Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

52
74
Low Cost
mkreyman icon
Sec8

Provides persistent context management for Claude AI coding assistants, ensuring work history, decisions, and progress are preserved across sessions and context limits.

Setup Requirements

  • ⚠️Requires the Claude AI CLI (`claude` command) to be installed.
  • ⚠️Requires a local Git installation for Git integration features.
  • ⚠️Stores all data locally in `~/mcp-data/memory-keeper/`, requiring local disk space.
Verified SafeView Analysis
The server operates locally via standard I/O (stdio) reducing common network attack vectors. Input validation is applied for keys, values, and file paths to prevent injection and path traversal. SQLite is used with parameterized queries to mitigate SQL injection risks. Git operations use the `simple-git` library, which generally sanitizes commands, assuming a trusted local environment for Git execution. No hardcoded secrets were identified. The primary security risk lies in potential misuse of local file system access by the AI if malicious commands are somehow crafted via context, though strong input validation significantly reduces this risk.
Updated: 2025-12-10GitHub
52
16
Low Cost
gabrielserrao icon

pyrestoolbox-mcp

by gabrielserrao

Sec9

Provides AI agents with comprehensive reservoir engineering calculations for PVT analysis, well performance, geomechanics, and reservoir simulation support.

Setup Requirements

  • ⚠️Strict adherence to 'Field Units (US Oilfield)' (e.g., psia, degF, ft, mD) is required for all inputs and outputs.
  • ⚠️When integrating with Claude Desktop, absolute paths to the 'uv' executable and the project directory are required in the `claude_desktop_config.json`.
Verified SafeView Analysis
The server wraps the `pyResToolbox` scientific library and uses Pydantic for input validation, which helps mitigate common injection risks. Network services (HTTP/SSE) are exposed via Docker Compose, which is standard for FastMCP. No apparent hardcoded secrets or malicious patterns observed. Overall, it appears safe given its scientific computation nature.
Updated: 2025-12-13GitHub
52
5
Medium Cost
tegwin icon

AutotaskMCP

by tegwin

Sec8

Manage Autotask PSA (Professional Services Automation) data, including tickets, companies, contacts, time entries, and resources, through a Claude Desktop MCP server.

Setup Requirements

  • ⚠️Requires an existing Autotask account with API access and generated API credentials (Username, Secret, Integration Code, API URL).
  • ⚠️Requires manual configuration of Claude Desktop's `claude_desktop_config.json` file with the absolute path to `autotask_mcp.py`.
  • ⚠️Requires specific Python libraries to be installed (`mcp`, `httpx`, `pydantic`).
Verified SafeView Analysis
The server correctly uses environment variables for sensitive API credentials, avoiding hardcoded secrets. HTTP requests are made using the httpx library, a standard and secure choice. There are no direct uses of 'eval', obfuscation, or obvious malicious patterns. The '_make_request' function logs 'response.text' on errors, which in a rare edge case could expose sensitive data if the Autotask API includes it in an error message. The `GetPicklistValuesInput.entity` parameter allows querying metadata for arbitrary entity names, which while not an arbitrary URL injection, could potentially reveal information about the Autotask API structure or lead to unnecessary API calls if misused by the LLM.
Updated: 2025-11-24GitHub
52
139
Medium Cost
tinyfish-io icon

agentql-mcp

by tinyfish-io

Sec9

Integrates AgentQL's data extraction capabilities to extract structured data from web pages using natural language prompts.

Setup Requirements

  • ⚠️Requires AgentQL API Key (Paid service)
  • ⚠️Requires Node.js and npm installed
Verified SafeView Analysis
The server reads the `AGENTQL_API_KEY` from environment variables, which is good practice. It proxies user-provided URLs and natural language prompts to the external `api.agentql.com` service via an HTTPS POST request. There's no use of `eval`, obfuscation, or direct execution of user input as shell commands. The main security consideration is the reliance on the third-party AgentQL API and its handling of the submitted URLs and prompts.
Updated: 2026-01-19GitHub
52
96
Medium Cost
kukapay icon

freqtrade-mcp

by kukapay

Sec8

Integrates an AI agent with the Freqtrade cryptocurrency trading bot to enable automated trading operations via its REST API.

Setup Requirements

  • ⚠️Requires Python 3.13+.
  • ⚠️A running Freqtrade instance with its REST API enabled and properly configured (e.g., `api_server` section enabled, correct username/password).
  • ⚠️Requires environment variables `FREQTRADE_API_URL`, `FREQTRADE_USERNAME`, `FREQTRADE_PASSWORD` to be set with Freqtrade API credentials.
Verified SafeView Analysis
The server relies on environment variables for sensitive Freqtrade API credentials (URL, username, password), which is a good practice. It directly passes user-provided parameters to the `freqtrade-client` library without obvious direct code injection vulnerabilities (e.g., `eval`, `exec`). The `place_trade` function includes basic input validation for the 'side' parameter. The primary security risks would stem from vulnerabilities within the `freqtrade-client` library, the Freqtrade REST API itself, or improper handling of environment variables in the deployment environment. There are no clear indications of malicious patterns or severe code-level security flaws in the provided source.
Updated: 2025-12-06GitHub
52
63
Low Cost
Epistates icon

turbomcp

by Epistates

Sec9

A production-ready Rust SDK for building high-performance Model Context Protocol (MCP) servers with automatic schema generation and multi-transport support, designed for AI model integration.

Setup Requirements

  • ⚠️Requires Rust 1.89.0+ (Edition 2024) and Tokio async runtime.
  • ⚠️Advanced features like HTTP, WebSocket, OAuth, DPoP, and SIMD acceleration are opt-in and require explicit feature flag configuration in Cargo.toml.
  • ⚠️External services such as OAuth providers, Redis for DPoP nonce tracking, or databases are required for certain advanced features to function.
Verified SafeView Analysis
The project demonstrates a strong focus on security, leveraging Rust's memory safety and implementing robust features like OAuth 2.1, DPoP (RFC 9449), TLS with `rustls`, CORS, content security policies, and rate limiting. Input validation is integrated via procedural macros, and sensitive information is sanitized in error messages. Docker deployment best practices, including non-root users and distroless images, further enhance security. Extensive security auditing (`cargo audit`) and specific attack scenario tests are part of the development workflow, indicating a proactive approach to security. Authorization (RBAC) is explicitly moved to the application layer, promoting better separation of concerns. The comprehensive security features and testing justify a high score, with minor deductions for the inherent complexity of multi-protocol systems.
Updated: 2026-01-19GitHub
52
97
Low Cost
kukapay icon
Sec8

Provides an MCP server with over 50 cryptocurrency technical analysis indicators and strategies to empower AI trading agents in analyzing market trends and developing quantitative strategies.

Setup Requirements

  • ⚠️Requires Node.js v18.x or higher and npm v8.x or higher.
  • ⚠️Requires configuration within an MCP client (e.g., Claude Desktop) to define the `command`, `args`, and `env` for the server.
  • ⚠️The `EXCHANGE_NAME` environment variable determines the data source (defaults to Binance, but can be configured to any ccxt-supported exchange).
Verified SafeView Analysis
The server fetches public OHLCV data from cryptocurrency exchanges using `ccxt`. While it uses an environment variable for the exchange name, no hardcoded API keys or sensitive credentials were found. The tool functions execute calculations on fetched data and return JSON, with no apparent 'eval' or other highly dangerous patterns. Network risks are limited to fetching market data from a configured exchange, which is standard for this type of application.
Updated: 2025-12-06GitHub
52
86
Medium Cost
CrowdStrike icon

falcon-mcp

by CrowdStrike

Sec7

An MCP server providing AI agents programmatic access to CrowdStrike Falcon platform capabilities for intelligent security analysis and automation, integrating threat detection, incident response, and vulnerability management into agentic workflows.

Setup Requirements

  • ⚠️Requires CrowdStrike Falcon API credentials (FALCON_CLIENT_ID and FALCON_CLIENT_SECRET) with specific API scopes depending on the modules used. Obtaining these involves a manual process in the CrowdStrike console.
  • ⚠️Requires Python 3.11 or higher.
  • ⚠️The project is in 'Public Preview' and is not recommended for production deployments; features and functionality may change.
Verified SafeView Analysis
The core Python server code (`falcon_mcp/server.py` and its dependencies) uses `python-dotenv` for environment variable loading, which is a secure approach. However, the `examples/adk/adk_agent_operations.sh` script, provided for deploying with a prebuilt Google ADK agent, uses an `eval` command to load `.env` variables (`eval "$(grep ...)"`). This construct is vulnerable to arbitrary code execution if a malicious string is present in the value of an environment variable in the `.env` file. This vulnerability is specific to that shell script and its usage path. Hardcoded API credentials are appropriately avoided, relying on environment variables or direct parameters. The project is explicitly in 'Public Preview' and not recommended for production deployments, indicating potential for undiscovered security issues.
Updated: 2026-01-19GitHub
52
18
Medium Cost
isakskogstad icon

Riksdag-Regering-MCP

by isakskogstad

Sec9

Provides LLMs with real-time access to open data, documents, and records from the Swedish Parliament (Riksdagen) and Government Offices (Regeringskansliet) via their public APIs.

Setup Requirements

  • ⚠️Node.js 20+ required.
  • ⚠️Requires active internet connection to data.riksdagen.se and g0v.se.
  • ⚠️For HTTP mode, an optional API_KEY environment variable can be set for authentication (x-api-key header).
Verified SafeView Analysis
The server is stateless, fetches data directly from trusted public APIs (data.riksdagen.se, g0v.se), and employs Zod for input validation and `express-rate-limit` for request limiting. CORS is open by default, requiring configuration for public deployments to restrict client domains. There are no hardcoded secrets or usage of dangerous functions like `eval`.
Updated: 2025-12-02GitHub
52
18
Medium Cost
KSAklfszf921 icon

Riksdag-Regering-MCP

by KSAklfszf921

Sec9

Enables LLMs to query and retrieve real-time open data, documents, protocols, and records from the Swedish Parliament (Riksdagen) and Government Offices (Regeringskansliet).

Setup Requirements

  • ⚠️Requires Node.js 20+
  • ⚠️Requires active internet connection to data.riksdagen.se and g0v.se APIs
Verified SafeView Analysis
Robust input validation using Zod schemas for all tool arguments. Output sanitization and response size limits (max 5MB, 500 items default) prevent oversized responses. Rate limiting (100 requests/15 min/IP) is implemented for HTTP endpoints and internal API calls. No external database or persistent file storage is used, reducing data breach risks. Authentication via an optional `API_KEY` environment variable protects public HTTP deployments. It exclusively interacts with trusted, public APIs (data.riksdagen.se, g0v.se). No 'eval' or other obviously malicious patterns were found. CORS is open by default, which can be a minor risk if not restricted in a public deployment, but is documented as configurable.
Updated: 2025-12-02GitHub
52
122
Low Cost
spences10 icon

mcp-svelte-docs

by spences10

Sec9

Provides authoritative Svelte 5 and SvelteKit definitions extracted from TypeScript declarations.

Setup Requirements

  • ⚠️Requires Node.js and a package manager (npm/pnpm) to run via `npx`.
  • ⚠️The SQLite database (`definitions.db`) must be built and present, which is handled automatically if installed via `npx`.
Verified SafeView Analysis
The server primarily focuses on providing documentation from a local SQLite database. It does not use `eval` or exhibit obfuscation. Network requests are typically initiated within SvelteKit's controlled environment (e.g., `fetch` calls in loaders or remote functions, which are part of SvelteKit's design), not arbitrary user input. There are no obvious hardcoded secrets; environment variables are accessed where appropriate. The use of `better-sqlite3` with prebuilt binaries reduces potential compilation issues but relies on the integrity of those binaries. Overall, it appears to be a robust and focused documentation server.
Updated: 2026-01-17GitHub
51
58
Medium Cost
shinpr icon
Sec9

Provides a Model Context Protocol (MCP) server to enable Claude Code–style sub-agent workflows in any MCP-compatible tool, executing agents via various AI CLI backends.

Setup Requirements

  • ⚠️Requires Node.js 20 or higher.
  • ⚠️Requires one of `cursor-agent`, `claude` CLI, `gemini` CLI, or `codex` CLI to be separately installed, authenticated, and configured.
  • ⚠️`AGENTS_DIR` environment variable is mandatory and must be an absolute path (relative paths are not supported).
  • ⚠️Underlying AI CLIs may require interactive permission prompts for shell commands when invoked by sub-agents. These commands need to be pre-approved directly through the CLI tool for sub-agents to function correctly.
Verified SafeView Analysis
The server employs robust input validation for agent names, prompts, current working directory (CWD), and extra arguments, preventing path traversal and command injection attempts. It uses `child_process.spawn` with `shell: false` for external CLI execution, which is a strong defense against shell injection. Session management file paths are also carefully validated and secured with restrictive file permissions. The primary security consideration for users lies in the trustworthiness and potential vulnerabilities (e.g., command injection via their own prompt arguments or network access) of the underlying AI CLI tools (Cursor, Claude, Gemini, Codex) that this server orchestrates, as these are external to this codebase. No `eval` or obvious hardcoded secrets were found.
Updated: 2026-01-16GitHub
PreviousPage 52 of 760Next