Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(7756)

53
61
Medium Cost
manykarim icon

rf-mcp

by manykarim

Sec6

Orchestrates natural language test automation workflows, enabling AI agents to interact with Robot Framework for web, mobile, API, and desktop testing, including keyword discovery, step execution, and test suite generation.

Setup Requirements

  • ⚠️Requires Robot Framework to be installed.
  • ⚠️For the optional Django frontend: `uvicorn` and `Django` must be installed (`pip install rf-mcp[frontend]`).
  • ⚠️For semantic keyword matching: `sentence-transformers` must be installed (`pip install rf-mcp[ai]`).
  • ⚠️For DocTest plugins (Visual, Pdf, PrintJob, Ai): requires `robotframework-doctestlibrary` and additional native system binaries (e.g., ImageMagick, Tesseract, Ghostscript/GhostPCL) for full functionality.
  • ⚠️The hardcoded default token for the `McpAttach` bridge ('change-me') MUST be changed in production by setting the `ROBOTMCP_ATTACH_TOKEN` environment variable.
  • ⚠️If using web/mobile automation, corresponding external services (e.g., browser drivers, Appium server) must be running and accessible.
Review RequiredView Analysis
The `McpAttach` component (used for remote execution) has a hardcoded default token 'change-me' (`ROBOTMCP_ATTACH_TOKEN`). This is a critical security risk if not changed in a production or shared environment, allowing unauthorized keyword execution. The Django frontend also generates a default `SECRET_KEY` if `ROBOTMCP_FRONTEND_SECRET_KEY` is not set, which is acceptable for development but insecure for production. The `execute_step` tool, when using `mode='evaluate'`, indirectly leverages Robot Framework's `BuiltIn().Evaluate` keyword, which can execute arbitrary Python expressions; while a core feature of RF, it poses a risk if not used in a trusted, controlled AI environment.
Updated: 2025-12-12GitHub
53
4
High Cost
domdomegg icon

gmail-mcp

by domdomegg

Sec9

This server provides a Model Context Protocol (MCP) interface for Gmail, enabling AI systems to read, send, archive, and manage emails programmatically.

Setup Requirements

  • ⚠️Requires manual creation and configuration of Google OAuth credentials (Client ID, Client Secret) via Google Cloud Console, including enabling the Gmail API and setting up an OAuth consent screen.
  • ⚠️Requires adding 'http://localhost:3000/callback' (or a custom base URL) to authorized redirect URIs in Google Cloud for the web application OAuth client.
  • ⚠️The server itself does not consume LLM tokens, but the content fetched (e.g., full email bodies, threads, or attachments data if processed as text) can be very large, potentially leading to high token consumption by any AI client processing this output.
Verified SafeView Analysis
The server acts as a stateless OAuth proxy, meaning it does not store user tokens or sensitive state, significantly reducing data breach risks. It properly handles OAuth flows (redirects, token exchange) by injecting its own credentials when communicating with Google, and encodes client-specific information in the state parameter. Input and output schemas are validated using Zod, contributing to robustness against malformed data. Authentication is mandatory for most endpoints (except 'tools/list'), and tokens are validated against Google's tokeninfo endpoint with a cache to prevent unnecessary calls and ensure token validity. No hardcoded secrets or suspicious code obfuscation were found. The design is well-considered for security.
Updated: 2025-12-15GitHub
53
49
Medium Cost
SigNoz icon
Sec9

Provides AI assistants and LLMs with natural language access to SigNoz observability data, including metrics, traces, logs, alerts, and dashboards.

Setup Requirements

  • ⚠️Requires a running SigNoz instance with API access.
  • ⚠️Requires a valid SigNoz API key for authentication.
  • ⚠️Requires Go 1.25+ for building from source (alternatively, Docker can be used).
  • ⚠️Building the Claude Extension Bundle requires Node.js and the Anthropic MCPB CLI.
Verified SafeView Analysis
The server correctly externalizes sensitive configurations like `SIGNOZ_URL` and `SIGNOZ_API_KEY` via environment variables or Authorization headers. It includes an authentication middleware for HTTP transport mode. Input validation is present for tool parameters and the Query Builder payload. No 'eval' or similar dangerous patterns were found. Requests to the SigNoz API have a long timeout (600s), which could be a minor resource concern under very high load or slow upstream responses, but is typical for complex observability queries.
Updated: 2025-11-24GitHub
53
4
Medium Cost
wandb icon
Sec9

The server enables natural language querying and analysis of Weights & Biases data, specifically focusing on ML experiment tracking (W&B Models) and LLM/GenAI application observability (W&B Weave) through the Model Context Protocol.

Setup Requirements

  • ⚠️Requires Python 3.11+.
  • ⚠️Requires a Weights & Biases API Key for most operations, which must be provided via environment variables, .netrc, or command-line arguments (for STDIO) or as a Bearer token (for HTTP).
  • ⚠️For server-side MCP clients (e.g., OpenAI, LeChat) connecting to a local HTTP server, a public URL (e.g., via ngrok) is required.
Verified SafeView Analysis
The server demonstrates robust security practices, particularly for multi-tenant environments. It utilizes `ContextVar` for per-request API key isolation, preventing cross-request data leakage in concurrent operations. The `create_report` tool explicitly patches the `wandb_workspaces` API client to also use `ContextVar`, addressing known singleton contamination vulnerabilities and handling markdown input carefully. The `query_wandb_tool` allows arbitrary GraphQL queries, which is a powerful but potentially risky feature; however, its usage is heavily documented with critical warnings for the LLM to manage context windows and avoid open-ended queries. Session management includes optional HMAC-SHA256 verification via a secrets resolver. Limited `subprocess.run` calls are for low-risk operations (e.g., `git rev-parse HEAD`). No direct `eval` or `os.system` for user-controlled input was found, and sensitive secrets are expected to be managed via environment variables or a secrets resolver.
Updated: 2025-11-25GitHub
53
110
High Cost
winor30 icon
Sec8

Manages Datadog observability features including incidents, monitors, logs, dashboards, metrics, traces, hosts, and downtimes through an MCP server for LLMs.

Setup Requirements

  • ⚠️Requires paid Datadog API Key and Application Key.
  • ⚠️Requires Node.js >= 20.x and pnpm >= 10 to run locally.
  • ⚠️Output sizes from Datadog API calls (e.g., logs, traces) can be large, leading to high token usage if not carefully filtered by the calling agent.
Verified SafeView Analysis
The server uses environment variables for Datadog API keys, which is a standard and secure practice for handling secrets. It performs input validation using Zod schemas for all tool arguments. Network communication is exclusively with the Datadog API, as intended. There are no obvious signs of 'eval', code obfuscation, or other direct code execution vulnerabilities. The project is community-maintained, which users should be aware of, but the code itself follows good security hygiene for an API wrapper.
Updated: 2025-12-04GitHub
53
130
Medium Cost
tinyfish-io icon

agentql-mcp

by tinyfish-io

Sec9

Provides a Model Context Protocol (MCP) server to enable AI agents to extract structured data from web pages using AgentQL's capabilities.

Setup Requirements

  • ⚠️Requires an AgentQL API Key, which must be obtained from the AgentQL Dev Portal (dev.agentql.com).
  • ⚠️Requires global npm installation of 'agentql-mcp' or execution via 'npx'.
  • ⚠️Specific configuration steps are required for integration with various AI clients/IDEs (e.g., Claude, VS Code, Cursor, Windsurf) that support the Model Context Protocol.
Verified SafeView Analysis
The server securely handles the AGENTQL_API_KEY via environment variables and explicitly checks for its presence. It makes outbound HTTP POST requests to the AgentQL API (https://api.agentql.com) for data extraction. The server itself does not appear to execute arbitrary code locally based on user input, nor does it contain obfuscated code or hardcoded secrets. The primary security consideration would be the trustworthiness and security practices of the external AgentQL service and how it handles potentially malicious URLs or prompts passed to it.
Updated: 2025-12-07GitHub
53
104
Medium Cost
mvilanova icon
Sec8

Connects AI models (Claude, ChatGPT) with the Intervals.icu API to retrieve and manage athlete fitness data, including activities, events, and wellness metrics.

Setup Requirements

  • ⚠️Requires Python 3.12 or higher.
  • ⚠️Requires an Intervals.icu API Key and Athlete ID, to be set in environment variables (e.g., .env file).
  • ⚠️Specific `mcp install` command is required for Claude Desktop integration.
Verified SafeView Analysis
The server uses environment variables for sensitive API keys, which is a good practice. It utilizes `httpx` for API communication and `FastMCP` for transport. No obvious hardcoded secrets or 'eval' statements were found. The main network risks arise from deployment choices, such as exposing the SSE transport publicly without additional authentication, as noted for ChatGPT integration, which requires careful handling outside the server's direct code.
Updated: 2025-12-01GitHub
53
53
Medium Cost
Epistates icon

turbomcp

by Epistates

Sec9

Build high-performance Model Context Protocol (MCP) servers with zero-boilerplate development, automatic schema generation, and progressive enhancement for AI model interaction.

Setup Requirements

  • ⚠️Requires Rust 1.89.0+ and Tokio async runtime.
  • ⚠️Many features (HTTP, WebSocket, Auth, DPoP, SIMD) are opt-in via Cargo feature flags, requiring careful configuration for desired functionality.
  • ⚠️Full production deployments typically involve external dependencies like PostgreSQL, Redis, and a monitoring stack (Prometheus, Grafana, Jaeger).
Verified SafeView Analysis
The project demonstrates a very strong commitment to security, integrating numerous best practices across its architecture. This includes explicit error message sanitization in production, robust path validation to prevent traversal attacks, constant-time API key comparisons, and strong cryptographic practices for DPoP with key rotation. It uses secure dependencies (rustls, aws_lc_rs) and promotes secure deployment via non-root Docker users and distroless images. Comprehensive security headers, CORS, rate limiting, and OAuth 2.1 are built-in. A planned 3rd party audit is mentioned, which, once completed, would likely elevate the score to a perfect 10.
Updated: 2025-12-15GitHub
53
47
Medium Cost
Jakedismo icon

codegraph-rust

by Jakedismo

Sec8

CodeGraph transforms codebases into a semantically searchable knowledge graph, enabling AI agents to reason about code architecture, dependencies, and patterns using specialized agentic tools.

Setup Requirements

  • ⚠️Requires macOS (installer scripts target macOS, Linux users need to adapt)
  • ⚠️Requires Rust toolchain and Homebrew
  • ⚠️Requires a running SurrealDB instance (local or cloud) with schema applied
  • ⚠️Requires a configured LLM and Embedding provider (e.g., Ollama running locally or API keys for cloud providers like OpenAI, Anthropic, Jina AI, xAI Grok)
Verified SafeView Analysis
The system includes strong safeguards against embedding secrets (respects .gitignore, filters patterns). However, default SurrealDB credentials ('root'/'root') and binding to '0.0.0.0' in development setup scripts pose a security risk if not changed for production. Communication with LLM providers may involve sending sensitive code context, requiring trust in the chosen provider.
Updated: 2025-12-11GitHub
53
58
Medium Cost
tuannvm icon
Sec8

Acts as a Model Context Protocol (MCP) server to integrate OpenAI's Codex CLI for conversational code assistance in IDEs like Claude Code.

Setup Requirements

  • ⚠️Requires OpenAI Codex CLI v0.50.0+ to be pre-installed and authenticated (via `codex login --api-key "your-openai-api-key"`).
  • ⚠️Reasoning effort (if desired) must be configured directly in Codex CLI's `~/.codex/config.toml` for v0.50.0+, as the MCP server's `reasoningEffort` parameter is ignored.
  • ⚠️Requires a host environment compatible with the Model Context Protocol (e.g., Claude Code, VS Code with MCP extension).
Verified SafeView Analysis
The server executes the underlying `codex` CLI using `child_process.execFile` with arguments passed as an array, which is safer against shell injection than direct shell command execution. Input parameters are validated using Zod schemas. No hardcoded secrets or direct `eval` calls were found. The system's security relies heavily on the proper installation and secure configuration of the OpenAI Codex CLI itself (e.g., via `codex login`).
Updated: 2025-12-15GitHub
53
88
High Cost
MCPCat icon
Sec9

This SDK integrates an analytics platform into Model Context Protocol (MCP) servers to capture user intentions, behavior patterns, and telemetry (logs, traces, errors) for product development and debugging.

Setup Requirements

  • ⚠️Requires a Project ID from mcpcat.io (unless used in telemetry-only mode).
  • ⚠️Requires @modelcontextprotocol/sdk v1.11 or higher as a peer dependency.
  • ⚠️Telemetry exporters (Datadog, Sentry, OTLP) require specific configuration parameters like API keys, DSNs, or endpoints, often sourced from environment variables.
Verified SafeView Analysis
The codebase is well-structured TypeScript with no visible use of 'eval' or direct arbitrary command execution. It uses `fs` for local logging to `~/mcpcat.log`, which is standard but could theoretically grow large if unmanaged. Network calls are made to configurable telemetry endpoints (MCPcat API, OTLP, Datadog, Sentry), which rely on user-provided API keys, DSNs, and endpoints; there are no clear indications of SSRF or untrusted remote code execution risks. The `redactSensitiveInformation` hook is a good security feature for data privacy.
Updated: 2025-12-13GitHub
53
81
Medium Cost
CrowdStrike icon

falcon-mcp

by CrowdStrike

Sec8

The Falcon MCP (Model Context Protocol) server acts as a middleware, connecting AI agents with the CrowdStrike Falcon cybersecurity platform to enable intelligent security analysis and automation in agentic workflows.

Setup Requirements

  • ⚠️Requires Python 3.11 or higher.
  • ⚠️Requires CrowdStrike Falcon API credentials (Client ID, Client Secret) with appropriate scopes.
  • ⚠️Requires Google API Key and Google Model for the ADK agent integration.
  • ⚠️Deployment to Google Cloud requires `gcloud` CLI and specific GCP APIs enabled.
Verified SafeView Analysis
The project is open-source and provides documentation on API scope requirements and security. Environment variables for credentials are used, which is a good practice. However, the `adk_agent_operations.sh` script uses `eval` to load environment variables from the `.env` file. While common for local development, `eval` can be a security risk if the `.env` file is compromised or untrusted, as it executes arbitrary shell code. Users are explicitly instructed to populate this file, mitigating the risk under normal usage, but it's a pattern to be aware of.
Updated: 2025-12-08GitHub
PreviousPage 48 of 647Next