extensive file manipulation for PBIP projects (reading, writing, copying, deleting via `powerbi_pbip_connector.py`) and execution of arbitrary DAX queries means the tool has significant power over the local system and data. The `pbip_load_project` tool directly takes user-provided paths for PBIP projects, which necessitates trust in the input or robust path sanitization to prevent potential traversal vulnerabilities.
Updated: 2025-12-01GitHub
55
1
Low Cost
bigph00t icon

greenlight

by bigph00t

Sec9

Provides a visual status indicator in a terminal window for AI assistant tasks.

Setup Requirements

  • ⚠️Requires Node.js version 18.0.0 or higher.
  • ⚠️The display component (`src/display.js`) must be run separately in a visible terminal window.
  • ⚠️Achieving 'yellow light' status for AI approval prompts (Claude Code only) requires manual configuration of AI hooks with the full path to the `cli.js` script.
Verified SafeView Analysis
The server operates locally via file I/O and standard I/O, primarily writing to and reading from `~/.greenlight/status.json` and `~/.greenlight/display.pid`. It uses `process.kill(pid, 0)` to check for process existence, which is a safe operation. User-provided messages are stored in a local JSON file and then displayed in the terminal. While the application does not execute these messages, there's a theoretical, low-risk possibility of a compromised AI injecting malicious ANSI escape sequences into the message that a vulnerable terminal emulator might misinterpret. However, the risk is contained to the local terminal session, and the application itself does not execute arbitrary code. No hardcoded secrets or direct network risks were identified within the server's code.
Updated: 2025-12-13GitHub
55
1
High Cost
final0920 icon

mcp-worklog

by final0920

Sec9

Automates the generation and management of daily work reports, including collecting content from AI tool sessions for summarization and editing.

Setup Requirements

  • ⚠️Requires a '--storage-path' argument to specify where daily reports are saved.
  • ⚠️AI session collection (Claude Code, Kiro, Cursor) is dependent on the user having these tools installed and their data files existing in standard locations, otherwise, no sessions will be collected.
  • ⚠️Requires Python 3.10 or newer.
Verified SafeView Analysis
The server operates locally using standard I/O and reads/writes files in a user-specified directory. AI session collectors access predefined application data paths (e.g., ~/.claude, %APPDATA%/Kiro, %APPDATA%/Cursor). The CursorCollector uses SQLite with a hardcoded query key, which reduces SQL injection risk. No explicit 'eval' or direct external network calls (beyond standard MCP communication) are apparent from the provided code, nor any hardcoded secrets. File operations are controlled and limited to expected paths for its functionality, and no arbitrary file access based on user input is observed.
Updated: 2025-12-11GitHub
55
1
Medium Cost

pipe-dream-mcp

by ryanmichaeljames

Sec9

Enables AI agents to securely interact with Microsoft Dataverse for querying, retrieving, and managing data.

Setup Requirements

  • ⚠️.NET 10.0 SDK required
  • ⚠️Azure CLI required
  • ⚠️Azure subscription with Dataverse access required
  • ⚠️Must run `az login` to authenticate
Verified SafeView Analysis
Utilizes Azure CLI for secure token-based authentication to Microsoft Dataverse; no direct 'eval' or obfuscation is indicated. Standard network interaction for data operations.
Updated: 2025-11-19GitHub
55
120
Medium Cost
makeplane icon

plane-mcp-server

by makeplane

Sec9

The Plane MCP Server provides a programmatic interface for AI agents and developer tools to interact with a Plane workspace, enabling project management, issue tracking, and automation.

Setup Requirements

  • ⚠️Requires a Plane API Key, which needs to be generated from your Plane workspace settings.
  • ⚠️Requires your Plane Workspace Slug, found in your Plane app's URL.
  • ⚠️For self-hosted Plane instances, PLANE_API_HOST_URL must be configured correctly.
Verified SafeView Analysis
The server correctly uses environment variables for sensitive API keys (PLANE_API_KEY) and workspace slugs, avoiding hardcoded secrets. It utilizes `axios` for HTTP requests, which is a standard and generally secure library. There is no `eval` or obvious obfuscation detected. The primary security considerations are proper management of the PLANE_API_KEY and ensuring the PLANE_API_HOST_URL points to a trusted Plane instance, especially in self-hosted scenarios.
Updated: 2025-12-10GitHub
54
110
Low Cost
ivnvxd icon
Sec8

Enables AI assistants to interact with Odoo ERP systems for data access, record management (search, create, update, delete), and instance management through natural language.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Requires access to an Odoo instance (version 17.0+).
  • ⚠️For production use, the Odoo MCP module must be installed on your Odoo server.
  • ⚠️Requires `uv` to be installed on the local machine for the recommended installation method.
  • ⚠️Authentication (ODOO_API_KEY or ODOO_USER/ODOO_PASSWORD) must be configured.
Verified SafeView Analysis
The server includes robust error sanitization to prevent Odoo's internal tracebacks and sensitive information from being exposed in error messages. Authentication relies on Odoo API keys (recommended) or username/password. A 'YOLO mode' exists which bypasses all MCP security controls and connects directly to standard Odoo XML-RPC endpoints; the README explicitly and repeatedly warns against using this mode in production. The code uses `ast.literal_eval` for parsing Odoo domain strings from user input, which is safer than `eval` but still a powerful operation requiring careful input validation.
Updated: 2025-11-24GitHub
54
95
Medium Cost
MariaDB icon

mcp

by MariaDB

Sec9

Provides an MCP interface to MariaDB, enabling standard SQL operations and optional vector/embedding-based search for AI assistants.

Setup Requirements

  • ⚠️Requires a running MariaDB server instance with valid credentials.
  • ⚠️Python 3.11 is required.
  • ⚠️Requires 'uv' (dependency manager) for installation and running.
  • ⚠️Embedding features (vector store operations) are optional but require external API keys (e.g., OpenAI, Gemini) or specific HuggingFace models, which can incur costs.
Verified SafeView Analysis
The server demonstrates strong security practices, notably by explicitly disabling the 'MULTI_STATEMENTS' client flag in its custom database connection pool to prevent SQL injection vulnerabilities. It enforces read-only mode via configuration ('MCP_READ_ONLY') and validates database/table names using 'isidentifier()'. Configuration for database credentials and external API keys is correctly handled via environment variables, with no hardcoded secrets. Network access is controlled by CORS and Trusted Host middleware, and the README explicitly advises on implementing authentication for non-stdio transports, indicating a thoughtful approach to network security.
Updated: 2025-11-24GitHub
54
59
Low Cost
xakpc icon

anymcp-io

by xakpc

Sec7

A static site catalog for discovering and browsing single-file .NET MCP (Model Context Protocol) servers.

Setup Requirements

  • ⚠️Contributing C# MCP servers requires targeting .NET 10 Preview 4+.
  • ⚠️Contributed C# files must include specific YAML front matter within C# comments.
  • ⚠️Contributed C# servers must use the ModelContextProtocol package version 0.3.0-preview.3 or later.
Verified SafeView Analysis
The project is a static site generator. The primary security considerations are at build-time, particularly related to the processing of contributed C# server files (`mcp/*.cs`). The `servers.js` script reads these files and parses their YAML front matter and extracts C# code as strings. There is no direct execution of the C# code within the Node.js build process, which limits direct code execution vulnerabilities. However, if unvetted malicious C# content (e.g., embedded HTML/JS) is not properly escaped when rendered into the Nunjucks templates (e.g., in `servers.njk`), it could lead to Cross-Site Scripting (XSS) on the generated static website. No explicit use of `eval` or intentional obfuscation was found in the provided JavaScript code. Hardcoded secrets are not present in the catalog's source code; environment variables are specified as requirements for the *contributed MCP servers* themselves.
Updated: 2025-12-10GitHub
54
21
Medium Cost
Eth3rnit3 icon

FerrumMCP

by Eth3rnit3

Sec4

A browser automation server enabling AI assistants to interact with web pages through a standardized Model Context Protocol (MCP) interface for tasks like web scraping, testing, and anti-detection.

Setup Requirements

  • ⚠️Requires Ruby 3.2+ and a Chrome/Chromium browser installation.
  • ⚠️The 'solve_captcha' tool requires the 'whisper-cli' binary to be installed and available in the system PATH, or `WHISPER_PATH` environment variable set.
  • ⚠️Docker deployments require `--security-opt seccomp=unconfined` for Chromium to function, which reduces container isolation.
  • ⚠️For HTTP transport, default `MCP_SERVER_HOST` is `0.0.0.0` (all interfaces) which should be changed to `127.0.0.1` or restricted by a firewall for security.
Verified SafeView Analysis
FerrumMCP allows arbitrary JavaScript execution and XPath queries, which are powerful and inherently risky if exposed to untrusted input. The project explicitly states it is designed for 'trusted environments' and does not provide built-in authentication, authorization, or full input sanitization for all tools. HTTP transport lacks TLS/SSL by default. Docker deployments require `--security-opt seccomp=unconfined`, which grants broader syscall permissions. Session resource exhaustion is mitigated by configurable limits and idle timeouts, and rate limiting is implemented for HTTP transport. For production and untrusted environments, strong external security layers (reverse proxy with TLS/auth, strict firewalls) are critical.
Updated: 2025-12-14GitHub
54
102
High Cost
Azure icon

aks-mcp

by Azure

Sec7

The AKS-MCP server enables AI assistants to interact with Azure Kubernetes Service (AKS) clusters by translating natural language requests into AKS operations and retrieving cluster information.

Setup Requirements

  • ⚠️Requires Azure CLI to be installed and authenticated (`az login` or environment variables for Service Principal/Managed Identity) with appropriate permissions for AKS management.
  • ⚠️For in-cluster deployments, Azure Workload Identity requires significant multi-step Azure AD configuration (OIDC issuer, Managed Identity, Federated Credential).
  • ⚠️If using HTTP transports with OAuth, requires Azure AD App registration with specific redirect URIs and API permissions, which can be complex to set up correctly.
Verified SafeView Analysis
The server executes Azure CLI and kubectl commands via `exec.CommandContext` with user-provided arguments, which is an inherently high-risk operation (`G204`). While `internal/security/validator.go` implements explicit command validation (blacklisting of dangerous patterns and access level enforcement) and `shlex.Split` is used for argument parsing, these layers are not foolproof against sophisticated injection attacks. Azure credentials (`AZURE_CLIENT_ID`, `AZURE_CLIENT_SECRET`, `AZURE_TENANT_ID`) are properly handled via environment variables or Kubernetes secrets, with strict validation for `AZURE_FEDERATED_TOKEN_FILE` path, preventing arbitrary file access. The server supports OAuth for HTTP transports, adding an authentication layer. RBAC policies defined in the Helm chart dynamically adjust permissions based on the `--access-level` flag (readonly, readwrite, admin), which is crucial for mitigating privilege escalation. Running with `admin` access levels or exposing publicly without strong network controls and authentication requires extreme caution.
Updated: 2025-12-12GitHub
54
96
Medium Cost
VictoriaMetrics-Community icon

mcp-victoriametrics

by VictoriaMetrics-Community

Sec9

Provides an AI-driven interface for monitoring, observability, and debugging tasks with VictoriaMetrics instances through the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires an existing VictoriaMetrics instance (single-node, cluster, or Cloud).
  • ⚠️Go 1.24 or higher is needed if building from source.
  • ⚠️Requires configuration of environment variables (e.g., VM_INSTANCE_ENTRYPOINT, VM_INSTANCE_TYPE, or VMC_API_KEY) to connect to VictoriaMetrics.
Verified SafeView Analysis
The server uses standard Go HTTP client for API interactions and processes environment variables for sensitive data like API keys and bearer tokens, which is a good practice. No direct 'eval' or arbitrary shell command execution outside of specific, controlled unit testing of rules (`vmalert-tool unittest`) is observed. The embedded documentation and blog posts are static content. Overall, the project appears to follow good security practices for its described functionality.
Updated: 2025-12-08GitHub
54
11
Medium Cost
nonatofabio icon

local_faiss_mcp

by nonatofabio

Sec8

Provides a local vector database using FAISS for Retrieval-Augmented Generation (RAG) applications, enabling document ingestion, semantic search, and context preparation for LLMs.

Setup Requirements

  • ⚠️Requires pandoc installation for extended document formats (DOCX, HTML, EPUB, etc.)
  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Downloads large embedding and re-ranking models from Hugging Face on first run, requiring internet access and disk space.
Verified SafeView Analysis
The server uses standard I/O (stdio) for communication, limiting network attack surface. It invokes `pandoc` via `subprocess.run` for document parsing; this is generally safe when arguments are passed as a list (as done here), but relies on `pandoc` itself being secure. Embedding and re-ranking models are downloaded from Hugging Face, introducing a supply chain risk if models were compromised. No hardcoded secrets or 'eval' statements were found.
Updated: 2025-12-12GitHub
PreviousPage 46 of 647Next