Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

55
84
Medium Cost
snowmead icon

rust-docs-mcp

by snowmead

Sec8

Provides AI agents with deep, cached access to Rust crate documentation, source code, and project structure for enhanced development.

Setup Requirements

  • ⚠️Requires Rust nightly toolchain installed via rustup.
  • ⚠️Requires `git` command-line tool to be installed and in PATH.
  • ⚠️Can consume significant disk space for cached documentation (at least 1GB recommended).
  • ⚠️Full utility and seamless integration require an MCP client (e.g., Claude Code).
Verified SafeView Analysis
The core Rust application employs robust path sanitization and directory traversal checks during archive extraction (e.g., in `downloader.rs`) to prevent common vulnerabilities. Sensitive environment variables like `GITHUB_TOKEN` are handled securely with `zeroize`. The server executes external Rust toolchain commands (`cargo`, `rustdoc`, `rustup`, `git`) which relies on the integrity and security of the local Rust environment and downloaded crates. The `install.sh` script utilizes `curl | sh` which is a common but inherently less secure method for initial installation, executing remote code directly. However, this is for installation, not the server's runtime operation.
Updated: 2025-11-25GitHub
55
1
Medium Cost
sumchattering icon

iterm2-mcp-server

by sumchattering

Sec8

An MCP server enabling AI assistants to read and interact with iTerm2 terminal panes on macOS.

Setup Requirements

  • ⚠️Requires macOS with iTerm2 installed.
  • ⚠️Requires Node.js >= 18.0.0 and Python 3 with the `iterm2` package (`pip install iterm2`).
  • ⚠️Requires iTerm2 Python API to be enabled in iTerm2 preferences (General > Magic > Enable Python API) and iTerm2 restarted afterwards.
  • ⚠️Tools like `iterm2_current_pane` and `iterm2_side_pane` only work if the MCP server is launched from within an iTerm2 terminal session.
Verified SafeView Analysis
The server's Node.js component executes Python scripts via `child_process.spawn()`. The Python script uses `argparse` to strictly define commands and their parameters, which significantly mitigates arbitrary command injection risks. The `iterm2_send_text` tool allows an AI to send arbitrary text to an iTerm2 pane, which is an intended core feature for a terminal agent and could be misused if the AI is given malicious instructions, but is not a vulnerability within the server's code itself. No hardcoded secrets or direct 'eval' statements were found. Communication is local through the iTerm2 Python API (WebSocket) and MCP SDK (local HTTP/stdio).
Updated: 2026-01-18GitHub
55
68
Low Cost

mcp-gateway

by hyprmcp

Sec6

A gateway or proxy server for managing and routing API requests, likely including authentication (OAuth) and JSON-RPC handling.

Setup Requirements

  • ⚠️Requires Go runtime and toolchain (specific version possibly dictated by mise.toml).
  • ⚠️Requires configuration for OAuth providers, proxy targets, and other server settings (details unknown due to missing README.md).
  • ⚠️Docker is an option but requires Docker engine installed.
Review RequiredView Analysis
As a gateway/proxy handling network requests, JSON-RPC, OAuth, and webhooks, it inherently carries network exposure risks. Without the README, specific security features, best practices, or hardening instructions are unknown. The project is written in Go, which generally reduces risks associated with 'eval' or common scripting vulnerabilities, but doesn't eliminate all network-related attack vectors.
Updated: 2025-11-18GitHub
55
1
Medium Cost
intelligent-ears icon

pd-tools-mcp

by intelligent-ears

Sec7

Automated bug bounty reconnaissance and vulnerability scanning by integrating ProjectDiscovery security tools.

Setup Requirements

  • ⚠️Requires manual installation of all ProjectDiscovery tools (subfinder, dnsx, naabu, httpx, katana, nuclei) via 'go install'.
  • ⚠️Requires Go runtime to be installed on the host system.
  • ⚠️Requires ProjectDiscovery executables to be in the system's PATH, or accessible via the Go bin directory.
Verified SafeView Analysis
The server uses 'child_process.spawn' to execute external ProjectDiscovery tools. While this method is generally safer than 'exec' as it avoids shell interpretation of arguments by default, the wrapper does not perform explicit input sanitization for all user-provided arguments (e.g., 'ports' for naabu, 'scope' for katana). If a highly specific malicious input were crafted that exploits a parsing vulnerability in an underlying ProjectDiscovery tool, it could potentially lead to unexpected behavior. The 'httpx' tool uses a hardcoded path based on the Go home directory, which introduces a dependency on that specific installation location. Overall, the security relies heavily on the integrity and security of the installed ProjectDiscovery tools and the host system's PATH configuration.
Updated: 2025-12-06GitHub
55
1
Medium Cost
devidasjadhav icon

mcp-redfish-python

by devidasjadhav

Sec8

An AI-powered interface for managing Redfish-enabled servers through natural language commands, utilizing Model Context Protocol (MCP) for tool integration.

Setup Requirements

  • ⚠️Requires an Anthropic API Key (paid service) for chatbot functionality.
  • ⚠️A Redfish server (mock or real) needs to be running and accessible for the system to function.
  • ⚠️Requires Python 3.8+ and manual environment variable configuration via a .env file.
Verified SafeView Analysis
The project handles API keys and sensitive credentials (Redfish username/password) using environment variables and masks them in debug output, which is good practice. It uses `json.loads` for user-provided patch/action data, which could lead to exceptions for malformed input but does not appear to execute arbitrary code. The `VERIFY_SSL` setting defaults to true, which is critical for secure communication, but can be disabled via configuration, potentially exposing to MITM attacks if set to false in a production environment.
Updated: 2025-12-13GitHub
55
1
Medium Cost
jhlee0409 icon

openapi-sync-mcp

by jhlee0409

Sec9

This server processes OpenAPI specifications, providing an AI assistant with capabilities to parse, diff, track dependencies, and generate client code for various languages and frameworks.

Setup Requirements

  • ⚠️Requires Node.js and npm for installation via the recommended method, as it downloads and wraps a Rust binary.
  • ⚠️Requires manual configuration in `~/.claude/settings.json` for AI assistants to discover and use the MCP server.
  • ⚠️Pre-compiled binaries are provided for macOS (x64, arm64), Linux (x64, arm64), and Windows (x64); other platforms may require building from source using Cargo.
Verified SafeView Analysis
The server is built with Rust, leveraging its memory safety features. It explicitly implements path traversal prevention using `canonicalize` and `contains("..")` checks when reading local files, indicating a good security posture for file operations. Remote spec fetching uses standard `reqwest` client with timeouts. Base URLs for generated clients are configured via environment variables, avoiding hardcoded secrets. The installation process downloads pre-compiled binaries from GitHub releases, which is a common practice but relies on the integrity of the release process. Overall, the codebase shows strong security awareness for its intended functions.
Updated: 2026-01-19GitHub
55
1
Medium Cost

dockerise-mcp

by SyedAanif

Sec5

Provides a containerized Python-based development environment for the Minecraft Coder Pack (MCP).

Setup Requirements

  • ⚠️Docker is required to run the containerized environment.
  • ⚠️A specific Python version is required, as defined in the .python-version file.
  • ⚠️Dependency management with 'uv' (or a compatible Python package manager like pip/poetry) is necessary to install project dependencies.
Review RequiredView Analysis
A full security audit cannot be performed without access to the code content. As a 'server' project, it likely involves network interactions, which introduce potential security risks. The score is a neutral default due to lack of visibility into implementation details.
Updated: 2025-11-17GitHub
55
1
Low Cost
daniviber icon

infomaniak_mcp

by daniviber

Sec8

Enables AI assistants to manage Infomaniak cloud services including domains, email, web hosting, and kDrive via the Model Context Protocol.

Setup Requirements

  • ⚠️Requires Node.js 18 or higher.
  • ⚠️Requires an Infomaniak account with API access and an API token configured with appropriate scopes.
  • ⚠️Users must configure the `INFOMANIAK_API_TOKEN` environment variable in their MCP client or server environment.
Verified SafeView Analysis
The server reads the Infomaniak API token from environment variables, preventing hardcoded secrets. Input validation for tool calls is performed using Zod schemas. No 'eval' or code obfuscation detected. The HTTP transport defaults to a permissive CORS origin ('*'), which is a security consideration if deployed publicly without explicit configuration of `corsOrigins`. The `infomaniak_api_call` tool allows arbitrary API endpoints, requiring users to carefully manage the provided API token's scopes to prevent unintended actions.
Updated: 2026-01-17GitHub
55
1
Medium Cost
avantifellows icon

mcp-postgres

by avantifellows

Sec9

Provides a read-only Model Context Protocol (MCP) server for AI tools (like Claude Code, Cursor) to query a PostgreSQL database directly.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Crucial to set up PostgreSQL database credentials (AF_DB_HOST, AF_DB_PORT, AF_DB_USER, AF_DB_PASSWORD, AF_DB_NAME) as environment variables.
  • ⚠️The configured database user must have `SELECT` permissions on the target database and tables, and network access to the PostgreSQL host.
Verified SafeView Analysis
The server implements robust read-only enforcement through the `is_read_only` function, which explicitly checks for and blocks all common write/destructive SQL keywords (INSERT, UPDATE, DELETE, DROP, ALTER, TRUNCATE, CREATE, GRANT, REVOKE). This check is applied to all `query` calls and even to the `WHERE` clause in `count_rows`. Database credentials are loaded securely from environment variables, preventing hardcoding. Table and schema names in `sample_data` and `count_rows` are dynamically inserted with identifier quoting to mitigate SQL injection risk, though direct parameterization of identifiers isn't standard in `asyncpg`. No `eval` or similar dangerous dynamic code execution is present. Queries are logged locally.
Updated: 2025-12-11GitHub
55
174
Low Cost
quarkiverse icon

quarkus-mcp-server

by quarkiverse

Sec9

This server demonstrates a secure Model Context Protocol (MCP) using Server-Sent Events (SSE) for exposing tools, prompts, and resources, with authentication handled by Keycloak or GitHub OAuth2.

Setup Requirements

  • ⚠️Requires configuration of external OIDC/OAuth2 providers (e.g., Keycloak, GitHub) including client IDs and secrets.
  • ⚠️Specific configuration properties like `quarkus.keycloak.devservices.java-opts` may be needed for Keycloak Dev Services on certain OS (e.g., Mac OS).
  • ⚠️`jbang` is required to run the packaged application in production mode after a Maven install.
Verified SafeView Analysis
The server leverages Quarkus's robust security features for OIDC (Keycloak) and OAuth2 (GitHub), offloading authentication to external providers. Secrets like GitHub client ID/secret are configured externally via properties, not hardcoded in the source. Input validation for tool and prompt arguments is implemented and configurable to prevent common injection attacks. There are no direct uses of 'eval' or other highly dangerous patterns identified in the provided source code. The implementation also includes cancellation mechanisms for long-running operations.
Updated: 2026-01-19GitHub
55
85
Medium Cost
sulaiman013 icon

powerbi-mcp

by sulaiman013

Sec7

Enables AI assistants to interact with Power BI Desktop and Service for querying data, managing models, and performing safe bulk operations through natural language, ensuring enterprise-grade security and preserving report visual integrity during refactoring.

Setup Requirements

  • ⚠️Requires Windows 10/11 for ADOMD.NET and Power BI Desktop connectivity.
  • ⚠️Requires Power BI Desktop installed for local model interaction and PBIP editing.
  • ⚠️ADOMD.NET client libraries (often bundled with Power BI Desktop or SSMS) must be discoverable.
  • ⚠️Cloud connectivity requires Azure AD App Registration with specific permissions (Dataset.Read.All, Workspace.Read.All) and a Premium Per User (PPU) or Premium Capacity workspace for XMLA endpoint access.
Verified SafeView Analysis
The project integrates a robust security layer for PII detection, audit logging, and access policies, which is a significant positive. However, it relies on environment variables for sensitive cloud credentials (TENANT_ID, CLIENT_ID, CLIENT_SECRET), which is good practice but requires careful management outside the code. The use of 'eval' for .NET assembly loading in connectors, while common for .NET interop, carries inherent risks. Extensive file manipulation for PBIP projects (reading, writing, copying, deleting via `powerbi_pbip_connector.py`) and execution of arbitrary DAX queries means the tool has significant power over the local system and data. The `pbip_load_project` tool directly takes user-provided paths for PBIP projects, which necessitates trust in the input or robust path sanitization to prevent potential traversal vulnerabilities.
Updated: 2025-12-01GitHub
55
1
Low Cost
bigph00t icon

greenlight

by bigph00t

Sec9

Provides a visual status indicator in a terminal window for AI assistant tasks.

Setup Requirements

  • ⚠️Requires Node.js version 18.0.0 or higher.
  • ⚠️The display component (`src/display.js`) must be run separately in a visible terminal window.
  • ⚠️Achieving 'yellow light' status for AI approval prompts (Claude Code only) requires manual configuration of AI hooks with the full path to the `cli.js` script.
Verified SafeView Analysis
The server operates locally via file I/O and standard I/O, primarily writing to and reading from `~/.greenlight/status.json` and `~/.greenlight/display.pid`. It uses `process.kill(pid, 0)` to check for process existence, which is a safe operation. User-provided messages are stored in a local JSON file and then displayed in the terminal. While the application does not execute these messages, there's a theoretical, low-risk possibility of a compromised AI injecting malicious ANSI escape sequences into the message that a vulnerable terminal emulator might misinterpret. However, the risk is contained to the local terminal session, and the application itself does not execute arbitrary code. No hardcoded secrets or direct network risks were identified within the server's code.
Updated: 2025-12-13GitHub
PreviousPage 48 of 760Next