Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(7756)

50
13
Low Cost
ssssota icon

chapplin

by ssssota

Sec8

A framework for building type-safe Model Context Protocol (MCP) servers with JSX-based UI components for OpenAI ChatGPT Apps.

Setup Requirements

  • ⚠️Requires familiarity with TypeScript and Zod for type-safe tool definitions.
  • ⚠️The UI components (widgets) are designed to run within the ChatGPT environment, expecting the `window.openai` API to be present. Local development uses a Vite server for preview.
  • ⚠️Uses `pnpm` as the package manager, which needs to be installed globally or locally.
Verified SafeView Analysis
The framework utilizes `zod` for schema validation, which relies on `ajv` that internally uses `new Function` (a form of `eval`) for schema compilation. This is a common practice for validation libraries but introduces a theoretical attack surface if arbitrary schema definitions can be injected. The framework's core logic does not appear to directly execute user-provided arbitrary code outside of defined tool handlers and UI components. The overall security depends heavily on the developer's implementation of tool logic and handling of user input within those tools.
Updated: 2025-12-15GitHub
50
77
Medium Cost
zwldarren icon

akshare-one-mcp

by zwldarren

Sec8

Provides comprehensive data interfaces for the China stock market, including historical data, real-time quotes, news, financial statements, and technical indicators.

Setup Requirements

  • ⚠️Requires Python 3.12 or newer.
  • ⚠️Requires 'uv' for installation and dependency management.
  • ⚠️Relies on external `akshare` and `akshare-one` libraries for data, whose data sources and reliability are external factors.
Verified SafeView Analysis
The server primarily acts as a data proxy using `akshare` and `akshare-one` libraries. No direct 'eval' or command injection vulnerabilities are apparent in the provided source code. It supports HTTP mode, binding to '0.0.0.0', which means it will be accessible from all network interfaces; this is standard for servers but requires proper network configuration (e.g., firewalls) in production environments. CORS is configured to allow all origins. Overall, it appears to be reasonably safe, relying on the security of its underlying data scraping libraries.
Updated: 2025-12-12GitHub
50
33
Low Cost
spences10 icon

mcpick

by spences10

Sec8

A CLI tool for dynamically managing Claude Code's MCP server configurations to optimize context usage and performance.

Setup Requirements

  • ⚠️Requires Node.js 22+
  • ⚠️Requires Claude Code CLI installed and configured
Verified SafeView Analysis
The tool utilizes `node:child_process.execAsync` to invoke `claude` CLI commands. While direct execution of shell commands carries inherent risks, the codebase implements `shell_escape` for user-provided server names, commands, and arguments, and `is_valid_env_key` for environment variable keys. These measures significantly mitigate common command injection vulnerabilities. Input validation is further enhanced by `valibot` schemas. No hardcoded secrets or other malicious patterns were identified in the provided source. The safety of the executed MCP servers themselves, and the Claude CLI, falls outside this analysis.
Updated: 2025-12-14GitHub
50
609
Medium Cost
thorsten icon

phpMyFAQ

by thorsten

Sec9

A multilingual FAQ system that allows Large Language Models (LLMs) to search and retrieve relevant FAQ entries, providing contextual answers for AI assistants.

Setup Requirements

  • ⚠️Requires PHP 8.3+ with several specific extensions (cURL, GD, XMLWriter, JSON, Filter, SPL, FileInfo, Sodium, intl).
  • ⚠️Mandatory database setup (MySQL, PostgreSQL, MS SQL Server, SQLite3, MariaDB, Percona Server) with specific user permissions.
  • ⚠️If using Elasticsearch or OpenSearch for search, additional system-level kernel configuration (`vm.max_map_count`) is required, which can be challenging in constrained environments.
Verified SafeView Analysis
The project explicitly addresses security with a detailed `SECURITY.md` policy, including private vulnerability reporting and defined SLAs. It utilizes modern PHP security practices such as input filtering (`phpMyFAQ\Filter`, `HtmlSanitizer`), robust password hashing (`bcrypt` support), and CSRF tokens. Hardcoded development secrets are confined to `docker-compose.yml` and test documentation. The experimental MCP server is designed for read-only access and respects existing visibility rules, mitigating direct write vulnerabilities. Historical vulnerabilities in older versions have been actively patched, indicating a proactive security posture.
Updated: 2025-12-15GitHub
50
49
Low Cost
nickytonline icon
Sec8

A TypeScript template for building remote Model Context Protocol (MCP) servers with robust tooling, best practices, and an example 'echo' tool for AI model interaction.

Setup Requirements

  • ⚠️Requires Node.js version 22.18.0 or higher.
  • ⚠️Requires `npm install` and `npm run build` to be executed before starting the server.
Verified SafeView Analysis
The server demonstrates good security practices by using Zod for input schema validation and catching/logging errors to prevent information leakage. Session IDs are generated using `randomUUID`, which is strong. However, the provided code for the Express handler does not explicitly implement application-level rate-limiting or advanced validation for incoming `mcp-session-id` headers beyond checking for existence, potentially relying on the underlying MCP SDK or infrastructure to handle these concerns. No hardcoded secrets or direct `eval` of user input are present.
Updated: 2025-12-11GitHub
50
7
Medium Cost
realloon icon

RIMCP

by realloon

Sec9

Provides a Model Context Protocol (MCP) server for searching and browsing RimWorld game source code and XML Defs.

Setup Requirements

  • ⚠️Bun runtime must be installed.
  • ⚠️Ripgrep ('rg') must be installed and available in the system's PATH.
  • ⚠️Requires a local RimWorld game installation to extract source code and Defs from. The process to populate the 'dist/assets' directory (likely via `src/scripts/import-data.ts`) is not fully documented in the 'Get started' section of the README, which could lead to setup friction.
Verified SafeView Analysis
The server implements strong security measures. File system operations are sandboxed to a 'dist/assets' directory using `PathSandbox` to prevent directory traversal attacks. Database queries are parameterized to prevent SQL injection. External command execution via `ripgrep` uses Bun's safe `$()` template literal, mitigating shell injection risks.
Updated: 2025-12-13GitHub
50
134
Medium Cost
weibaohui icon

kom

by weibaohui

Sec2

Manages Kubernetes clusters and resources, providing an SDK-level wrapper for kubectl/client-go with Multi-Cluster Proxy (MCP) server capabilities.

Setup Requirements

  • ⚠️Requires access to a Kubernetes cluster (via kubeconfig or in-cluster setup).
  • ⚠️AWS CLI must be installed and configured on the host running the server for EKS cluster integration.
  • ⚠️The default server setup uses a weak 'username' header for client identification; users MUST implement robust authentication and authorization logic via callbacks to secure privileged Kubernetes operations.
  • ⚠️Directly accepts AWS credentials (AccessKey/SecretAccessKey) in EKSAuthConfig, which are then used as environment variables for AWS CLI calls by child processes.
Review RequiredView Analysis
Critical security risks identified: 1. Weak default authentication: The 'main.go' example's MCP server uses 'username' from HTTP headers as an identifier, providing no actual authentication or authorization mechanism. This means any client can spoof a user. 2. Direct handling of AWS Access Keys/Secret Access Keys: EKS configuration directly accepts these sensitive credentials, which are then passed as environment variables to the 'aws' CLI for execution. 3. Highly privileged Kubernetes operations: The server exposes a wide range of powerful K8s operations (e.g., arbitrary file operations within Pods, node cordon/drain, creating privileged node/kubectl shells) via its API. Without a custom callback implementation for proper authorization (which is explicitly left to the user), these operations are unsecured. 4. SQL-like query capability: While useful, if not properly secured by authorization callbacks, this could allow unauthorized users to perform broad or sensitive queries/manipulations on K8s resources.
Updated: 2025-11-22GitHub
50
92
Low Cost
wanaku-ai icon

wanaku

by wanaku-ai

Sec7

Wanaku is an MCP (Model Context Protocol) Router that acts as a centralized hub for managing and governing how AI agents access tools and resources.

Setup Requirements

  • ⚠️Requires a running Keycloak instance for authentication (can be local via Podman/Docker).
  • ⚠️Docker or Podman is required for local Keycloak and running capabilities as containers.
  • ⚠️For production, Kubernetes or OpenShift is recommended for deployment, requiring `kubectl`/`oc` and `helm` CLIs.
Verified SafeView Analysis
The project uses Keycloak for authentication and authorization, supports TLS, and encourages secure secret management via Kubernetes Secrets or environment variables in production. Internal communication uses gRPC for efficiency and type safety. However, the 'exec' tool capability (wanaku-tool-service-exec) is explicitly noted in its README as having 'no input validation' and directly executes commands derived from tool URIs. This is a significant security risk if administrators configure tools with user-controlled input paths without careful sanitization, potentially leading to arbitrary command execution (RCE). While documented, its presence and direct execution model lower the overall score. Other components follow good security practices.
Updated: 2025-12-10GitHub
49
78
Medium Cost
seuros icon

action_mcp

by seuros

Sec8

Provides a Model Context Protocol (MCP) server for Ruby on Rails applications, enabling them to expose structured data, tools, and prompts to Large Language Models (LLMs) for context-aware AI interactions.

Setup Requirements

  • ⚠️Requires a compatible database (PostgreSQL, SQLite) and specific migrations for both ActionMCP and the chosen PubSub adapter (e.g., SolidMCP).
  • ⚠️Careful configuration of the PubSub adapter (`solid_mcp`, `redis`, or `simple`) is required; `SolidMCP` is recommended for production and needs an additional gem and migrations.
  • ⚠️It runs as a standalone Rack application (`mcp.ru`) and should not be mounted within a traditional Rails `routes.rb`, potentially leading to deployment and routing confusion for typical Rails setups.
  • ⚠️Developers may need to use `mcp_vanilla.ru` instead of `mcp.ru` to avoid middleware conflicts with existing Rails applications, necessitating careful setup of Rack middleware.
Verified SafeView Analysis
The framework provides strong security features including authentication via a pluggable Gateway, consent management for sensitive operations (`requires_consent!`), and explicit protocol versioning with enhancements like OAuth 2.1 resource server support and DNS rebinding protection. It intentionally avoids insecure transports (STDIO). However, the ultimate security posture depends on the implementation of individual tools, prompts, and resource templates by the developer. While the core gem is secure, a dummy `ExecuteCommandTool` exists in the test suite, highlighting that developers must rigorously validate inputs and authorize actions within their custom components to prevent command injection or other vulnerabilities.
Updated: 2025-12-11GitHub
49
76
Medium Cost
vantage-sh icon

vantage-mcp-server

by vantage-sh

Sec9

Facilitates natural language interaction with Vantage cloud cost data and resources via Model Context Protocol (MCP) clients.

Setup Requirements

  • ⚠️Requires a Vantage API token and an active Vantage account with connected cloud providers.
  • ⚠️Requires an MCP-compatible client (e.g., Claude Desktop, Cursor) for interaction.
  • ⚠️Node.js (v18 or higher) and npm must be installed.
  • ⚠️For remote (HTTP) deployment, a Cloudflare account is needed.
Verified SafeView Analysis
The server leverages environment variables (e.g., VANTAGE_TOKEN, AUTH0_CLIENT_SECRET) for sensitive data, which is a good practice. OAuth authentication is implemented using 'oauth4webapi' and Cloudflare's OAuth Provider, including PKCE and CSRF protection, indicating a robust approach to user authentication. API calls to the Vantage backend are handled by a shared 'callApi' function, which includes user-agent headers for traceability and structured error handling for non-OK responses, preventing direct exposure of raw API errors. No 'eval' or obvious code obfuscation found. External network calls are confined to the Vantage API.
Updated: 2025-12-12GitHub
49
74
Low Cost
heroku icon
Sec3

Facilitates seamless interaction between large language models (LLMs) and the Heroku Platform for resource management and operations.

Setup Requirements

  • ⚠️Requires Heroku CLI version 10.8.1 or higher to be installed globally.
  • ⚠️Authentication requires either an existing Heroku CLI session (`heroku mcp:start`) or setting the `HEROKU_API_KEY` environment variable.
  • ⚠️Requires Node.js version 20 or higher.
Review RequiredView Analysis
The server constructs and executes shell commands using user-controlled input in several tools, most notably `deploy_one_off_dyno` and `pg_psql`. The `deploy_one_off_dyno` tool concatenates user-provided `command` and `sources` content (which is written to temporary files) using `&&` operators, creating a high risk of command injection if adversarial input is provided for `command` or `source.contents`. The `pg_psql` tool also interpolates user-provided SQL commands directly into a shell command string, which could be vulnerable to injection if the input contains escaped quotes or command substitution. While `HEROKU_API_KEY` is handled via environment variables, the direct execution of unsanitized input by child processes represents a significant security risk for command injection.
Updated: 2025-12-14GitHub
49
76
Medium Cost
narumiruna icon

yfinance-mcp

by narumiruna

Sec9

A simple MCP server for fetching Yahoo Finance stock data, news, and financial charts.

Setup Requirements

  • ⚠️Requires Python 3.12 or newer.
  • ⚠️Requires `uv` package installer for local development or deployment via uvx.
Verified SafeView Analysis
The server uses trusted Python libraries like `yfinance` and `mplfinance` for data retrieval and chart generation. No direct use of `eval`, `exec`, or other high-risk functions was found. Input parameters for tools are type-hinted, limiting arbitrary data injection. Reliance on the `yfinance` library implies trust in its upstream data sources and handling.
Updated: 2025-12-08GitHub
PreviousPage 55 of 647Next