Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(7756)

54
119
Medium Cost
Taxuspt icon

garmin_mcp

by Taxuspt

Sec8

Exposes Garmin Connect fitness and health data to Model Context Protocol (MCP) compatible AI clients.

Setup Requirements

  • ⚠️Requires `GARMIN_EMAIL` and `GARMIN_PASSWORD` to be set as environment variables or provided via file paths.
  • ⚠️Initial setup might require a manual command-line login to handle Garmin Connect's Multi-Factor Authentication (MFA) and save OAuth tokens locally.
  • ⚠️Requires `uv` for package management and Python 3.10+ (Python 3.12 is suggested in examples).
Verified SafeView Analysis
The server correctly uses environment variables or file paths for handling Garmin Connect credentials (`GARMIN_EMAIL`, `GARMIN_PASSWORD`). It stores OAuth tokens locally in `~/.garminconnect` (or specified by `GARMINTOKENS`) after initial login, which is standard practice for API clients to avoid repeated password prompts. MFA is handled interactively during the initial login process. There is no explicit use of dangerous functions like `eval` or code obfuscation. Error messages may expose internal exception details (`str(e)`), which is a minor information leakage risk, but generally acceptable for a self-hosted tool. The overall security posture relies on the underlying `garminconnect` library.
Updated: 2025-12-09GitHub
54
48
High Cost
JeremyVyska icon
Sec8

Provides specialized Business Central (BC) development knowledge, code analysis, structured workflows, and AI specialist personas to empower LLM-based coding agents and developers.

Setup Requirements

  • ⚠️Requires Node.js (ES2022/ESNext compatibility).
  • ⚠️For custom knowledge layers (Git/Local), requires a configuration file (`bc-code-intel-config.yaml`) in project root or user config directory.
  • ⚠️Git-based layers require proper authentication (PAT/SSH key) typically via environment variables, which can be a friction point.
  • ⚠️The client must call `set_workspace_info` tool to enable project-specific layers and MCP ecosystem awareness; otherwise, it defaults to embedded knowledge only.
Verified SafeView Analysis
The server explicitly prioritizes environment variables for sensitive data (e.g., Git PATs) and provides diagnostic tools to verify their setup. It includes configuration for source validation and content scanning. No 'eval' or malicious obfuscation was found in the provided source code. External network calls are made for legitimate layer loading (e.g., Git repos).
Updated: 2025-12-11GitHub
54
42
High Cost
huweihua123 icon

stock-mcp

by huweihua123

Sec7

A Model Context Protocol (MCP) server that empowers AI agents with professional-grade financial market analysis capabilities, including real-time data, technical analysis, fundamental research, and SEC/A-share filings.

Setup Requirements

  • ⚠️Requires Python 3.10+ (specifically recommends 3.11.14)
  • ⚠️Requires Redis (optional but highly recommended for caching performance and API quota management)
  • ⚠️Requires various API keys for full functionality (e.g., TUSHARE_TOKEN, FINNHUB_API_KEY, SEC_EMAIL, TAVILY_API_KEY, GOOGLE_API_KEY). Many features will be limited or unavailable without them.
  • ⚠️MinIO client is configured for document processing and caching, requiring MINIO_ENDPOINT, MINIO_ACCESS_KEY, MINIO_SECRET_KEY, and MINIO_BUCKET to be set for filings-related features.
Verified SafeView Analysis
The server's CORS configuration defaults to allow_origins=['*'], which is a security risk in production environments and should be restricted. The 'process_document' tool can download content from arbitrary URLs, potentially exposing the server to Server-Side Request Forgery (SSRF) and Denial-of-Service (DoS) vulnerabilities if user-provided URLs are not properly validated. Object names for MinIO storage constructed from user inputs ('doc_type', 'doc_id') are not explicitly sanitized, which could theoretically allow path traversal or object overwrites. API keys are appropriately read from environment variables, mitigating hardcoded secret risks.
Updated: 2025-12-09GitHub
54
82
Low Cost
smart-mcp-proxy icon

mcpproxy-go

by smart-mcp-proxy

Sec9

Super-charges AI agents by providing intelligent tool discovery, massive token savings, and security quarantine against malicious Model Context Protocol (MCP) servers.

Setup Requirements

  • ⚠️Requires Docker Desktop/Engine for Docker isolation features.
  • ⚠️Requires Node.js and `npx` for certain stdio-based upstream servers (e.g., `@modelcontextprotocol/server-everything`).
  • ⚠️HTTPS setup requires a one-time `mcpproxy trust-cert` command and configuration.
  • ⚠️Some advanced CLI functionalities might require `jq` to parse JSON outputs.
  • ⚠️Go 1.22+ is recommended for building from source.
Verified SafeView Analysis
The project has a strong focus on security, implementing features like a robust "Security Quarantine" system to protect against Tool Poisoning Attacks (TPA) by automatically quarantining new servers and providing security analysis. `code_execution` operates in a heavily sandboxed JavaScript VM (`goja`), explicitly preventing filesystem/network access (outside of `call_tool`), module loading, and Node.js built-ins. Docker isolation enhances security for stdio servers by providing process, filesystem, and network isolation within containers. The project demonstrates transparency by openly documenting and addressing past critical vulnerabilities (e.g., skipped API key tests for TCP connections) with detailed fix plans and CI enforcement, indicating a proactive security posture. Default binding to `127.0.0.1:8080` enhances local security. API key authentication is required for TCP connections but bypassed for trusted Unix socket/named pipe connections.
Updated: 2025-12-14GitHub
54
77
High Cost
eunomia-bpf icon

schedcp

by eunomia-bpf

Sec4

eBPF scheduler development and dynamic kernel performance optimization for workloads with 'long-tail' latency issues, including GPU-accelerated AI/ML tasks and distributed processing.

Setup Requirements

  • ⚠️Requires Linux kernel 6.0+ with `sched_ext` support and specific kernel config options (e.g., `CONFIG_BPF=y`, `CONFIG_SCHED_CLASS_EXT=y`).
  • ⚠️Demands specific build tools like `clang`, `libbpf`, `bpftool` for eBPF programs.
  • ⚠️Uses `uv` (a specific Python package manager) instead of `pip` for dependency installation, requiring a different workflow (`uv venv`, `uv pip install`).
  • ⚠️Heavy reliance on NVIDIA GPUs and CUDA 12.8+ for AI/ML and vector database workloads, potentially requiring specific CUDA environment variables like `CUDA_MANAGED_FORCE_DEVICE_ALLOC=1`.
  • ⚠️Requires `sudo` privileges to load and unload eBPF schedulers via `schedcp-cli`.
Review RequiredView Analysis
The use of `LD_PRELOAD=./liba.so` (or similar custom allocators like `uvm_allocator.so`) in Python scripts (`workloads/ktransformers/run_optimized_chat.sh`, `workloads/pytorch/benchmark_gnn_uvm.py`) is a significant security risk if the `.so` file is untrusted or compromised. It allows arbitrary code execution with the privileges of the Python process. Additionally, the `evaluate_workloads_parallel.py` script uses `subprocess.run(cmd, shell=True)` which is inherently dangerous if the `cmd` is derived from untrusted input, though in this context, commands are defined internally within the repository. The core eBPF schedulers themselves undergo kernel verification, but the external components used for benchmarking and dynamic allocator loading carry notable risks if not carefully managed and audited.
Updated: 2025-12-10GitHub
54
126
Low Cost
rust-mcp-stack icon

rust-mcp-sdk

by rust-mcp-stack

Sec9

A high-performance, asynchronous Rust SDK for building Model Context Protocol (MCP) servers and clients.

Setup Requirements

  • ⚠️Requires Rust toolchain (stable, cargo-nextest, cargo-make).
  • ⚠️Some examples require Node.js and npm to launch external MCP servers (e.g., @modelcontextprotocol/server-everything).
  • ⚠️OAuth examples require a configured OAuth provider (e.g., Keycloak, WorkOS, Scalekit) and corresponding environment variables.
Verified SafeView Analysis
The SDK includes explicit security features such as DNS rebinding protection, support for SSL/TLS, and robust OAuth authentication mechanisms (Remote Oauth Provider, Keycloak, WorkOS Authkit, Scalekit integrations). It promotes best practices like externalizing client secrets via environment variables. There are no obvious signs of 'eval' or other directly exploitable malicious patterns in the provided source summaries. The project is 'currently under development,' which always implies a minor risk until maturity, but the architectural choices appear solid.
Updated: 2025-12-14GitHub
53
129
Low Cost
silenceper icon

mcp-k8s

by silenceper

Sec8

A Kubernetes MCP (Model Control Protocol) server that enables natural language interaction with Kubernetes clusters and Helm for resource and release management.

Setup Requirements

  • ⚠️Requires Kubernetes cluster access via a kubeconfig file (with appropriate RBAC permissions). By default, it looks for ~/.kube/config or in-cluster configuration.
  • ⚠️Go runtime (for building/installing from source) or a pre-built binary/Docker environment is required to run the server.
  • ⚠️Write operations for Kubernetes resources (create, update, delete) and Helm operations (install, upgrade, uninstall, add/remove repository) are disabled by default and must be explicitly enabled via command-line flags.
Verified SafeView Analysis
The server leverages official Kubernetes client-go and Helm client libraries. Write operations (create, update, delete, Helm chart operations, Helm repository management) are disabled by default and require explicit command-line flags to enable, offering fine-grained control to the operator. User inputs for resource manifests and Helm values are parsed as structured data (JSON/YAML) rather than executed, mitigating common injection risks. The primary security consideration lies with the RBAC permissions granted to the kubeconfig file used by the server; appropriate least-privilege RBAC is critical to prevent unintended or malicious actions on the cluster, especially when integrated with an LLM.
Updated: 2025-11-20GitHub
53
117
Low Cost
minipuft icon
Sec9

The Claude Prompts MCP Server provides hot-reloadable prompts, structured reasoning, and chain workflows, enabling AI assistants (like Claude) to execute complex, multi-step tasks with consistent methodology and quality checks.

Setup Requirements

  • ⚠️Requires Node.js >= 24 (as per CLAUDE.md for canonical operation, conflicting with older Node.js versions mentioned elsewhere).
  • ⚠️Requires an MCP-compatible client (e.g., Claude Desktop) for full interactive utilization.
  • ⚠️Future LLM-based semantic analysis/validation features may require API keys for external LLMs (e.g., OpenAI, Anthropic), incurring usage costs.
Verified SafeView Analysis
The project demonstrates strong security awareness, with explicit documentation (`CONTRIBUTING.md`, `CLAUDE.md`, `security-awareness/gate.yaml`) forbidding hardcoded secrets and promoting secure coding practices (input validation, HTTPS, parameterized queries). LLM integrations use standard network `fetch` calls. No obvious `eval` or arbitrary `child_process` execution on untrusted input is present, which are common vectors for code execution vulnerabilities.
Updated: 2025-12-14GitHub
53
69
High Cost

slidev-mcp

by LSTM-Kirigaya

Sec7

AI-powered tool for generating professional online presentations using natural language descriptions, built on Slidev and large language models.

Setup Requirements

  • ⚠️Requires an OpenAI API Key or similar Large Language Model API key (likely paid).
  • ⚠️Requires Node.js and a package manager (npm/yarn/pnpm) for Slidev runtime dependencies.
  • ⚠️Requires Python environment setup, specifically using 'uv' for dependency management.
Verified SafeView Analysis
The project integrates large language models and includes a `websearch` utility tool that takes a URL. Without reviewing the implementation, there's a potential risk of SSRF or fetching malicious content if URL inputs are not properly sanitized and validated. No explicit 'eval' or obfuscation mentioned.
Updated: 2025-11-17GitHub
53
115
Medium Cost
ai-zerolab icon

mcp-email-server

by ai-zerolab

Sec8

This server provides IMAP and SMTP functionalities via the MCP protocol, allowing clients (like AI agents) to manage email accounts, list/retrieve email metadata and content, send emails, delete emails, and download attachments.

Setup Requirements

  • ⚠️Requires Python 3.10 or newer.
  • ⚠️Requires configuration of IMAP and SMTP server details (host, port, credentials) for each email account.
  • ⚠️The attachment download feature is disabled by default for security reasons and must be explicitly enabled in the configuration.
Verified SafeView Analysis
The server explicitly disables attachment downloads by default for security reasons, requiring an opt-in. Sensitive credentials are handled via environment variables or a TOML configuration file, with masking implemented for display. The `download_attachment` tool allows saving files to an absolute path specified by the user; if the MCP server runs with elevated privileges and an untrusted user/AI agent provides a malicious path, this could lead to unintended file overwrites or data leakage. However, this risk is mitigated by the default disabled state and the requirement for explicit enabling.
Updated: 2025-12-12GitHub
53
4
High Cost
Infatoshi icon

thinkingcap

by Infatoshi

Sec8

A multi-agent research MCP server that runs multiple LLM providers in parallel and synthesizes their responses to a given query.

Setup Requirements

  • ⚠️Requires API keys for chosen LLM providers (e.g., OPENROUTER_API_KEY, GROQ_API_KEY), which may involve paid services.
  • ⚠️Requires Node.js and npx to run.
  • ⚠️Changing configured agents requires restarting the server with new command-line arguments.
Verified SafeView Analysis
API keys are correctly managed via environment variables and are not hardcoded. The system uses LLMs to generate structured data (questions) that are then JSON parsed; while this introduces a potential risk if an LLM deviates maliciously from the expected format, the prompts explicitly guide the LLM to return only a JSON array of strings, mitigating the risk. Web search is performed against DuckDuckGo, a legitimate search engine, via direct HTTP requests. There are no detected uses of `eval` or similar dangerous functions on untrusted inputs.
Updated: 2025-11-25GitHub
53
40
Medium Cost

tiger-slack

by timescale

Sec7

An AI-powered Slack bot, likely integrating with Claude, designed to process and respond to messages within a Slack workspace.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose for deployment.
  • ⚠️Requires creating and configuring a Slack application.
  • ⚠️Requires an Anthropic Claude API key (paid service) and other environment variables for configuration.
Verified SafeView Analysis
Cannot audit code for 'eval' or obfuscation. Assumed standard network practices for Slack bot integration; requires outbound access to Slack and LLM APIs. Inherent risks with user input and API key management. The presence of .env.sample encourages secure credential handling.
Updated: 2025-11-18GitHub
PreviousPage 47 of 647Next