Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(7037)

100
10694
Medium Cost
czlonkowski icon

n8n-mcp

by czlonkowski

Sec9

Provides comprehensive n8n node documentation, workflow management, and template discovery via the Model Context Protocol, aimed at assisting AI agents in building and validating n8n workflows.

Setup Requirements

  • ⚠️Requires a secure AUTH_TOKEN environment variable (default token prevents production startup).
  • ⚠️Requires a pre-built node database (data/nodes.db) for functionality, which can be rebuilt manually.
  • ⚠️Optional: OPENAI_API_KEY is required for template metadata generation.
  • ⚠️Requires a running n8n instance for workflow management tools to function.
Verified SafeView Analysis
The project demonstrates a strong focus on security, implementing features like timing-safe API key comparison (AuthManager), rate limiting for authentication endpoints, extensive input sanitization (including workflow JSON and AI prompts), and SSRF protection for webhook URLs. Database interactions use prepared statements to prevent SQL injection. It actively warns against using default authentication tokens in production. No hardcoded secrets or obvious malicious patterns were identified.
Updated: 2025-12-09GitHub
100
1306
Low Cost
maximhq icon

bifrost

by maximhq

Sec4

High-performance AI gateway unifying multiple LLM providers, offering real-time monitoring, configuration management, and extensibility through plugins.

Setup Requirements

  • ⚠️Requires Kubernetes 1.23+ and Helm 3.2.0+ for deployment.
  • ⚠️A Persistent Volume (PV) provisioner is needed in the underlying infrastructure for persistent storage (e.g., SQLite, PostgreSQL).
  • ⚠️Most AI providers (e.g., OpenAI, Anthropic, Azure) require API keys, which are typically paid services.
  • ⚠️The `image.tag` must be explicitly specified during Helm installation (e.g., `--set image.tag=v1.3.37`).
  • ⚠️For local LLMs (Ollama, SGLang), a `base_url` must be configured in the network settings.
Review RequiredView Analysis
The server allows the configuration of Model Context Protocol (MCP) clients with a 'stdio' connection type. This feature permits specifying arbitrary commands and arguments to be executed on the server's host system. While this functionality is intended for integrating local AI agents, it presents a critical Remote Code Execution (RCE) vulnerability if administrative access to the Bifrost dashboard is compromised or if the RBAC system is misconfigured. Users with permissions to create or modify MCP clients could execute malicious commands. Additionally, the `npx bifrost` command downloads and executes a binary from a remote source, which carries inherent supply chain risks if the download source is compromised. Default credentials in Helm charts require user override for production security.
Updated: 2025-12-11GitHub
100
2799
High Cost
icip-cas icon

PPTAgent

by icip-cas

Sec2

PPTAgent is designed to automatically generate high-quality PowerPoint presentations from various document types (like PDFs) and user-provided templates, leveraging large language models (LLMs) for content extraction, outlining, and slide generation.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid) or compatible API endpoint with a specified model.
  • ⚠️Requires Docker for easy setup of frontend and backend services.
  • ⚠️Requires LibreOffice/OpenOffice (`soffice`) for PPTX to image conversion.
  • ⚠️Requires an external PDF parsing API (`MINERU_API`) endpoint.
Review RequiredView Analysis
The system includes an `exec` call within the `CodeExecutor.execute_actions` function (`pptagent/apis.py`), which executes Python code generated by an LLM agent (`coder`). This creates a significant security vulnerability, as a malicious prompt injection could lead the LLM to generate arbitrary Python code (e.g., `os.system('rm -rf /')`) that would then be executed with the privileges of the running server. There are no explicit sandboxing mechanisms evident in the provided code to mitigate this risk. Additionally, the FastAPI server allows all CORS origins (`allow_origins=["*"]`), which, while not a direct vulnerability, is a broad setting that could interact with other attack vectors if authentication were poorly implemented (though no authentication is visible here). The reliance on an external `MINERU_API` for PDF parsing also introduces a supply chain risk.
Updated: 2025-12-09GitHub
100
1208
Low Cost
Flux159 icon
Sec3

Provides a Model Context Protocol (MCP) server for managing Kubernetes clusters via kubectl and Helm commands.

Setup Requirements

  • ⚠️Requires `kubectl` to be installed and in PATH on the host where the server runs.
  • ⚠️Requires a valid `kubeconfig` file with configured contexts for Kubernetes cluster access.
  • ⚠️Requires `Helm v3` to be installed and in PATH for Helm chart operations (optional).
  • ⚠️NetworkPolicy enabled in Helm chart defaults to 'deny all' and requires explicit egress rules for DNS, Kubernetes API, and cloud provider APIs to function.
Review RequiredView Analysis
The server includes critical security risks due to its ability to execute arbitrary commands. The `kubectl_generic` tool allows arbitrary `kubectl` commands, and init containers in the Helm chart use `eval` to execute cloud provider CLI commands (`aws`, `gcloud`, `curl`) or custom scripts based on Helm values, which could lead to arbitrary command injection if not carefully controlled. While filtering mechanisms like `ALLOW_ONLY_NON_DESTRUCTIVE_TOOLS` exist, the core functionality of remote command execution presents a high risk if the server is compromised or deployed in an untrusted environment. Transport modes (SSE, Streamable HTTP) are explicitly marked as 'UNSAFE' in the documentation, requiring external proxies for proper authentication and authorization.
Updated: 2025-12-10GitHub
100
1803
Medium Cost
perplexityai icon

modelcontextprotocol

by perplexityai

Sec8

Provides AI assistants with real-time web search, reasoning, and research capabilities through Perplexity's API.

Setup Requirements

  • ⚠️Requires a Perplexity API Key (paid service) set as an environment variable (PERPLEXITY_API_KEY).
  • ⚠️Requires Node.js >= 18.
  • ⚠️For HTTP mode, 'ALLOWED_ORIGINS' requires careful configuration if exposing publicly, otherwise it defaults to local addresses.
Verified SafeView Analysis
The server explicitly requires 'PERPLEXITY_API_KEY' as an environment variable and does not hardcode secrets. It supports proxy configurations for secure network environments. In HTTP mode, the 'ALLOWED_ORIGINS' for CORS can be set to '*' for public access, which could be a misconfiguration risk if not intended. However, the default binding address is '127.0.0.1' and default origins are 'localhost', promoting secure local setup. Uses 'undici' for HTTP requests, which is a robust fetch implementation.
Updated: 2025-11-24GitHub
100
7798
Medium Cost
xinnan-tech icon

xiaozhi-esp32-server

by xinnan-tech

Sec7

Provides a robust backend service for the Xiaozhi ESP32 intelligent terminal hardware, enabling AI assistant functionalities such as voice recognition, natural language processing, knowledge base integration, voice cloning, and device control through MQTT, Websocket, and MCP protocols.

Setup Requirements

  • ⚠️Requires external AI API keys for cloud-based LLM, ASR, TTS, and VLLM services (typically paid).
  • ⚠️Deployment is primarily designed for Docker Compose, involving multiple services (Java API, Python AI server, Redis, MySQL, MQTT Gateway, RAGFlow).
  • ⚠️Full functionality, especially device control, requires connection to actual ESP32 hardware devices running compatible firmware.
  • ⚠️The Python `xiaozhi-server` component relies on FFmpeg for certain audio processing tasks, which needs to be installed.
  • ⚠️The backend is split across Java (Spring Boot) and Python (Flask/WebSocket server), requiring both environments to be managed.
Verified SafeView Analysis
The project demonstrates efforts in security by including XSS/SQL injection filters, JWT-based authentication, HMAC for data signing, and SM2 for password encryption. Configuration parameters, including API keys for external AI services, are externalized. However, the extensive control over connected ESP32 devices (e.g., reboot, firmware upgrade, photo capture) via MCP endpoints introduces a significant attack surface. The multi-service (Java, Python, Vue.js) and distributed nature (IoT devices, external APIs) increases complexity and potential for misconfiguration, which could be exploited. Users must ensure strict security practices for device pairing, network segmentation, and API key management.
Updated: 2025-12-06GitHub
100
2021
Low Cost
davepoon icon
Sec7

Provides a command-line interface to browse, install, manage, and verify Claude Code subagents, commands, and external MCP (Model Context Protocol) servers, facilitating local and project-level configuration for development workflows.

Setup Requirements

  • ⚠️Requires Node.js and npm.
  • ⚠️Requires Docker Desktop and Docker MCP Toolkit for Docker MCP server management.
  • ⚠️Requires Claude Code CLI for full MCP server management and verification.
Verified SafeView Analysis
The bwc-cli itself is a management tool that executes shell commands, reads/writes local configuration files, and fetches content from remote registries. While it doesn't contain obvious hardcoded secrets or malicious patterns, its security posture is highly dependent on the user's trust in the installed subagents, commands, and external MCP servers, as well as the security of the docker and claude CLI tools it invokes. It handles user inputs and configuration that could contain sensitive data, requiring users to be mindful of what they install and how they configure remote MCPs. The project fetches resources from external URLs (GitHub, Docker Hub), which could pose a risk if those sources were compromised.
Updated: 2025-11-25GitHub
100
37549
High Cost
mindsdb icon

mindsdb

by mindsdb

Sec5

A configuration-driven, automated testing framework for MindsDB data source integrations, designed to validate handler functionality and performance using pytest.

Setup Requirements

  • ⚠️Requires a running MindsDB server to connect to.
  • ⚠️Requires various external API keys (e.g., OpenAI, Anthropic, Google) for LLM-based features and specific data source integrations, which often correspond to paid services. These must be manually configured in a '.env' file.
  • ⚠️May require local instances of specific services like Ollama or vLLM servers for certain integrations.
  • ⚠️Requires `uv` for dependency installation (`uv pip install`).
  • ⚠️Some vector store integrations require PostgreSQL with the `pgvector` extension configured.
Review RequiredView Analysis
The framework involves dynamic code execution for Bring Your Own Model (BYOM) handlers, which inherently carries risk, even with attempts at virtual environment isolation. It uses subprocesses for dependency installation (`pip install`), a potential supply-chain vector. Extensive reliance on external APIs requires careful management of API keys and robust URL validation to prevent SSRF and other network-based attacks. While some mitigations (e.g., `validate_urls`, structured API key retrieval, `PATAuthMiddleware`) are present, the broad attack surface from dynamic code and numerous external integrations necessitates vigilant configuration and auditing.
Updated: 2025-12-11GitHub
100
4566
Low Cost

cc-switch

by farion1231

Sec7

A desktop application built with Tauri for managing configurations, contexts, or credentials for a specific system or platform.

Setup Requirements

  • ⚠️Requires pnpm package manager.
  • ⚠️Requires Node.js (specific version defined in `.node-version`).
  • ⚠️Requires Rust toolchain for building the native Tauri application.
Verified SafeView Analysis
Standard modern web/desktop stack (Tauri, Vite, TypeScript). Potential risks depend on Tauri's IPC configurations, specific dependencies, and network interactions, which are not visible from the file list. Generally safe for local execution if source is trusted.
Updated: 2025-11-18GitHub
100
1713
High Cost
brightdata icon

brightdata-mcp

by brightdata

Sec9

Enables AI agents and LLMs to access real-time web data, perform browser automation, and extract structured information from webpages, reliably bypassing bot detection.

Setup Requirements

  • ⚠️Requires a Bright Data API Key (`API_TOKEN`) for operation, which is a paid service, although a free tier is available for basic tools.
  • ⚠️Many advanced tools (e.g., browser automation, structured web data APIs) require enabling 'Pro Mode' by setting `PRO_MODE=true` and incur additional charges beyond the free tier.
  • ⚠️Requires a Node.js runtime environment to be installed locally to run.
Verified SafeView Analysis
The server connects to Bright Data's APIs and CDP endpoint using an API token from environment variables. The `extract` tool leverages AI sampling, explicitly instructing the LLM to respond with valid JSON, which mitigates simple prompt injection leading to arbitrary code execution within the server itself. Trust in Bright Data's API security is implicit. No use of `eval` or similar dangerous functions on untrusted input was found, and input validation is performed using Zod.
Updated: 2025-12-11GitHub
100
1481
Low Cost
MCPJam icon

inspector

by MCPJam

Sec9

A testing and debugging tool for Model Context Protocol (MCP) servers, allowing developers to inspect, connect, and interact with various AI/LLM models, tools, resources, and evaluation suites.

Setup Requirements

  • ⚠️Requires Node.js and npm for development. The `mint` CLI is used for local preview.
  • ⚠️Starts an embedded Hono server on port 6274 by default, which might conflict with other services.
  • ⚠️Integrated with Ollama; if using local LLMs, Ollama must be installed and running.
  • ⚠️Uses WorkOS for authentication, requiring `VITE_WORKOS_CLIENT_ID` configuration.
  • ⚠️Leverages Convex for backend persistence, requiring `VITE_CONVEX_URL` configuration.
Verified SafeView Analysis
The Electron application adheres to strong security practices by enabling `contextIsolation: true` and disabling `nodeIntegration: false`, minimizing direct access of the renderer process to Node.js APIs. IPC (Inter-Process Communication) handlers are explicitly defined and control access to sensitive operations, such as file system interactions, which are gated by user-facing dialogs. OAuth redirection and popup handling are carefully implemented to prevent hijacking by malicious external websites. The embedded Hono server acts as a secure CORS proxy for external MCP servers and OAuth flows. Client-side state and OAuth tokens are stored in `localStorage`, a common practice that relies on the browser's security model (mitigated by Electron's strong isolation). No hardcoded secrets were identified in the provided source snippets. The primary security considerations involve trusting the configuration of external MCP servers it connects to.
Updated: 2025-12-11GitHub
100
2944
Medium Cost
IBM icon
Sec8

Retrieves web content and files from URLs, then converts them into high-quality Markdown format, supporting various content types and conversion engines.

Setup Requirements

  • ⚠️Requires Python 3.11+.
  • ⚠️Dependencies vary by feature; full format support (e.g., PDF, DOCX) requires specific `make install-*` commands and external libraries.
  • ⚠️Built on `fastmcp>=0.1.0`, which must be installed in the environment.
  • ⚠️If hosted by the MCP Gateway, upgrading to v0.7.0+ requires a critical database migration with specific `.env` variable setup and backup procedures.
Verified SafeView Analysis
The primary security posture relies on the hosting MCP Gateway, which includes robust RBAC, SSO, JWT authentication, and auditing. The Rust-accelerated PII filter (if enabled as a plugin) enhances data privacy by detecting and masking sensitive information. Default credentials, insecure cookies on HTTP (without SSL), and direct `sqlalchemy.text` usage in migration scripts for the gateway require developer diligence. The server itself processes external web content, which could introduce risks (e.g., SSRF, resource exhaustion) if input URLs are not properly validated and sanitized by the gateway.
Updated: 2025-12-11GitHub
PreviousPage 5 of 587Next