Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

100
2881
Low Cost
punkpeye icon

fastmcp

by punkpeye

Sec8

A TypeScript framework for building Model Context Protocol (MCP) servers, providing high-level abstractions and boilerplate handling for features like tools, prompts, resources, sessions, authentication, and HTTP streaming.

Setup Requirements

  • ⚠️OAuth features, especially with persistent token storage, require `jwtSigningKey` and `encryptionKey` to be consistently configured (e.g., via environment variables) across server restarts to prevent data loss. Auto-generated keys are not persistent.
  • ⚠️Using JWKS verification (`JWKSVerifier`) requires manually installing the optional `jose` package via `npm install jose`.
  • ⚠️Implementing authentication (`authenticate` function) requires careful handling of `http.IncomingMessage` and user-provided credentials to prevent injection or other HTTP-related vulnerabilities.
Verified SafeView Analysis
The framework utilizes Zod/ArkType/Valibot for robust input validation in tools, which is a strong security practice. It provides explicit authentication hooks (`authenticate` function) and granular access control (`canAccess` on tools). The OAuth Proxy implementation includes essential security features like PKCE and `redirect_uri` validation. Encrypted token storage (`EncryptedTokenStorage`) is available for sensitive data. Potential risks include user-controlled `fetch` URLs in `DiscoveryDocumentCache` or content processing, which could lead to SSRF if not properly validated by the implementing developer. Additionally, misconfiguration of OAuth keys or persistent storage for OAuth can introduce vulnerabilities, although the framework encourages best practices and secure defaults (e.g., auto-generated strong keys for encryption/signing if not provided). JWKS verification (via `JWKSVerifier`) requires the optional `jose` package, and its absence could lead to silent failures if JWKS is expected for token validation.
Updated: 2026-01-19GitHub
100
11817
Medium Cost
czlonkowski icon

n8n-mcp

by czlonkowski

Sec9

The n8n-MCP server enhances n8n's workflow automation by providing a Model Context Protocol interface, allowing AI agents to discover, validate, and manage n8n nodes and workflows with rich, structured documentation and metadata.

Setup Requirements

  • ⚠️Requires a compatible LLM server (e.g., Ollama, OpenAI-compatible API) configured via N8N_MCP_LLM_BASE_URL for AI documentation/metadata features.
  • ⚠️Requires an AUTH_TOKEN environment variable (or AUTH_TOKEN_FILE) for HTTP server mode; a strong, randomly generated key is recommended.
  • ⚠️The SQLite database (data/nodes.db) needs to be pre-populated by running `npm run rebuild` and `npm run fetch:templates` (and optionally `npm run fetch:community`, `npm run generate:docs`) before full functionality is available.
Verified SafeView Analysis
The project demonstrates a strong focus on security. It implements robust authentication using bearer tokens with timing-safe comparisons and enforces warnings/errors for default tokens. Rate limiting is present on authentication endpoints. Crucially, it includes explicit Server-Side Request Forgery (SSRF) protection for external URLs (like webhooks), preventing access to internal resources. Input sanitization and parameterized queries are used to prevent various injection attacks (e.g., prompt injection, SQL injection). Workflow sanitization is also applied to remove sensitive data before logging or processing. Dynamic code loading is restricted to internal/core n8n packages.
Updated: 2026-01-13GitHub
100
1760
Medium Cost
maximhq icon

bifrost

by maximhq

Sec8

A high-performance AI gateway with a unified interface for multiple LLM providers, offering real-time monitoring and configuration.

Setup Requirements

  • ⚠️Requires Kubernetes 1.23+ and Helm 3.2.0+ for deployment.
  • ⚠️Persistent Volume (PV) provisioner support is required for persistent storage in Kubernetes environments.
  • ⚠️Explicitly requires specifying the `image.tag` during Helm installation.
Verified SafeView Analysis
The project demonstrates good security practices by emphasizing environment variables for sensitive data (API keys, database credentials) and explicitly warning against insecure configurations (e.g., `skip_tls_verify`). Development-specific features like the `DevProfiler` are gated to only run in development environments. Authentication tokens are managed with appropriate storage and refresh mechanisms. File manipulation scripts in the UI are for build processes and do not indicate runtime `eval` risks. Given its role as an AI gateway, handling sensitive user and LLM data, these measures are crucial. Potential risks are mitigated by design choices.
Updated: 2026-01-19GitHub
100
3190
High Cost
icip-cas icon

PPTAgent

by icip-cas

Sec6

Generates high-quality, structured PowerPoint presentations from markdown documents using AI agents for research, design, and content organization.

Setup Requirements

  • ⚠️Requires API Keys for multiple paid external services (LLMs, Tavily, MinerU).
  • ⚠️Docker is required to run the agent sandbox environment.
  • ⚠️Python 3.11+ is mandatory for the core system.
  • ⚠️Node.js, its npm dependencies (e.g., Playwright, pptxgenjs, sharp), and LibreOffice ('soffice') must be installed for full functionality, particularly for HTML/PDF to PPTX conversions and image processing.
Review RequiredView Analysis
The system makes extensive use of external LLM and web APIs (e.g., Tavily, MinerU, T2I models). Command execution is performed within a Docker sandbox via a Node.js-based 'desktop-commander'. While blocked commands are implemented in the sandbox, the inherent nature of agentic command execution and arbitrary web fetching introduces a controlled but significant attack surface if an LLM is prompted to generate malicious instructions or if sandbox configurations are bypassed. The `CodeExecutor` within the `PPTAgent` Python code applies structured modifications to presentation objects based on LLM output, not arbitrary shell commands, which limits direct arbitrary code execution within the Python process.
Updated: 2026-01-19GitHub
100
1263
High Cost
Flux159 icon
Sec8

This MCP server enables AI agents to connect to and manage Kubernetes clusters by executing kubectl and Helm commands.

Setup Requirements

  • ⚠️Requires kubectl installed and in your PATH.
  • ⚠️Requires a valid kubeconfig file with contexts configured.
  • ⚠️Requires Helm v3 installed and in your PATH (optional if not using Helm).
Verified SafeView Analysis
The server uses `child_process.execFileSync` and `spawn` to run external `kubectl` and `helm` commands, which inherently carries risk. However, significant mitigation measures are in place: 1. The `exec_in_pod` tool explicitly accepts commands as an array of strings to prevent shell injection, strictly avoiding direct shell interpretation. 2. Other `kubectl` tools construct arguments programmatically, reducing the risk of injection. 3. Secrets masking (`MASK_SECRETS`) is implemented for `kubectl get secrets` output, though it does not cover all sensitive data exposure in logs. 4. Non-destructive (`ALLOW_ONLY_NON_DESTRUCTIVE_TOOLS`) and read-only (`ALLOW_ONLY_READONLY_TOOLS`) modes are available via environment variables for granular access control. 5. The Helm chart templates include robust security configurations like Pod Security Contexts, `readOnlyRootFilesystem: true`, `allowPrivilegeEscalation: false`, `capabilities.drop: ALL`, customizable RBAC, and NetworkPolicies with default deny, requiring explicit egress rules. 6. For HTTP transports, `ENABLE_UNSAFE_SSE_TRANSPORT` is deprecated in favor of `ENABLE_UNSAFE_STREAMABLE_HTTP_TRANSPORT`, which includes DNS rebinding protection and supports `MCP_AUTH_TOKEN` for header-based authentication. SSE is explicitly flagged as 'unsafe'. These measures demonstrate a strong focus on security best practices for a tool that directly interacts with a Kubernetes cluster.
Updated: 2026-01-15GitHub
100
1880
Medium Cost
perplexityai icon

modelcontextprotocol

by perplexityai

Sec7

Provides AI assistants with real-time web search, reasoning, and research capabilities through Perplexity's Sonar models and Search API.

Setup Requirements

  • ⚠️Requires a Perplexity API Key (PERPLEXITY_API_KEY) which needs to be obtained from the Perplexity API Portal and may incur usage costs.
  • ⚠️Requires Node.js version 18 or higher to run.
  • ⚠️When deploying in HTTP server mode, the 'ALLOWED_ORIGINS' environment variable defaults to '*', which is insecure. You must set it explicitly to a list of trusted origins for production use.
Verified SafeView Analysis
The server correctly requires a PERPLEXITY_API_KEY environment variable, avoiding hardcoded secrets. It employs Zod for robust input and output validation, enhancing resilience against malformed data. Network requests have configurable timeouts. However, when run in HTTP mode, the default 'ALLOWED_ORIGINS' for CORS is set to '*' (all origins), which is overly permissive and insecure for production deployments. Users must explicitly configure 'ALLOWED_ORIGINS' to restrict access. Proxy configuration is well-supported via environment variables, adding flexibility for corporate networks.
Updated: 2026-01-13GitHub
100
8321
High Cost
xinnan-tech icon

xiaozhi-esp32-server

by xinnan-tech

Sec8

This project provides a comprehensive backend service for ESP32-based intelligent terminal devices, enabling AI interaction, device control, voice recognition, and managing various smart features through MQTT, Websocket, and custom MCP protocols.

Setup Requirements

  • ⚠️Requires API keys for multiple paid AI services (e.g., OpenAI, AliBL, Gemini, Coze, Dify, FastGPT, Xunfei, Tencent) for full functionality.
  • ⚠️Docker is the primary and recommended deployment method, requiring Docker Engine and Docker Compose.
  • ⚠️Requires local AI model files for some features (e.g., SenseVoiceSmall, Sherpa-Onnx, Silero VAD) if not using cloud-based alternatives.
  • ⚠️FFmpeg is a dependency for certain audio processing functionalities within the Python backend.
Verified SafeView Analysis
The system demonstrates strong security practices including XSS/SQL injection filtering, Shiro for authentication/authorization, and explicit token generation for WebSocket connections. The use of `JSON.parse` on configuration data retrieved from the backend (which typically requires super admin privileges to modify) and base64 encoding of device IP for internal WebSocket usernames are noted, but do not appear to be critical remote vulnerabilities under normal operating conditions given the existing security layers. Secure handling of API keys for integrated AI services is crucial and expected to be managed via environment variables or secure configuration.
Updated: 2026-01-19GitHub
100
2264
Medium Cost
davepoon icon
Sec3

The repository serves as a comprehensive marketplace and registry for Claude Code, offering a wide array of specialized AI agents, commands, hooks, and a catalog of external Model Context Protocol (MCP) servers to enhance development workflows.

Setup Requirements

  • ⚠️Requires Claude Code CLI (v1.0.80+) and Node.js 18+ for client-side integration.
  • ⚠️Docker Desktop and Docker MCP Toolkit are required for enabling Docker-based MCP servers.
  • ⚠️Manual configuration of `~/.claude/settings.json` or executing `chmod +x` for hook scripts can be error-prone.
  • ⚠️Community contributions from external marketplaces or directly to the repository could introduce security risks, including remote code execution vulnerabilities via malicious hook definitions.
Review RequiredView Analysis
The system dynamically generates and executes shell commands/scripts for hooks based on metadata from external sources (GitHub, Docker Hub, Official MCP Registry). If `hook.name` or `scriptContent` contains malicious input from an untrusted community contribution, this could lead to remote code execution. The parsing of untrusted YAML content in `scripts/mcp-importers/registry-fetchers/docker-mcp.js` (using `parseSimpleYaml`) is also a potential risk if not robust against all malicious YAML structures. Strong reliance on environment variables for API tokens (`GITHUB_TOKEN`) and database credentials (`POSTGRES_URL`), as well as administrative access tokens (`ADMIN_API_TOKEN`, `CRON_SECRET`), necessitates careful secret management by the deployer. Given the open contribution model, the risk of a malicious hook or plugin being introduced is critical.
Updated: 2026-01-12GitHub
100
38283
High Cost
mindsdb icon

mindsdb

by mindsdb

Sec3

MindsDB is an AI database platform that enables users to connect diverse data sources (SQL, NoSQL, APIs) and integrate AI/ML models (AI-Engines, LLMs, RAG pipelines) directly into their data workflows using standard SQL. It supports dynamic test generation for data source integrations, custom test configurations, and comprehensive logging for health checks and performance analysis.

Setup Requirements

  • ⚠️Requires various API keys for external AI/ML services (e.g., OpenAI, Anthropic, Google Gemini) which are often paid services.
  • ⚠️Requires local services for some integrations (e.g., Ollama).
  • ⚠️Dependencies need to be installed via `uv pip install -r requirements/requirements-test.txt`.
  • ⚠️Environment variables must be configured for MindsDB server details and data source credentials in a `.env` file.
Review RequiredView Analysis
The project includes a 'Bring Your Own Model' (BYOM) handler (`mindsdb/integrations/handlers/byom_handler/`) which is designed to execute arbitrary user-provided Python code, including installing external modules. This feature, while powerful, inherently carries significant security risks due to potential code injection vulnerabilities and the ability to access system resources. Although it attempts to use virtual environments for isolation (`ModelWrapperSafe`), this alone may not provide sufficient sandboxing against malicious code without stricter containerization or VM-level isolation. Additionally, the project makes extensive use of network requests to external APIs, which is common for integrations, but increases the attack surface if not meticulously validated (though `mindsdb/utilities/security.py` shows an effort to validate URLs). Hardcoded secrets are generally avoided by design (`get_api_key` utility), preferring environment variables or configuration.
Updated: 2026-01-19GitHub
100
4566
Low Cost

cc-switch

by farion1231

Sec7

A desktop application built with Tauri for managing configurations, contexts, or credentials for a specific system or platform.

Setup Requirements

  • ⚠️Requires pnpm package manager.
  • ⚠️Requires Node.js (specific version defined in `.node-version`).
  • ⚠️Requires Rust toolchain for building the native Tauri application.
Verified SafeView Analysis
Standard modern web/desktop stack (Tauri, Vite, TypeScript). Potential risks depend on Tauri's IPC configurations, specific dependencies, and network interactions, which are not visible from the file list. Generally safe for local execution if source is trusted.
Updated: 2025-11-18GitHub
100
1920
High Cost
brightdata icon

brightdata-mcp

by brightdata

Sec9

Enables AI agents to access, search, extract, and navigate the live web in real-time without being blocked.

Setup Requirements

  • ⚠️Requires a Bright Data API Key, which is tied to a paid service (a free tier with 5,000 requests/month is available, but advanced features incur costs).
  • ⚠️Requires Node.js runtime to execute the server.
  • ⚠️Designed to be integrated with an LLM orchestration framework or MCP client (e.g., mcpjam CLI, Claude Desktop).
Verified SafeView Analysis
The server securely handles API_TOKEN via environment variables and communicates with Bright Data's API over HTTPS. No 'eval' or obvious malicious code patterns were found. Automatic zone creation could be a concern if API keys are compromised, but it's part of the setup flow. The system's security largely relies on Bright Data's platform security and user management of API tokens.
Updated: 2026-01-18GitHub
100
1569
Medium Cost
MCPJam icon

inspector

by MCPJam

Sec8

Local development and debugging platform for Model Context Protocol (MCP) clients and servers, including proxying MCP server interactions, simulating UI widgets, and facilitating OAuth flows. It enables building, testing, and developing MCP clients and servers.

Setup Requirements

  • ⚠️Requires Node.js (LTS version recommended) and npm.
  • ⚠️Optional: LLM API keys are required for interacting with various AI models (e.g., OpenAI, Anthropic, Google, Deepseek, Mistral, xAI) beyond the free tier models provided in the playground or for specific integrations.
  • ⚠️Optional: A local Ollama instance is needed for running local LLMs.
  • ⚠️Optional: Integration with Convex and WorkOS/AuthKit is necessary for certain features (e.g., Evals tab, Auth tab, or running specific examples like 'Sip Cocktails').
Verified SafeView Analysis
The server component (Hono app) employs robust network security measures for a development tool, including CORS, origin validation, and comprehensive HTTP security headers (CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy). API routes are protected using a session token, with clearly defined unprotected endpoints. OAuth flows are proxied with attention to stripping sensitive headers. For the Electron desktop app, file system access (read/write) is implemented via IPC, which is expected functionality for a local development tool but represents a privileged operation. LLM API keys are primarily stored client-side in localStorage for convenience in a single-user context, which is suitable for a local dev tool but not recommended for sensitive secrets in multi-user or publicly accessible web applications. The project integrates Sentry for error reporting and PostHog for analytics, sending data to third-party services.
Updated: 2026-01-18GitHub
PreviousPage 5 of 760Next