Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(7756)

49
61
High Cost
PSPDFKit icon
Sec8

Provides AI assistants with powerful PDF processing capabilities by integrating with the Nutrient Document Web Service (DWS) Processor API for operations like digital signing, document generation, editing, OCR, and redaction.

Setup Requirements

  • ⚠️Requires a Nutrient DWS API Key, which is part of a paid service (sign-up at nutrient.io/api required).
  • ⚠️Requires Node.js (version 18.0.0 or higher) to be installed.
  • ⚠️Sandbox mode (setting the `SANDBOX_PATH` environment variable) is critical for security; running without it is not recommended and exposes the system to potential arbitrary file access.
Verified SafeView Analysis
The server implements a robust sandbox mode, restricting all file operations to a specified directory (via `SANDBOX_PATH` environment variable), which is highly recommended for security. If sandbox mode is disabled, the server will have unrestricted file system access, posing a significant risk for arbitrary file read/write/delete operations if input paths are maliciously crafted. No hardcoded secrets or obvious malicious patterns were found in the source code. Network calls are made exclusively to 'https://api.nutrient.io/'.
Updated: 2025-12-10GitHub
49
73
Medium Cost
cswkim icon
Sec9

Provides a Model Context Protocol (MCP) server for interacting with the Discogs API, enabling music catalog management and search.

Setup Requirements

  • ⚠️Requires `DISCOGS_PERSONAL_ACCESS_TOKEN` environment variable, which must be obtained from Discogs settings.
  • ⚠️Node.js 18.x.x or 20.x.x (or higher) is required.
  • ⚠️Default API pagination `per_page` is set to `5` to prevent client overload; larger responses may be requested but some clients might struggle.
Verified SafeView Analysis
The server handles API calls to Discogs, requiring a personal access token loaded from environment variables. Input validation is robust, utilizing Zod schemas for all tool parameters. The use of a modified `dotenv` library prevents accidental logging of sensitive environment variables. No `eval` or obfuscation detected. The default server host `0.0.0.0` allows external connections, requiring user awareness for secure deployment.
Updated: 2025-12-08GitHub
49
29
Medium Cost
Lekssays icon

codebadger

by Lekssays

Sec3

A containerized Model Context Protocol (MCP) server for multi-language static code analysis using Joern's Code Property Graph (CPG) technology.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose installed and running for the Joern analysis engine.
  • ⚠️Requires Python 3.10+ (Python 3.13 recommended) and pip for server execution and dependencies.
  • ⚠️The server needs access to local codebases via mounted Docker volumes for 'local' source type, or internet access to clone GitHub repositories.
Review RequiredView Analysis
The server has multiple instances of CPGQL Injection vulnerabilities due to the direct embedding of unescaped user-provided input (e.g., `method_name`, `filename`, `variable`, `type_name`) into Scala CPGQL queries. These unescaped inputs are used in tools like `get_call_graph`, `get_method_source`, `find_bounds_checks`, `get_type_definition`, `get_macro_expansion`, `find_taint_flows`, and `get_variable_flow`. A malicious actor could craft inputs to these tools to execute arbitrary Scala code within the Joern container, potentially leading to information disclosure or other container-level impacts. While the server runs in Docker, this vulnerability could compromise the isolation of the Joern analysis environment. The `run_cpgql_query` tool is intended for raw queries and includes some basic safety checks, but these do not extend to the implicitly constructed queries in other tools.
Updated: 2025-12-14GitHub
49
18
Medium Cost
khuynh22 icon

mcp-wireshark

by khuynh22

Sec9

Integrate Wireshark/tshark with AI tools and IDEs to capture live network traffic, analyze PCAP files, apply display filters, and extract protocol data.

Setup Requirements

  • ⚠️Requires Wireshark/tshark to be installed on the system and accessible in the system's PATH.
  • ⚠️Live packet capture may require elevated system permissions (e.g., user added to 'wireshark' group on Linux, Administrator privileges on Windows).
  • ⚠️The server primarily communicates via standard input/output (stdio), making it designed for local integration with IDEs/AI. Remote hosting would require custom implementation of HTTP/SSE transport as per MCP specification.
Verified SafeView Analysis
The server demonstrates robust security practices: file paths are validated against path traversal attempts and allowed extensions, and display filters are sanitized to prevent command injection. It also enforces resource limits for packet count and capture duration. The primary security consideration is the inherent reliance on external Wireshark/tshark binaries, which, if vulnerable, could pose a risk, but the server itself takes precautions against command injection into these tools.
Updated: 2025-12-14GitHub
49
9
High Cost
aserper icon

doc-mcp-server

by aserper

Sec6

The RTFD (Read The F*****g Docs) MCP Server bridges Large Language Models (LLMs) with real-time, up-to-date documentation from various package repositories and cloud platforms, aiming to prevent hallucinations and provide accurate coding context to AI agents.

Setup Requirements

  • ⚠️GitHub API access is heavily rate-limited (60 requests/hour) without a GITHUB_TOKEN; a token is highly recommended for practical use (up to 5000 requests/hour).
  • ⚠️Consuming external content poses risks (indirect prompt injection, malicious code execution) if content is unverified or if the agent acts autonomously.
  • ⚠️Requires Python 3.10 or newer, as specified in `pyproject.toml`.
  • ⚠️If `GITHUB_AUTH` is set to `cli` or `auto`, the GitHub CLI (`gh`) tool must be installed and authenticated.
Review RequiredView Analysis
The server's core function involves fetching potentially unverified content (documentation, code snippets) from external sources (PyPI, npm, GitHub, DockerHub, GCP). This inherently exposes LLM agents to risks such as indirect prompt injection and potential malicious code execution, especially when operating in autonomous modes. The project's README explicitly warns users to 'Use at your own risk.' While the server itself does not contain obvious malicious patterns or `eval` statements, the nature of consuming untrusted external data with AI agents necessitates caution. Mitigation features like optional PyPI package verification (`VERIFIED_BY_PYPI=true`), filtering of sensitive data from VCR cassettes, and the ability to disable content fetching (`RTFD_FETCH=false`) are implemented.
Updated: 2025-12-13GitHub
49
26
Low Cost
respawn-app icon

tool-filter-mcp

by respawn-app

Sec8

Filters tools from upstream Model Context Protocol (MCP) servers based on regex deny lists to reduce LLM context pollution.

Setup Requirements

  • ⚠️Requires Node.js >= 20.0.0
  • ⚠️Requires an upstream MCP server (HTTP/SSE or stdio) to function.
  • ⚠️When using `--upstream-stdio`, the command and its arguments for the upstream server must be explicitly separated by `--` (e.g., `npx ... --upstream-stdio -- npx my-mcp-server`).
Verified SafeView Analysis
The project uses `safe-regex2` to prevent Regular Expression Denial of Service (ReDoS) attacks, which is critical for regex-based filtering. It makes network calls to user-defined upstream MCP servers, which is inherent to its proxy functionality; however, this implies a trust relationship with the specified upstream. No obvious hardcoded secrets or malicious patterns were found.
Updated: 2025-12-01GitHub
49
33
Low Cost
koki-develop icon

mmcp

by koki-develop

Sec8

Manages Model Context Protocol (MCP) server definitions in a central configuration and applies them to various AI agent tools.

Setup Requirements

  • ⚠️Requires Bun for development and building, though the distributed executable is runnable with Node.js.
  • ⚠️Requires write access to the user's home directory for configuration files (e.g., ~/.mmcp.json, ~/.claude.json).
  • ⚠️Only supports a predefined list of AI agents for configuration updates; new agents require code changes.
Verified SafeView Analysis
The tool primarily reads/writes local configuration files (JSON and TOML). It does not contain direct 'eval', obfuscation, hardcoded secrets, or obvious malicious code patterns. File system operations are scoped to user configuration directories. The main security consideration is that it writes user-defined commands and arguments into agent configuration files. This means a user could configure a malicious command which would then be executed by the *target AI agent*, not by mmcp itself. mmcp is a configuration conduit and assumes the user's mmcp configuration is trusted.
Updated: 2025-11-30GitHub
49
29
High Cost
Lekssays icon
Sec7

A containerized Model Context Protocol (MCP) server providing static code analysis using Joern's Code Property Graph (CPG) technology for integration with AI/LLM agents.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose for the Joern server.
  • ⚠️Requires Python 3.10+ (3.13 recommended).
  • ⚠️CPG generation and complex queries are computationally intensive, requiring significant CPU and RAM, especially for large codebases.
Verified SafeView Analysis
The server processes arbitrary source code for analysis, which is an inherent risk. It utilizes Docker containerization for the Joern analysis engine, providing a layer of isolation. Input validation is present for CPGQL queries (blocking dangerous commands like `System.exit`) and source code paths (preventing traversal). Extensive use of `docker exec` for CPG generation and Joern server management inside the container is a critical component; while paths are constrained to the `/playground` mount, any vulnerability in command construction could be severe. No hardcoded secrets were identified. Overall, the system demonstrates awareness of security implications, but running arbitrary static analysis inherently carries risks.
Updated: 2025-12-14GitHub
49
9
High Cost
aserper icon

RTFD

by aserper

Sec3

Provides AI coding agents with real-time access to up-to-date documentation from various package managers and platforms (PyPI, npm, GitHub, DockerHub, GCP, GoDocs, Zig), preventing hallucinations from outdated LLM training data.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️A GitHub API token (GITHUB_TOKEN) is highly recommended for GitHub-related tools to increase API rate limits; otherwise, it's limited to 60 requests/hour. Alternatively, GITHUB_AUTH=cli can leverage the GitHub CLI for authentication.
  • ⚠️The RTFD_FETCH=true environment variable is crucial for enabling documentation content fetching. If set to false (or default is false), only metadata lookups are available, limiting the server's primary functionality.
  • ⚠️Enabling VERIFIED_BY_PYPI=true restricts Python package documentation to only PyPI-verified sources, which may lead to tool failures if the agent requests documentation for an unverified but legitimate package.
Review RequiredView Analysis
The server fetches arbitrary, potentially untrusted, content from external sources (e.g., GitHub READMEs, PyPI descriptions, DockerHub docs). This inherently carries a significant risk of indirect prompt injection and potential malicious code execution, especially when operating in autonomous AI agent modes. The use of `docutils` to parse reStructuredText from untrusted sources, though configured to suppress warnings, is also a potential vector for vulnerabilities. While hardcoded secrets are avoided and sensitive data is filtered in testing, the fundamental access to untrusted external content poses a high security risk. Mitigation options like `RTFD_FETCH=false` (disables content fetching) and `VERIFIED_BY_PYPI=true` (restricts PyPI docs to verified packages) are available but require explicit configuration by the user.
Updated: 2025-12-13GitHub
49
35
High Cost
ChiR24 icon

Unreal_mcp

by ChiR24

Sec1

Enables AI assistants to control Unreal Engine via Remote Control API for game development automation.

Setup Requirements

  • ⚠️Requires Unreal Engine 5.0-5.6 and manual activation of several specific UE plugins (Remote Control API, Remote Control Web Interface, Python Editor Script Plugin, Editor Scripting Utilities, Sequencer, Level Sequence Editor).
  • ⚠️Requires manual modification of Unreal Engine project configuration files (`Config/DefaultEngine.ini`) and project settings to enable remote Python execution.
  • ⚠️Requires Node.js 18+ to run.
Review RequiredView Analysis
CRITICAL: The `eval()` function is used in `src/tools/build_environment_advanced.ts` (`createProceduralTerrain`) to execute user-provided Python code for `heightFunction`. This allows arbitrary code execution if a malicious user controls the `heightFunction` parameter. Additionally, the `executePython` function is extensively used across many tools (e.g., Niagara, Animation, Actors, Lighting, Remote Control, Sequence, Introspection, Visual, Blueprint, Logs, Assets, Foliage, Debug) to construct and execute Python scripts based on user input, which, despite some sanitization efforts, significantly increases the attack surface for Python injection vulnerabilities. The `console_command` tool also allows direct execution of user-provided console commands with only a blacklist, posing further risk. This server should only be used in highly trusted, isolated environments where all inputs are strictly validated and controlled.
Updated: 2025-12-14GitHub
49
30
Medium Cost
infranodus icon
Sec8

Integrates InfraNodus knowledge graph and text network analysis capabilities into LLM workflows and AI assistants for advanced text analysis, content gap detection, and SEO optimization.

Setup Requirements

  • ⚠️Requires InfraNodus API Key (paid after trial/quota for sustained use).
  • ⚠️Requires Node.js 18+ runtime environment.
Verified SafeView Analysis
The server uses standard practices for API key handling via environment variables and does not appear to contain obvious malicious patterns or insecure code execution (e.g., 'eval'). All network requests are directed to a configurable API base URL, mitigating direct SSRF risks from user input within this server's scope, but relies on the upstream InfraNodus API's security. It suppresses console error logs to prevent interfering with the MCP protocol, which could make local debugging harder but is not a security flaw.
Updated: 2025-12-03GitHub
49
58
Low Cost
softwaremill icon

chimp

by softwaremill

Sec8

A Scala 3 library for building Model Context Protocol (MCP) servers, exposing type-safe tools as a JSON-RPC HTTP API.

Setup Requirements

  • ⚠️Requires a Scala 3 build environment (sbt or scala-cli).
  • ⚠️Requires a Tapir-compatible HTTP server interpreter dependency (e.g., tapir-netty-server-sync, tapir-zio-http-server) to run the server.
  • ⚠️Example tools like 'weatherMcp' depend on the availability of external APIs (Nominatim, Open-Meteo) for their functionality.
Verified SafeView Analysis
The framework itself appears robust, leveraging Scala's type safety and Tapir's well-established endpoint definitions. No 'eval' or similar dangerous runtime code execution is evident. Hardcoded secrets are not present in the provided snippets. The primary security considerations would stem from how developers implement the 'handle' or 'handleWithHeaders' logic for their specific tools: - External Service Calls: Examples like 'weatherMcp' interact with external APIs (Nominatim, Open-Meteo). Misuse of these or lack of rate limiting/error handling in the custom logic could lead to denial-of-service or unexpected costs. - Header Handling: 'handleWithHeaders' provides direct access to HTTP headers. Custom tool logic must correctly validate and sanitize any sensitive information or user input from headers to prevent injection attacks or information leakage. - Input Validation: While Tapir and Circe provide type-safe decoding, complex business logic within 'handle' functions still requires careful validation of the input type to prevent logical flaws or resource exhaustion.
Updated: 2025-12-13GitHub
PreviousPage 56 of 647Next