Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(7756)

50
77
Medium Cost
stape-io icon
Sec9

This server acts as a middleware proxy for Model Context Protocol (MCP) clients to interact with the Google Tag Manager API, enabling AI agents to manage GTM accounts, containers, workspaces, and various resources like tags, triggers, and variables securely via Google OAuth.

Setup Requirements

  • ⚠️Requires Google OAuth 2.0 authentication, involving a browser-based interactive flow to grant access.
  • ⚠️Deployment requires configuring several environment variables: GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET, COOKIE_ENCRYPTION_KEY, HOSTED_DOMAIN, and WORKER_HOST.
  • ⚠️MCP clients connecting to this server may need to clear local cache (`rm -rf ~/.mcp-auth`) if persistent authentication issues arise, as mentioned in the troubleshooting section.
Verified SafeView Analysis
The server demonstrates strong security practices for its stated purpose. It utilizes a robust OAuth provider (@cloudflare/workers-oauth-provider) for Google authentication, with critical secrets (client IDs, secrets, encryption keys) properly sourced from environment variables. Input validation is enforced using Zod schemas, mitigating malformed requests. Explicit mechanisms for session revocation and Google token deauthorization are in place. Furthermore, the Privacy Policy explicitly states compliance with Google's Limited Use requirements, including a clear prohibition against using Google API data for AI/ML model training or improvement. The use of query parameters for sensitive data in the `/remove` endpoint, while functional on a secure Cloudflare Worker, is a minor consideration, but overall, the security posture is high.
Updated: 2025-12-04GitHub
50
14
Medium Cost
xxyyue icon
Sec7

Provides a headless Model Context Protocol (MCP) server for IDA Pro, enabling AI agents or MCP clients to programmatically open, analyze, and control IDA databases on demand without manual GUI interaction.

Setup Requirements

  • ⚠️Requires IDA Pro 9.1.0 or later to be installed locally.
  • ⚠️Requires the IDADIR environment variable to be set to the IDA Pro installation directory.
  • ⚠️The `decompile_function` tool requires a valid Hex-Rays decompiler license to function.
Verified SafeView Analysis
The server exposes powerful binary analysis capabilities of IDA Pro, including memory patching, type declaration, and code modification, which are inherently high-risk operations if controlled by untrusted or compromised agents. The implementation uses multiprocessing for project isolation and standard Python/IDA APIs, mitigating common web server vulnerabilities like arbitrary shell command execution outside the IDA context. The primary security consideration is the trust level of the MCP client/agent utilizing these powerful reverse engineering tools, as they can modify binaries and interact deeply with analyzed code.
Updated: 2025-12-14GitHub
50
57
Medium Cost
huimeicloud icon

hm_editor

by huimeicloud

Sec1

Electronic Medical Record (EMR) Editor backend with AI integration for structured data management, document generation, and chart visualization.

Setup Requirements

  • ⚠️Requires `DEEPSEEK_API_KEY` environment variable for AI features (paid service).
  • ⚠️Requires `canvas`, `echarts`, and `puppeteer` npm packages, which may have native dependencies and can be complex to install.
  • ⚠️Requires `wkhtmltopdf` external executable to be installed on the system path for PDF generation.
Review RequiredView Analysis
CRITICAL: The server uses `wkhtmltopdf` and `puppeteer` (with `--no-sandbox` flag) for PDF generation, accepting HTML/URLs from user input. This is an extremely high risk for Remote Code Execution (RCE) and Server-Side Request Forgery (SSRF) if inputs are not perfectly sanitized. The HTML sanitization attempts in `preProcessWatermarkHtml` are unlikely to be robust enough against a determined attacker. Additionally, user-controlled arguments passed via WebSocket to client-side editor functions could lead to client-side vulnerabilities (e.g., XSS) if not properly validated on the client. Input parsing for chart generation could lead to resource exhaustion with large or malformed payloads.
Updated: 2025-12-03GitHub
50
71
Low Cost
stacklok icon

toolhive-studio

by stacklok

Sec8

Facilitates discovery, deployment, and management of Model Context Protocol (MCP) servers in isolated containers on a desktop environment, enabling secure integration with AI agents and clients.

Setup Requirements

  • ⚠️Requires Docker or Podman daemon to be running.
  • ⚠️Uses pnpm as the package manager.
  • ⚠️The 'thv' binary needs to be downloaded and built/run once (pnpm thv) before starting the development server.
Verified SafeView Analysis
The project adheres to good security practices for an Electron application. It uses contextBridge to expose IPC functionality to the renderer process, limiting direct Node.js access and requiring main process mediation. External links are opened in the default browser, and a Content Security Policy (CSP) is implemented in production to restrict resource loading. `child_process.spawn` is used to run the `thv` binary, but arguments are constructed internally, mitigating direct RCE from user input. Input validation (using Zod) is applied to server configuration forms. Telemetry (Sentry) is opt-out, providing user control over data sharing. However, the `electron-store` encryption key for chat settings is hardcoded, which, while better than plaintext, is discoverable upon decompilation. The overall security is also dependent on the `thv` binary (not analyzed here) and the underlying container runtime.
Updated: 2025-12-12GitHub
50
100
High Cost
domdomegg icon

computer-use-mcp

by domdomegg

Sec7

Enables an AI model (specifically Claude) to control and interact with a local computer's graphical user interface.

Setup Requirements

  • ⚠️Requires Node.js installed on the host machine.
  • ⚠️On macOS, `nut.js` (used for control) typically requires manual granting of Accessibility and Screen Recording permissions.
  • ⚠️Using the HTTP transport (`MCP_TRANSPORT=http`) without a secured setup (e.g., reverse proxy) will expose full computer control to unauthenticated network requests.
Review RequiredView Analysis
The server grants the AI model complete control over the host computer (mouse, keyboard, screenshots), which is inherently high-risk. The README explicitly warns to treat it like 'giving a hyperactive toddler access to your computer' and suggests a sandboxed environment. The HTTP transport option, if selected (MCP_TRANSPORT=http), has 'no authentication' and should only be used behind a reverse proxy or in a secured setup. No hardcoded secrets or arbitrary `eval` from user input were found in the provided source.
Updated: 2025-12-14GitHub
50
25
Medium Cost
sagemcp icon

sagemcp

by sagemcp

Sec8

A scalable platform for hosting Multi-tenant Model Context Protocol (MCP) servers with multi-tenant support, OAuth integration, and connector plugins for various services.

Setup Requirements

  • ⚠️Requires Kubernetes 1.21+ and Helm 3.8+ for production deployment.
  • ⚠️PostgreSQL and Redis are essential for database persistence and caching functionality.
  • ⚠️External OAuth provider (e.g., GitHub) client ID and secret are required to enable respective connectors.
  • ⚠️A strong `SECRET_KEY` environment variable must be generated and set for production environments.
Verified SafeView Analysis
The application uses environment variables for sensitive data like OAuth client IDs/secrets and database credentials. It includes a mechanism to generate a `SECRET_KEY` for development if not provided, which is convenient but requires attention in production. CORS `allow_origins=["*"]` is set by default, explicitly noted in the code as needing configuration for production. Default 'changeme' passwords in the Helm chart are highlighted as needing change for production. OAuth redirect URIs for CLI flows are correctly validated for localhost, and for web flows, `PUBLIC_URL` or forwarded headers are used, which is standard practice. HTTP client uses SSL verification and connection pooling for performance and security.
Updated: 2025-12-01GitHub
50
13
Low Cost

mcp-notify

by aahl

Sec8

A Model Context Protocol (MCP) server designed to send messages and notifications across various platforms like WeWork, DingTalk, Telegram, Lark, Home Assistant, Bark, Ntfy, and PushPlus.

Setup Requirements

  • ⚠️Requires obtaining and securely configuring API keys/tokens for specific notification platforms (e.g., WeWork, DingTalk, Telegram, Home Assistant) as environment variables.
  • ⚠️Requires either a Docker environment or a Python environment with `uvx` for local deployment.
  • ⚠️Outbound network access to the respective third-party notification service APIs (e.g., Telegram, WeWork) is essential for the server to function.
Verified SafeView Analysis
The server processes and transmits messages to various third-party notification services, requiring sensitive API keys and tokens (e.g., for WeWork, DingTalk, Telegram, Home Assistant). These credentials must be securely managed via environment variables. While the implementation itself seems standard for a notification server, improper handling of these credentials or misconfiguration of network access could pose security risks. No obvious malicious code patterns like 'eval' or obfuscation are indicated by the provided information.
Updated: 2025-11-17GitHub
50
5
Low Cost
e18e icon

mcp

by e18e

Sec9

This MCP server advises development agents on modern and performant best practices by identifying inefficient or outdated npm packages and serving migration documentation.

Setup Requirements

  • ⚠️Requires Node.js >=18.
  • ⚠️Build process uses pnpm, though runtime supports npx/pnpm dlx/bunx.
  • ⚠️Project is in 'very early stages' and may break without notice.
Verified SafeView Analysis
The server primarily performs static analysis on user-provided input (install commands, source code) and does not execute any of it. It uses trusted libraries like `es-module-lexer` for parsing and relies on a local `docs.json` file for content. There are no obvious hardcoded secrets, direct use of `eval`, or dynamic network requests based on user input in the runtime code. The `fetch-docs.ts` script fetches content from GitHub during the *build* process, not at runtime, mitigating dynamic content injection risks from external sources during live operation.
Updated: 2025-12-03GitHub
50
49
High Cost
alphavantage icon

alpha_vantage_mcp

by alphavantage

Sec4

An MCP server providing real-time and historical stock market data, financial intelligence, and technical indicators for integration with Large Language Models (LLMs) and agentic workflows.

Setup Requirements

  • ⚠️Requires Python 3.13+
  • ⚠️Requires `uv` package manager (from astral.sh)
  • ⚠️Requires AWS CLI and AWS SAM CLI for cloud deployment
  • ⚠️Requires an Alpha Vantage API Key
  • ⚠️Cloudflare R2 storage account setup is recommended for large response handling (involves creating buckets, custom domains, and API tokens)
  • ⚠️AWS ACM Certificate in `us-east-1` is required for custom domain deployment and needs DNS validation
Review RequiredView Analysis
The web frontend component (`web/components/Markdown.tsx`) contains `eval(onClick);` which is a critical security vulnerability. If the markdown content (and specifically the `onClick` attribute) can be manipulated by an attacker, it could lead to arbitrary code execution in the user's browser. While this is in the frontend and not the direct Python backend server logic, it is part of the provided source code for the overall solution. The backend server code itself follows good practices for handling API keys (using environment variables and context) and implements OAuth 2.1.
Updated: 2025-12-10GitHub
50
84
High Cost
box-community icon

mcp-server-box

by box-community

Sec2

The Box MCP Server provides a Microservice Context Protocol (MCP) interface to interact with the Box API, enabling AI agents and other clients to perform various file, folder, collaboration, metadata, and AI-powered operations on Box content.

Setup Requirements

  • ⚠️Requires extensive Box Custom App configuration (OAuth, CCG, or JWT) via the Box Developer Console, including pre-registering all callback URLs for OAuth flows.
  • ⚠️Heavily relies on environment variables (often from a .env file) for all Box API and MCP server authentication credentials; misconfiguration will lead to startup or runtime errors.
  • ⚠️The `uv` tool is recommended for Python dependency management and execution, which might require an additional setup step for some users.
Review RequiredView Analysis
CRITICAL: The server's `/oauth/register` endpoint, when running with `--transport=http` or `--transport=sse`, directly exposes the configured `BOX_CLIENT_ID` and `BOX_CLIENT_SECRET` in its response. This is a severe hardcoded secret exposure, as these credentials should remain confidential. Anyone accessing this public endpoint can retrieve the client ID and client secret, which could then be used for unauthorized access to the Box API or to impersonate the application.
Updated: 2025-12-02GitHub
50
52
Medium Cost
apache icon

echarts-mcp

by apache

Sec8

Serves as a Model Context Protocol (MCP) server to generate ECharts data visualizations (as image URLs) based on parameters provided by a Large Language Model (LLM).

Setup Requirements

  • ⚠️Requires a Baidu Cloud Storage (BOS) account and configured credentials for image storage.
  • ⚠️Requires Node.js and `npm install` for dependencies, some of which (like `canvas`) may have native build requirements.
  • ⚠️A `.env` file with specific cloud storage and server port (optional) configurations is mandatory.
Verified SafeView Analysis
The server handles API keys and sensitive credentials exclusively via environment variables (checked through .env file presence), which is a good practice. Input data for chart generation is validated for basic array and object structures, and then transformed into ECharts-compatible formats, reducing the risk of arbitrary code injection from LLM outputs. No direct use of `eval` or code obfuscation was detected. The primary security considerations would involve potential vulnerabilities within the ECharts or Canvas rendering libraries themselves, or insecure configurations of the Baidu Cloud Storage (BOS) for image uploads.
Updated: 2025-12-08GitHub
50
79
Medium Cost
spences10 icon

mcp-n8n-builder

by spences10

Sec9

This MCP server enables AI assistants to programmatically create, manage, and monitor n8n workflows by interacting with the n8n REST API.

Setup Requirements

  • ⚠️Requires an n8n instance running and accessible via its REST API.
  • ⚠️Requires an API key for the n8n instance.
  • ⚠️The n8n API endpoint must be in `/api/v1` format; do not include `/settings` in the path (e.g., `https://your-n8n-instance.com/api/v1`).
  • ⚠️Only workflows with automatic trigger nodes (schedule, webhook, etc.) can be activated; workflows with only manual triggers cannot be automatically activated.
Verified SafeView Analysis
The server's code does not contain 'eval', code obfuscation, or hardcoded sensitive secrets (API keys are expected via environment variables). Network risks are inherent to its function, as it connects to a user-configured n8n host. Ensuring `N8N_HOST` points to a trusted n8n instance and `N8N_API_KEY` is kept secure is critical for safe operation.
Updated: 2025-12-14GitHub
PreviousPage 54 of 647Next