Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(7756)

51
9
Medium Cost
hemanth icon

mcp-web-client

by hemanth

Sec3

A web-based client for the Model Context Protocol (MCP), enabling users to connect to multiple MCP servers, browse tools/resources/prompts, and interact via an AI chat interface.

Setup Requirements

  • ⚠️Requires API keys for OpenAI, Anthropic, or Google Gemini (paid services) for LLM functionality.
  • ⚠️Requires a local Ollama instance running (default: http://localhost:11434) to use Ollama models.
  • ⚠️Requires external MCP servers to connect to; while featured servers are listed, users typically need access to specific ones.
  • ⚠️Server-side OAuth state (shared-state.ts) is in-memory and will not persist across restarts or multiple instances in a production environment (e.g., serverless, containerized) without a persistent store like Redis or a database.
Review RequiredView Analysis
CRITICAL: The API routes (`/api/mcp/sse`, `/api/mcp/message`, `/api/mcp/streamable`) act as proxy endpoints. They take `x-mcp-server-url` directly from client-side headers and use it in server-side `fetch` calls without sufficient validation. This constitutes a Server-Side Request Forgery (SSRF) vulnerability, allowing an attacker to coerce the Next.js server to make requests to arbitrary internal or external network resources. This can lead to information disclosure or unauthorized actions. Custom headers are parsed and forwarded, but Host, Content-Length, and Transfer-Encoding are filtered. OAuth client registrations and state are stored in-memory server-side (`src/lib/shared-state.ts`), which is not suitable for production deployments and could lead to lost state and failed authentication flows, though this is a reliability issue rather than a direct security flaw. The embedding of MCP Apps via `srcDoc` in iframes with `sandbox="allow-scripts allow-same-origin"` is a reasonable approach to isolate content, and communication is handled securely via `postMessage` with source validation.
Updated: 2025-12-14GitHub
51
94
Low Cost
aashari icon
Sec4

Connects AI assistants to Bitbucket repositories, pull requests, and code to get insights, automate reviews, and manage development workflows.

Setup Requirements

  • ⚠️Requires Node.js 18.0.0 or higher.
  • ⚠️Requires a Bitbucket Cloud account (not Server/Data Center).
  • ⚠️Requires authentication credentials (Scoped API Token is recommended, App Password is legacy and will be deprecated by June 2026).
  • ⚠️The `bb_clone` tool's `targetPath` parameter recommends absolute paths; relative paths resolve to the server's working directory, which may not be expected.
Review RequiredView Analysis
The server uses `child_process.exec` to run `git clone` with user-provided `targetPath` and `repoSlug` for the `bb_clone` tool. While these parameters are double-quoted in the shell command, this approach is susceptible to command injection (CWE-77) if the user inputs contain carefully crafted shell metacharacters that can break out of the quoted string. A safer implementation would use `child_process.spawn` with arguments passed as an array to prevent shell interpretation of user input. Other notable security practices include using environment variables for credentials, implementing network timeouts (CWE-400), and limiting response sizes (CWE-770).
Updated: 2025-12-15GitHub
51
3
Medium Cost
askman-dev icon
Sec8

Provides metacognitive protocols to AI coding agents to help them recover from being stuck in common development scenarios without human intervention.

Setup Requirements

  • ⚠️Requires ANTHROPIC_AUTH_TOKEN environment variable, implying a paid Anthropic API key.
  • ⚠️Requires a Cloudflare account for deployment using `wrangler deploy`.
  • ⚠️Requires `npm run generate:scenarios` to be run during development/build to discover and compile prompt markdown files.
Verified SafeView Analysis
The server uses environment variables for API keys and allowed origins, preventing hardcoding. It uses standard SDKs from Anthropic and Model Context Protocol. Input parsing for AI-generated sampling questions uses `JSON.parse` which, while generally safe for data, requires trust in the model's output not to contain malicious constructs. Origin validation is implemented for web requests.
Updated: 2025-11-29GitHub
51
40
Medium Cost
esaio icon
Sec9

Connects AI assistants with esa.io for comprehensive document and team management, enabling AI to read, create, update, and manage posts, comments, categories, and attachments.

Setup Requirements

  • ⚠️Requires `ESA_ACCESS_TOKEN` with appropriate `read` and `write` scopes for esa.io API access.
  • ⚠️Requires Node.js version >= 20.19.4.
  • ⚠️The `LANG` environment variable can be set to 'ja' or 'en' to control the UI language.
Verified SafeView Analysis
The server correctly uses environment variables for sensitive data like API access tokens, avoiding hardcoded secrets. It employs `zod` for robust input validation on tool arguments, mitigating common injection risks. Attachment handling includes checks for supported image types and size limits before base64 encoding, returning signed URLs for other cases, which is a secure practice. No `eval` or direct command execution vulnerabilities were identified in the provided source code. The primary security consideration remains the scope of the `ESA_ACCESS_TOKEN` and the trustworthiness of the connected AI client.
Updated: 2025-12-14GitHub
51
82
Medium Cost
mahdin75 icon

gis-mcp

by mahdin75

Sec8

Facilitate AI assistants and LLMs to perform complex geospatial operations, data analysis, and data gathering by exposing GIS library functions via a Model Context Protocol (MCP) server.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Requires an API Key (e.g., OpenAI, OpenRouter) for AI agent examples (paid service).
  • ⚠️Requires external authentication setup for specific data sources (e.g., CDSAPI for climate data via a `.cdsapirc` file).
  • ⚠️The server must be run in a separate terminal process to be accessible by client agents.
Verified SafeView Analysis
The server includes HTTP endpoints for file upload, download, and listing within a configurable storage directory. While `pathlib.Path.resolve()` is used to mitigate directory traversal risks in path handling, the `/storage` endpoints themselves operate without explicit authentication/authorization in the provided code, meaning any client with network access can manage files within the designated storage path. This necessitates external security measures (e.g., firewalls, reverse proxies with authentication) for deployments in untrusted environments. No obvious `eval()` or hardcoded secrets were found; API keys are loaded from environment variables or separate config files.
Updated: 2025-12-14GitHub
51
112
High Cost
ilanbenb icon

wa_llm

by ilanbenb

Sec4

An AI-powered WhatsApp bot that tracks group conversations, generates intelligent summaries, and provides knowledge-base answers.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose for deployment.
  • ⚠️Requires Python 3.12+ for local development and build.
  • ⚠️Requires a PostgreSQL database with the `pgvector` extension enabled.
  • ⚠️Requires paid API keys for Voyage AI (for embeddings) and Anthropic (for LLM interactions).
  • ⚠️A dedicated WhatsApp account for the bot is needed, which must be manually linked by scanning a QR code at the WhatsApp service's exposed port (e.g., `localhost:3000`).
  • ⚠️Groups are not automatically managed; a manual SQL `UPDATE` statement is required in the PostgreSQL database to activate the bot for a specific group.
  • ⚠️After connecting the WhatsApp device or enabling a group, the `web-server` service must be manually restarted for changes to take effect.
Review RequiredView Analysis
The `docker-compose.base.yml` file, extended by both development and production configurations, hardcodes default credentials for PostgreSQL (`user:password`) and the WhatsApp API (`admin:admin`). While the `web-server` container uses environment variables (e.g., `WHATSAPP_BASIC_AUTH_USER`, `WHATSAPP_BASIC_AUTH_PASSWORD`) that can be overridden by `.env` files, the underlying `whatsapp` service (`aldinokemal2104/go-whatsapp-web-multidevice`) is directly configured with `APP_BASIC_AUTH=admin:admin` within `docker-compose.base.yml`. This means the WhatsApp API gateway itself is exposed with these default credentials. If the `web-server`'s credentials are changed, it will fail to connect to the WhatsApp service unless the `APP_BASIC_AUTH` in `docker-compose.base.yml` is also manually updated. This creates a critical security vulnerability if deployed without changing these defaults, especially for services exposed to the network. Additionally, the bot directly sends LLM-generated responses to WhatsApp chats, which carries an inherent risk of the LLM producing malicious links or inappropriate content. The use of Jinja2 for prompt rendering, while generally safe with fixed template names, could theoretically pose a minor Server-Side Template Injection (SSTI) risk if user-controlled input were to be unsuitably passed into the template context allowing arbitrary code execution, though this specific application context (LLM prompts) mitigates that risk significantly.
Updated: 2025-12-10GitHub
51
75
Medium Cost

amap-mcp-server

by sugarforever

Sec8

This server provides a set of tools for interacting with Gaode Maps (Amap) APIs, including geocoding, location services, route planning, distance measurement, and POI search.

Setup Requirements

  • ⚠️Requires a valid Amap Maps API Key, obtainable from the Amap Open Platform (lbs.amap.com).
  • ⚠️Requires a Python environment with `uv` (or `pip` and `uvicorn`) installed to run the server.
Verified SafeView Analysis
The server functions as a wrapper for the Amap APIs. It requires an `AMAP_MAPS_API_KEY` which is securely handled via environment variables as per the documentation. No 'eval' or obfuscation is indicated. When deployed via SSE or Streamable HTTP, standard network security practices (e.g., firewall, access control) should be applied to the exposed endpoint.
Updated: 2025-11-18GitHub
51
89
High Cost
webflow icon

mcp-server

by webflow

Sec8

Enables AI agents to interact with Webflow's Data API and Designer API for site and content management.

Setup Requirements

  • ⚠️Requires `WEBFLOW_TOKEN` environment variable for authentication.
  • ⚠️Node.js version 22.3.0 or higher is mandatory.
  • ⚠️For local Designer API tools, manual setup and publishing of a 'Webflow MCP Bridge App' in your Webflow Workspace is required, involving several external steps.
Verified SafeView Analysis
The server correctly requires `WEBFLOW_TOKEN` via environment variables, preventing hardcoded secrets. It utilizes Zod for input schema validation, which helps mitigate injection risks. For local Designer API interactions, the Socket.IO server sets `cors: { origin: '*' }`. While generally a security concern, in the context of a local development tool expecting connections from a local Webflow Designer App (running on `localhost:<port>`), it's a pragmatic design choice for flexibility rather than a critical vulnerability. No `eval` or obfuscation detected. The code appears clean and follows standard practices for Node.js applications.
Updated: 2025-12-08GitHub
51
73
Medium Cost
eversinc33 icon

TriageMCP

by eversinc33

Sec3

Enables an LLM to perform static analysis and triage of PE files using local security tools.

Setup Requirements

  • ⚠️Requires Python 3.13 or newer.
  • ⚠️Requires manual installation and configuration of external tools (FLOSS, UPX, CAPA, YARA rules) and updating their paths in `triage.py`.
  • ⚠️Default tool paths are Windows-specific (e.g., C:\Tools\...).
Review RequiredView Analysis
The server allows an LLM to execute external binaries (FLOSS, UPX, CAPA) and access the local filesystem via user-controlled file paths. Without robust input validation, sanitization, or sandboxing mechanisms, a malicious or compromised LLM could potentially: 1) analyze arbitrary system files (information leak via `list_directory`, `get_hashes`, `get_pe_metadata` etc.), 2) attempt to unpack or modify critical system binaries (`upx_unpack`), or 3) exploit command injection vulnerabilities in the external tools if crafted file paths are passed directly to `subprocess` calls. The hardcoded tool paths also mean the setup is specific and not easily adaptable to different security contexts without code modification.
Updated: 2025-12-01GitHub
51
95
High Cost
nkapila6 icon

mcp-local-rag

by nkapila6

Sec7

Provides a local RAG-like web search capability to Language Models by fetching, embedding, and ranking web content.

Setup Requirements

  • ⚠️Requires Docker or uv (Python package manager) for installation.
  • ⚠️Requires Python 3.10.
  • ⚠️Can consume significant LLM context tokens, up to 50,000 characters of text per call.
Verified SafeView Analysis
The server performs web searches using DuckDuckGo and fetches content from arbitrary URLs. While it uses BeautifulSoup to extract plain text and truncates content to 10,000 characters, fetching from external, potentially untrusted websites always carries some inherent risk (e.g., large or malformed responses). Request timeouts (5 seconds) are implemented to mitigate prolonged blocking calls. No 'eval', hardcoded credentials, or other clear malicious patterns were identified.
Updated: 2025-12-09GitHub
51
9
Low Cost
zeromicro icon

mcp-zero

by zeromicro

Sec9

A Model Context Protocol (MCP) tool that helps developers quickly scaffold, generate, analyze, and manage go-zero microservice projects using natural language.

Setup Requirements

  • ⚠️Requires Go 1.19 or later to build and run.
  • ⚠️Requires go-zero CLI (goctl) to be installed and discoverable (via PATH or GOCTL_PATH env var).
  • ⚠️Requires an MCP-compatible client (e.g., Claude Desktop) for interaction.
Verified SafeView Analysis
The project includes explicit security considerations and documentation (SECURITY_AUDIT.md, SECURITY_VERIFICATION.md). It implements input validation, path traversal protection, command injection prevention, and secure credential handling (no logging/persistence, memory clearing). External commands use `exec.Command` which safely escapes arguments. Generated code security is validated structurally. One medium-priority recommendation is for enhanced memory clearing to overwrite sensitive data before clearing.
Updated: 2025-12-01GitHub
51
93
High Cost
gensecaihq icon

Wazuh-MCP-Server

by gensecaihq

Sec9

Provides an MCP-compliant remote server for seamless integration between AI assistants (like Claude Desktop) and the Wazuh SIEM platform, enabling natural language security operations.

Setup Requirements

  • ⚠️Requires Docker 20.10+ with Compose v2.20+ for deployment.
  • ⚠️Requires a functional Wazuh 4.8.0 - 4.14.1 deployment with API access.
  • ⚠️Wazuh Indexer configuration (WAZUH_INDEXER_HOST, etc.) is mandatory for vulnerability management tools.
  • ⚠️Claude Desktop integration for custom connectors typically requires an HTTPS-accessible server in production and a Claude Pro, Max, Team, or Enterprise plan.
Verified SafeView Analysis
The project demonstrates excellent security architecture and hardening. Key strengths include hardened Docker container configurations (non-root user, dropped capabilities, read-only filesystem), robust authentication mechanisms (JWT, OAuth 2.0 with PKCE, HMAC for API keys to prevent timing attacks), comprehensive input validation to mitigate injection attacks (SQLi, XSS, path traversal), and network security measures (strict CORS, origin validation, rate limiting, configurable SSL verification). Resilience patterns like circuit breakers, retries, and graceful shutdown are implemented for stability. The configuration validation is extensive, with checks for password strength, host validity, and file permissions. A minor area for improvement is the default in-memory storage for OAuth clients and tokens in `oauth.py` and `auth.py`, which could limit horizontal scalability for these features without external state management. Additionally, the security overview in `docs/security/README.md` contains an outdated reference to 'STDIO-only transport' which is misleading for this remote HTTP/SSE server.
Updated: 2025-12-12GitHub
PreviousPage 51 of 647Next