Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

50
90
High Cost
VeriTeknik icon

pluggedin-app

by VeriTeknik

Sec9

A testing environment for MCP (Model Control Protocol) servers, allowing interaction through a chat interface powered by LLMs and an AI agent using the LangChain ReAct framework.

Setup Requirements

  • ⚠️Requires OpenAI, Anthropic, or Google API Key for LLM integration and email translation (Paid services).
  • ⚠️Requires PostgreSQL database for persistent storage.
  • ⚠️Requires Redis for session management and distributed rate limiting.
  • ⚠️Requires Docker (for deployment) and potentially Bubblewrap/Firejail (for sandboxing on Linux hosts, if not containerized with them).
  • ⚠️GitHub API Token required for repository analysis and publishing to the MCP Registry.
Verified SafeView Analysis
The application exhibits a robust security posture, incorporating numerous defense-in-depth measures. Key strengths include: comprehensive input validation and sanitization (URLs, paths, external IDs, HTML content) to prevent XSS, path traversal, and SSRF attacks; strong authentication security with bcrypt (cost factor 14), brute-force protection (account lockout), and detailed audit logging; secure session management with JWTs, periodic revalidation, and session invalidation on password changes; robust data encryption (AES-256-GCM with scrypt and random salts) for sensitive data at rest; global CSRF protection and HTTP security headers (CSP with nonce, X-Frame-Options, X-Content-Type-Options, etc.); and critical sandboxing capabilities for executing external MCP server code via Bubblewrap/Firejail for process, filesystem, and network isolation. While in-memory rate limiting is noted as a 'CRITICAL TODO' for multi-instance deployments in one file, other files show the use of `ioredis` for distributed rate limiting, mitigating this, though fallback to in-memory still presents a risk if Redis fails. `process.setMaxListeners` is used, which is a practical mitigation but could be a resource exhaustion vector if many STDIO servers are connected concurrently without proper scaling.
Updated: 2026-01-17GitHub
50
96
High Cost
nkapila6 icon

mcp-local-rag

by nkapila6

Sec8

Provides a local, RAG-like web search tool for Large Language Models to retrieve current information and context.

Setup Requirements

  • ⚠️Requires Docker or uv for installation.
  • ⚠️Requires Python 3.10.
  • ⚠️Downloads a MediaPipe Text Embedder model locally (~20MB).
Verified SafeView Analysis
The server fetches content from arbitrary URLs found via DuckDuckGo. While the content is processed to plain text (mitigating direct script execution risks), fetching from untrusted sources always carries inherent risks. No 'eval' or direct code execution from fetched content is observed. No hardcoded secrets are present in the provided code.
Updated: 2026-01-19GitHub
50
54
High Cost
mkellerman icon

bmad-mcp-server

by mkellerman

Sec3

Provides AI assistants with access to specialized agents and automated workflows from the BMAD (Business Methodology Automation and Delivery) methodology.

Setup Requirements

  • ⚠️Node.js 18 or later is required.
  • ⚠️An MCP-compatible client (e.g., Claude Desktop, VS Code with Copilot, Cline) is needed to interact with the server.
  • ⚠️E2E tests require a LiteLLM proxy running (typically via Docker), which uses real LLM APIs and incurs costs. API keys for your chosen LLM provider (e.g., OpenAI, Anthropic) are necessary, often configured via a mounted `~/.config/litellm` directory.
Review RequiredView Analysis
A critical path traversal vulnerability exists in the `ReadResourceRequestSchema` handler and `ResourceLoaderGit.loadFile` function. If a malicious actor can control the `uri` parameter (e.g., `bmad:///etc/passwd` or `bmad://../../../../etc/passwd`), they can read arbitrary files on the system that the Node.js process has access to. The `path.join` function, when given an absolute path segment (like `/etc/passwd`) or enough `../` segments, can escape the intended `bmadRoot` directory. This allows unauthorized access to sensitive data. Additionally, while Git cloning to `~/.bmad/cache/git` limits impact, it still involves executing external `git` commands with URLs that could potentially be malicious, though `--depth 1` helps mitigate some deep repository risks.
Updated: 2026-01-05GitHub
50
87
Medium Cost
stape-io icon
Sec9

This server acts as a middleware to connect MCP (Model Context Protocol) clients with the Google Tag Manager API, enabling programmatic management of GTM accounts, containers, and resources.

Setup Requirements

  • ⚠️Requires a compatible MCP client (e.g., Claude Desktop, Cursor AI) and specific client-side configuration to connect.
  • ⚠️Requires Google OAuth authentication to access Google Tag Manager API, necessitating user consent and proper Google API project setup.
  • ⚠️Designed for deployment on Cloudflare Workers, requiring a Cloudflare account and configuration of several environment variables.
Verified SafeView Analysis
The server uses a robust OAuth provider (`@cloudflare/workers-oauth-provider`) for Google authentication, ensuring secure handling of credentials via environment variables. It explicitly states that it acts as a pass-through proxy, not storing or processing user data or Tag Manager content. HTML sanitization (`sanitizeHtml`) is applied to client information in the approval dialog to prevent XSS. The `/remove` endpoint allows users to revoke access and clear session data, enhancing privacy and security.
Updated: 2026-01-13GitHub
50
78
Low Cost
lirantal icon

ls-mcp

by lirantal

Sec8

Command-line tool for discovering, analyzing, and reporting on Model Context Protocol (MCP) server configurations in a local development environment.

Setup Requirements

  • ⚠️Requires Node.js runtime (>=20.13.0)
Verified SafeView Analysis
The tool uses `child_process.execSync` to list running processes, but the commands executed (`ps` or `powershell`) are fixed and for system introspection, not for executing arbitrary user-provided input. File system operations are primarily for reading configuration files. The `CredentialDetectionService` enhances security awareness by identifying potential credential exposure within detected MCP server configurations, rather than introducing vulnerabilities itself. Overall, risks are low for an introspection CLI tool.
Updated: 2026-01-19GitHub
50
80
High Cost
stacklok icon

toolhive-studio

by stacklok

Sec5

ToolHive is a desktop application (Electron UI) for discovering, deploying, and managing Model Context Protocol (MCP) servers in isolated containers, and connecting them to AI agents and clients.

Setup Requirements

  • ⚠️Requires Docker daemon to be running locally.
  • ⚠️Requires Node.js version 22.0.0 (specified in `package.json` and README).
  • ⚠️Uses `pnpm` as the package manager for development.
Verified SafeView Analysis
The application uses hardcoded encryption keys ('toolhive-threads-encryption-key', 'toolhive-chat-encryption-key') for Electron Store, including for API keys and chat history. While this provides basic obfuscation, it offers no real security against a determined attacker who can access the application's code. Sensitive data stored with these keys should not be considered truly secure. The application properly uses `contextBridge` for secure IPC and implements a strong Content Security Policy (CSP). Executing external binaries (`thv`, `docker`, `podman`) is inherent to its functionality and appears controlled, but is always a potential attack surface if user input is not rigorously sanitized.
Updated: 2026-01-19GitHub
50
25
Medium Cost
sagemcp icon

sagemcp

by sagemcp

Sec8

A scalable platform for hosting Multi-tenant Model Context Protocol (MCP) servers with multi-tenant support, OAuth integration, and connector plugins for various services.

Setup Requirements

  • ⚠️Requires Kubernetes 1.21+ and Helm 3.8+ for production deployment.
  • ⚠️PostgreSQL and Redis are essential for database persistence and caching functionality.
  • ⚠️External OAuth provider (e.g., GitHub) client ID and secret are required to enable respective connectors.
  • ⚠️A strong `SECRET_KEY` environment variable must be generated and set for production environments.
Verified SafeView Analysis
The application uses environment variables for sensitive data like OAuth client IDs/secrets and database credentials. It includes a mechanism to generate a `SECRET_KEY` for development if not provided, which is convenient but requires attention in production. CORS `allow_origins=["*"]` is set by default, explicitly noted in the code as needing configuration for production. Default 'changeme' passwords in the Helm chart are highlighted as needing change for production. OAuth redirect URIs for CLI flows are correctly validated for localhost, and for web flows, `PUBLIC_URL` or forwarded headers are used, which is standard practice. HTTP client uses SSL verification and connection pooling for performance and security.
Updated: 2025-12-01GitHub
50
13
Low Cost

mcp-notify

by aahl

Sec8

A Model Context Protocol (MCP) server designed to send messages and notifications across various platforms like WeWork, DingTalk, Telegram, Lark, Home Assistant, Bark, Ntfy, and PushPlus.

Setup Requirements

  • ⚠️Requires obtaining and securely configuring API keys/tokens for specific notification platforms (e.g., WeWork, DingTalk, Telegram, Home Assistant) as environment variables.
  • ⚠️Requires either a Docker environment or a Python environment with `uvx` for local deployment.
  • ⚠️Outbound network access to the respective third-party notification service APIs (e.g., Telegram, WeWork) is essential for the server to function.
Verified SafeView Analysis
The server processes and transmits messages to various third-party notification services, requiring sensitive API keys and tokens (e.g., for WeWork, DingTalk, Telegram, Home Assistant). These credentials must be securely managed via environment variables. While the implementation itself seems standard for a notification server, improper handling of these credentials or misconfiguration of network access could pose security risks. No obvious malicious code patterns like 'eval' or obfuscation are indicated by the provided information.
Updated: 2025-11-17GitHub
50
44
Low Cost
heroui-inc icon

heroui-mcp

by heroui-inc

Sec8

Provides HeroUI design system component documentation and theme data to AI assistants/coding agents.

Setup Requirements

  • ⚠️Requires Node.js v22+ and pnpm package manager.
  • ⚠️Requires Cloudflare R2 credentials (ACCOUNT_ID, ACCESS_KEY_ID, SECRET_ACCESS_KEY, BUCKET_NAME) for data storage and extraction.
  • ⚠️For the local testing harness (Mastra playground), one of the following API keys is required: ANTHROPIC_API_KEY, OPENAI_API_KEY, or AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY/AWS_REGION for Bedrock.
  • ⚠️A SERVICE_AUTH_TOKEN is required for the authentication middleware if enabled.
Verified SafeView Analysis
The project uses Cloudflare Workers, which limits direct file system access. Environment variables are used for sensitive credentials (R2, API keys, service auth tokens), which is a good practice. CORS is set to '*' for API endpoints, which is typical for public APIs but assumes all sensitive actions are adequately protected by the `authMiddleware`. No obvious 'eval' or direct injection vulnerabilities were found in the provided core API logic.
Updated: 2026-01-19GitHub
50
51
Medium Cost
zhongweili icon
Sec9

Provides AI-powered image generation and editing capabilities through Google's Gemini models with intelligent model selection.

Setup Requirements

  • ⚠️Requires a Google Gemini API Key (can be free tier, but usage may incur costs).
  • ⚠️Requires Python 3.11+.
  • ⚠️For Google Cloud deployments, Vertex AI Application Default Credentials (ADC) with the `roles/aiplatform.user` IAM role are needed if not using an API key.
  • ⚠️Recommends `uv` for easy installation and management, which needs to be installed separately.
Verified SafeView Analysis
API keys are loaded from environment variables (GEMINI_API_KEY or GOOGLE_API_KEY), not hardcoded. Input validation is present for prompts and file paths, including basic path traversal protection. Error details can be masked in production. Logging of sensitive data is sanitized. Build scripts use `subprocess` for `uv` and `twine` commands, which is standard for packaging but should be run in a trusted environment. No obvious 'eval' or other highly dangerous patterns were found in the core server logic.
Updated: 2026-01-17GitHub
50
143
Low Cost
pi22by7 icon

In-Memoria

by pi22by7

Sec9

Provides persistent intelligence infrastructure for AI agents, enabling them to understand codebases, detect patterns, predict coding approaches, and generate context-aware insights.

Setup Requirements

  • ⚠️Requires Node.js version 18 or higher.
  • ⚠️Relies on platform-specific Rust native bindings; unsupported platforms or build issues may result in degraded (TypeScript-based) analysis or failure.
  • ⚠️The 'SURREAL_SYNC_DATA' environment variable is recommended to be explicitly set to 'true' for crash safety.
Verified SafeView Analysis
The server operates primarily over standard I/O (stdio), limiting direct network attack surface. It relies on native Rust binaries for core analysis, which could be a risk if the binaries are compromised, but this is mitigated by open-source development. No explicit 'eval' usage or hardcoded critical secrets were found. 'JSON.parse' is used but inputs are validated by Zod schemas, reducing common injection risks.
Updated: 2025-12-23GitHub
50
120
Medium Cost
winor30 icon
Sec9

Enables programmatic interaction with various Datadog services, providing tools for incident management, monitoring, logging, metrics querying, APM trace analysis, RUM event processing, and host/downtime administration.

Setup Requirements

  • ⚠️Requires Datadog API Key (DATADOG_API_KEY) and Application Key (DATADOG_APP_KEY) which may be associated with a paid Datadog account.
  • ⚠️This is a community-maintained project and is not officially affiliated with, endorsed by, or supported by Datadog, Inc.
  • ⚠️The volume of data returned by tools like `get_logs`, `list_traces`, or RUM event queries can be substantial, potentially leading to high token costs for large data retrievals.
Verified SafeView Analysis
The server is designed to use environment variables (DATADOG_API_KEY, DATADOG_APP_KEY) for sensitive credentials, preventing hardcoded secrets. It employs Zod for robust input validation, mitigating injection risks. All external communication is with the Datadog API, which is expected functionality. Error handling for API responses (e.g., 4xx, 5xx statuses) is implemented, contributing to overall stability and security.
Updated: 2026-01-07GitHub
PreviousPage 56 of 760Next