Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

55
1
High Cost
GitHubNexon icon

blink

by GitHubNexon

Sec9

An AI-powered agentic command-based assistant that can read, create, and modify code files using Replicate's Claude models.

Setup Requirements

  • ⚠️Requires a Replicate API token (free tier available, but requires signup).
  • ⚠️Requires Python 3.8+.
  • ⚠️Requires an active internet connection for API calls.
Verified SafeView Analysis
The server demonstrates strong security practices, particularly in API token handling (in-memory, cleared on exit, never saved to disk, validated on startup) and file system interactions (using `pathvalidate.sanitize_filepath` and explicit path resolution to the `workspace_root`). There is no use of `eval` or `exec` on user-controlled input, mitigating common code injection risks. All file operations are channeled through a robust file handler, reducing path traversal vulnerabilities. The primary remaining risk is the inherent nature of AI code generation, where a malicious prompt could potentially lead the AI to generate insecure code, but the server's implementation itself is secure.
Updated: 2025-12-11GitHub
55
1
Medium Cost

codex_mcp_server_ebka

by gustavorobertux

Sec8

Integrates the Ebka Caido plugin's functionalities with Codex CLI sessions, allowing Large Language Models (LLMs) to interact with and automate security testing tasks within Caido.

Setup Requirements

  • ⚠️Requires Node.js 16+ to be installed.
  • ⚠️Requires a running Caido instance with the Ebka plugin installed and network accessible.
  • ⚠️Manual configuration of the absolute path to the compiled server script in Codex's `config.toml`.
  • ⚠️Manual copying of `auth_token` and `api_endpoint` from the Ebka plugin in Caido into the Codex session.
Verified SafeView Analysis
The server primarily acts as an intermediary, connecting to a user-specified Caido API endpoint with a user-provided authentication token. No 'eval' or obfuscation is indicated. Network risks are controlled by the user's configuration, directing connections to a defined and intended target. The safety is largely dependent on the trustworthiness of the Caido instance and the security of the provided credentials.
Updated: 2025-11-17GitHub
55
1
Low Cost
Sharper-Flow icon

Vision-MCP-Manager

by Sharper-Flow

Sec8

Manages local or remote MCP (Model Context Protocol) servers and exposes them as HTTP endpoints for AI agents, replacing complex multi-layer setups.

Setup Requirements

  • ⚠️Requires Go 1.24+ for building from source (pre-built binaries available).
  • ⚠️Managed MCP servers must be installed separately via `npx`, `uvx`, or direct binaries.
  • ⚠️Many MCP servers require API keys (e.g., CONTEXT7_API_KEY, KAGI_API_KEY) configured as environment variables.
Verified SafeView Analysis
The Vision daemon demonstrates good security practices for its role as a local process manager. The administrative MCP server binds exclusively to `127.0.0.1:6275`, limiting network exposure for management functions. Individual MCP servers are exposed on dedicated `localhost` ports (`6276-6300`), ensuring per-server isolation and preventing external access. The `install.sh` script utilizes standard systemd hardening options like `NoNewPrivileges=true` and `PrivateTmp=true` when installing as a system service. Environment variables (e.g., `${API_KEY}`) are correctly expanded from the host environment, and explicit warnings are given against committing configuration files containing secrets. The primary inherent risk stems from its core function: executing user-defined commands for `stdio`-based MCP servers. While this is expected behavior, it implies a trust model where the configured commands are not malicious or vulnerable to injection. Input validation for server names is present in the API handlers. No `eval`, obfuscation, or direct remote execution of arbitrary code is observed within the Vision daemon's own codebase.
Updated: 2026-01-19GitHub
55
1
Low Cost
vibecodiq icon

asa-starter-kit

by vibecodiq

Sec9

A deterministic Python CLI for generating and managing production-ready, slice-based FastAPI backend code, ensuring architectural standards and preserving custom logic during regeneration.

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️Optional `devbox` environment setup (otherwise requires manual virtual environment and `pip` management).
Verified SafeView Analysis
The core ASA CLI tool focuses on deterministic code generation and architectural enforcement (e.g., boundary linting), which inherently promotes secure development practices. It does not use `eval` or other known dangerous functions. Hardcoded secrets are not present in the provided core logic or demo snippets. The generated FastAPI application's runtime security depends heavily on the user's implementation of business logic within the provided markers (e.g., for JWT generation, database interactions). The linter actively prevents cross-domain import violations.
Updated: 2025-12-05GitHub
55
1
Low Cost
For-Sunny icon

galaxy-brain

by For-Sunny

Sec4

This MCP server enables AI agents to perform a complete cognitive loop by combining structured sequential thinking with chained sequential execution of operations.

Setup Requirements

  • ⚠️Requires Python 3.10+
  • ⚠️Relies on modifying the `claude_desktop_config.json` file for integration with Claude Desktop (handled by install script, but manual setup requires awareness)
  • ⚠️Execution of certain 'doing' operations (e.g., `shell.run`, `python.execute`) can have security implications if input is not carefully controlled.
Review RequiredView Analysis
The `DoingService` allows execution of arbitrary shell commands (`shell.run`) via `subprocess.run(shell=True)` and Python code (`python.execute`) by writing to a temporary file and executing it. While it includes a `_security_check` with `DANGEROUS_PATTERNS` regex to block some malicious commands (e.g., `rm -rf /`), this is not foolproof against all forms of command injection or malicious Python code. The `python.eval` method is more sandboxed with a strict `allowed_builtins` list. If the server is exposed to untrusted input, there is a significant risk of arbitrary code execution.
Updated: 2025-12-05GitHub
55
1
Low Cost
AI-Hub-Admin icon

fortune-compass-agent

by AI-Hub-Admin

Sec9

An AI-powered divination agent that provides Tarot, I Ching, and Guangong Oracle readings via an LLM-callable tool.

Setup Requirements

  • ⚠️Requires `pnpm` for package management.
  • ⚠️The full agent experience requires running two separate processes: the main MCP server (`pnpm start`) and a static file server for assets (`pnpm run serve`). The `serve` CLI tool is used for static files and is not listed as a direct dependency, potentially requiring a global installation (e.g., `pnpm install -g serve`).
  • ⚠️Assumes the LLM client environment supports rendering MCP widgets and resolving relative image URLs against the static asset server (default `http://localhost:4444`).
Verified SafeView Analysis
The source code primarily performs local random number generation and JSON data lookups. It uses `fs.readFileSync` to load the widget HTML, which is path-controlled to the local `assets` directory. No 'eval', 'child_process', hardcoded credentials, or other obvious malicious patterns were found. The system is designed to serve static assets (images) from a separate `serve` process, which, while exposing the `assets` directory, is intended for image delivery and not inherently a vulnerability within the core agent logic.
Updated: 2026-01-17GitHub
55
1
Medium Cost
CamoRageaholic1 icon

unifi-mcp-server

by CamoRageaholic1

Sec9

Enables AI assistants (e.g., Claude) to manage and monitor UniFi network infrastructure through natural language commands via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Node.js 18+ (20 LTS recommended).
  • ⚠️Requires an active UniFi Network Controller with network access and admin credentials.
  • ⚠️Potential SSL certificate issues with the UniFi controller might necessitate setting UNIFI_VERIFY_SSL=false (with associated security implications, though documented).
Verified SafeView Analysis
The project uses environment variables for credentials and Zod for configuration validation, mitigating hardcoded secret risks. Docker Compose provides security hardening (no-new-privileges, read-only filesystem). SSL verification is configurable (`UNIFI_VERIFY_SSL`), with documentation warning about disabling it. No `eval` or obfuscation found. The core `node-unifi` library is well-established.
Updated: 2025-11-29GitHub
55
1
Medium Cost

mcp-langchain

by SyedAanif

Sec6

This project demonstrates using LangChain to orchestrate interactions with local micro-agents providing math and weather services.

Setup Requirements

  • ⚠️Requires an external LLM API Key (e.g., OpenAI, Anthropic) configured via environment variables for LangChain agent operations.
  • ⚠️Requires `math_server.py` and `weather_server.py` to be running concurrently in separate processes before starting the main agent (`main.py`).
Verified SafeView Analysis
LangChain agents can pose security risks if not carefully constrained, especially regarding arbitrary code execution via tools. The local microservices (math, weather) could introduce network risks if exposed without proper authentication or bind to insecure interfaces. The missing README prevents a deeper security analysis.
Updated: 2025-11-18GitHub
55
593
Medium Cost
mondaycom icon

vibe

by mondaycom

Sec2

Provides intelligent assistance for developers working with Monday.com's Vibe Design System components by offering component APIs, usage examples, icon discovery, and best practice guidance.

Setup Requirements

  • ⚠️Requires Node.js environment (TypeScript)
  • ⚠️Designed for integration with AI development tools/IDEs via standard I/O (StdioServerTransport)
  • ⚠️Relies on 'curl' being available in the execution environment
Review RequiredView Analysis
The server utilizes `child_process.exec` to run `curl` commands to fetch metadata and icon data from `unpkg.com`. More critically, the `IconMetadataService` uses Node.js's `vm.runInContext` to execute JavaScript code fetched from `unpkg.com` for parsing icon metadata. While `vm.runInContext` operates in a sandboxed environment, executing externally sourced code poses a significant supply chain security risk. A compromise of `unpkg.com` or the specific package could lead to arbitrary code execution within the server's environment. Local file system access is observed in migration tools (`v3-migration.ts`, `dropdown-migration.ts`) for analyzing user project files, which is expected for such tools but underscores the need for trust in the tool's integrity.
Updated: 2026-01-18GitHub
55
1
High Cost
pythpythpython icon

openstax-mcp-server

by pythpythpython

Sec7

An AI-powered Model Context Protocol (MCP) server that connects LLMs to OpenStax educational content for semantic search, problem generation, and Jupyter notebook creation.

Setup Requirements

  • ⚠️Requires a Cloudflare account with Workers, Workers AI, Workers KV, and Vectorize bindings configured.
  • ⚠️Client applications (e.g., Cursor, Claude Desktop) need specific configuration to connect to the MCP server endpoint.
Verified SafeView Analysis
Input parameters for tool calls, while defined with schemas, are directly passed to implementation functions without explicit runtime re-validation within the worker. This could potentially lead to unexpected behavior or resource exhaustion (e.g., requesting an excessive number of problems) if a malicious client bypasses the client-side schema adherence. However, the server runs in an isolated Cloudflare Workers environment, which significantly mitigates risks like shell injection or direct system compromise. The current Jupyter notebook generation is a basic placeholder and does not dynamically generate executable code based on content, limiting immediate code execution risks through that vector.
Updated: 2025-12-01GitHub
55
1
Low Cost
semantius icon

postgrest-mcp

by semantius

Sec8

A PostgREST MCP (Model Context Protocol) server that uses OAuth2 for authentication and integrates with PostgREST APIs.

Setup Requirements

  • ⚠️Requires environment variables (`AUTH_SERVER_URL`, `API_BASE_URL`, `API_KEY`/`SUPABASE_ANON_KEY`) for non-Supabase deployments.
  • ⚠️Specific CLI tools (Supabase CLI, Wrangler, Deno Deploy CLI) are needed for deployment to target platforms.
  • ⚠️Deno runtime is required for local development and Deno Deploy targets.
Verified SafeView Analysis
The server uses `getEnv` for all sensitive configurations (API keys, URLs), preventing hardcoded secrets. It employs Zod for input validation in its tools. The `bearerAuth` implementation performs a minimal token check (`!!token`), relying on the downstream PostgREST server for full JWT validation, which is acceptable for a proxy. The CORS policy allows all origins (`origin: (origin) => origin`), which can be a risk for sensitive endpoints if not properly protected by authentication. Host header construction for metadata is standard but could be a vector if not secured by the deployment platform. Overall, the security posture is reasonable for its intended purpose as an OAuth2-protected MCP gateway.
Updated: 2026-01-18GitHub
55
1
High Cost
ABISCloud icon
Sec6

Integrate Power BI Desktop with conversational AI assistants like Claude or GPT for natural language interaction, model introspection, modification, and analysis.

Setup Requirements

  • ⚠️Requires the MSI version of Power BI Desktop (not Store version).
  • ⚠️Power BI Desktop must be open with a .pbix file loaded for the server to find instances.
  • ⚠️Requires Claude Desktop (or other MCP-compatible AI assistant) with specific configuration to connect.
Verified SafeView Analysis
The actual source code for the executable (`PbiMcpServerAbisSidecar.exe`) is not provided for audit, making a comprehensive security assessment impossible. Based on the README, the server runs 100% locally and no data leaves the machine, which is a positive for privacy. It supports powerful write operations (CRUD for model objects), which carries inherent risk if misused, though a 'Safety Layer' with dry-run mode and confirmation flags is mentioned to mitigate this. The security largely depends on the trustworthiness and implementation of the compiled executable provided by ABIS B.V.
Updated: 2025-12-01GitHub
PreviousPage 47 of 760Next