Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(7756)

48
47
Medium Cost
mcp-use icon

mcp-use-cli

by mcp-use

Sec4

An interactive command-line interface (CLI) tool for connecting to and interacting with Model Context Protocol (MCP) servers using natural language, acting as an AI client that orchestrates LLM responses with external tools.

Setup Requirements

  • ⚠️Requires API keys for chosen LLM providers (e.g., OpenAI, Anthropic, Google), most of which are paid services.
  • ⚠️For local MCP servers, execution relies on `npx` (Node.js Package Executor) and specific `@modelcontextprotocol/*` packages, which might be auto-installed but incur runtime dependencies.
  • ⚠️The `mcp-use` core dependency lists Node.js >=22.0.0 as an engine requirement, potentially conflicting with the CLI's own Node.js >=16 requirement.
Review RequiredView Analysis
The CLI stores API keys and server configurations in a local file (`~/.mcp-use-cli/config.json`) with client-side encryption. However, the encryption key is deterministically derived from hardcoded strings, making it vulnerable to decryption by anyone with access to the source code. A critical risk lies in the core functionality allowing users to add 'Local Server' configurations that specify arbitrary commands and arguments (e.g., `npx @modelcontextprotocol/server-filesystem`). While intended for tool integration, this design means that loading a malicious server configuration could lead to arbitrary code execution on the user's machine, requiring users to fully trust the source of all added MCP server configurations. Telemetry is collected via Scarf, with opt-out options.
Updated: 2025-11-24GitHub
48
61
Medium Cost
MatanYemini icon

bitbucket-mcp

by MatanYemini

Sec9

A Model Context Protocol (MCP) server that enables AI assistants to interact with Bitbucket Cloud and Server APIs for managing repositories, pull requests, and pipelines.

Setup Requirements

  • ⚠️Requires Node.js 18 or higher.
  • ⚠️Requires a Bitbucket App Password (not your regular Bitbucket password) with specific permissions (Repositories: Read, Pull requests: Read/Write, Pipelines: Read).
  • ⚠️Authentication requires either `BITBUCKET_TOKEN` or both `BITBUCKET_USERNAME` and `BITBUCKET_PASSWORD` to be set as environment variables.
  • ⚠️A default Bitbucket workspace is typically required, either explicitly set via `BITBUCKET_WORKSPACE` or inferred from `BITBUCKET_URL`.
Verified SafeView Analysis
The server explicitly disables 'dangerous' operations (like deletions) by default, requiring an environment variable (BITBUCKET_ENABLE_DANGEROUS=true) to enable them, which is a strong safety feature. All sensitive credentials (tokens, usernames, passwords) are loaded from environment variables. URL normalization logic helps prevent common URL manipulation attacks. Pagination limits prevent excessive data fetching. Logging uses Winston with configurable file paths, including safe handling of temporary log files for pipeline output.
Updated: 2025-12-15GitHub
48
68
High Cost
Qoyyuum icon
Sec8

Allows AI assistants to control MetaTrader 5 terminal for automated trading, market data analysis, and historical data retrieval.

Setup Requirements

  • ⚠️Requires MetaTrader 5 terminal installed on a Windows operating system.
  • ⚠️Requires Python 3.11 or higher.
  • ⚠️Requires `uv` package manager for recommended installation and execution.
  • ⚠️MT5 account credentials (login, password, server) and MT5 terminal executable path must be securely configured/provided to the `initialize` and `login` tools.
Verified SafeView Analysis
The server's `initialize` tool takes a `path` argument to the MT5 executable. While necessary for its function, an unconstrained AI or user could potentially provide a malicious path. If the server is configured for HTTP transport (`MT5_MCP_TRANSPORT=http`) and exposed publicly (not limited to `127.0.0.1`), it could be vulnerable. Sensitive MT5 account credentials (login, password, server) are passed as direct arguments to the `login` tool, requiring secure management by the client application and not exposing them in client-side hardcoding or insecure environment files. No obvious 'eval' or direct arbitrary code execution patterns were found within the core server logic.
Updated: 2025-12-15GitHub
48
4
Low Cost
missdeer icon

gemini-mcp-rs

by missdeer

Sec9

Provides a high-performance MCP server to integrate AI-driven tasks via the Gemini CLI with MCP-compatible clients.

Setup Requirements

  • ⚠️Requires Gemini CLI to be installed and configured separately on the system.
  • ⚠️Requires Rust 1.90+ for building from source.
  • ⚠️Requires an MCP-compatible client (e.g., Claude Code) to interact with the server.
Verified SafeView Analysis
The server safely wraps the Gemini CLI, using `Command::arg()` to prevent shell injection from user prompts. It includes timeouts for execution and limits on output capture to mitigate resource exhaustion. The `sandbox` option relies on the underlying Gemini CLI's sandboxing capabilities. The primary security considerations involve the trustworthiness of the installed Gemini CLI and the environment variable `GEMINI_BIN`.
Updated: 2025-12-06GitHub
48
71
Medium Cost
serpapi icon

mcp-server

by serpapi

Sec8

Provides a Model Context Protocol (MCP) server to integrate various search engine results and data extraction from SerpApi.

Setup Requirements

  • ⚠️Requires a SerpApi API Key (paid service) to function effectively, provided by the client with each request.
  • ⚠️Requires Python 3.12+ for self-hosting.
  • ⚠️For self-hosting without Docker, the 'uv' package manager is required to install dependencies and run the server.
Verified SafeView Analysis
The server correctly handles API key authentication via path or Authorization header, storing it per request. No hardcoded secrets or 'eval' functions are present. CORS is set to allow all origins ('*'), which relies heavily on API key authentication for security and should be noted for production deployments, but is common for public APIs. Detailed error messages are returned, which could sometimes expose internal structure but are generally acceptable for API debugging.
Updated: 2025-12-12GitHub
48
202
High Cost
DataSQRL icon

sqrl

by DataSQRL

Sec7

A backend data processing and API server that compiles SQRL scripts into Flink jobs and deploys GraphQL/REST/MCP APIs, managing data interactions with PostgreSQL and Kafka (Redpanda) to provide real-time data services.

Setup Requirements

  • ⚠️Docker required for easy setup of dependent services (Redpanda, PostgreSQL, Flink).
  • ⚠️JBang may be required during compilation for custom Java UDFs.
  • ⚠️Requires Java 11+.
Verified SafeView Analysis
The server component (Vert.x) implements robust security features like JSON schema validation for API inputs, CORS, and supports JWT/OAuth authentication for API endpoints, including GraphQL, REST, and MCP. SQL queries are executed as prepared statements, mitigating common SQL injection risks. However, the default local PostgreSQL credentials ('postgres'/'postgres') in the `OsProcessManager` for development setups pose a risk if exposed in production environments without proper configuration. During the build/compile phase, the `JBangPreprocessor` executes external `jbang` commands based on user-provided Java files, which is a potential Remote Code Execution (RCE) vector if untrusted source code or a compromised build environment is used. This is explicitly recognized and can be disabled during internal testing, but requires careful consideration in CI/CD pipelines. Flink's code generation for user-defined functions also operates with high privileges during compilation, assuming trusted input from developers.
Updated: 2025-12-15GitHub
48
47
Medium Cost
JamesANZ icon

medical-mcp

by JamesANZ

Sec9

Provides local, private access to authoritative medical information from sources like FDA, WHO, PubMed, RxNorm, and Google Scholar to enhance AI workflows.

Setup Requirements

  • ⚠️Requires Node.js 18+ and npm for manual installation.
  • ⚠️Puppeteer automatically downloads a Chromium browser (~100-200MB) on first run, which requires disk space and internet access.
  • ⚠️Windows users need to manually configure the `claude_desktop_config.json` as the `postinstall` script primarily targets macOS paths.
Verified SafeView Analysis
The server explicitly prioritizes local-only operation, ensuring no data leaves the user's machine, and utilizes Zod for robust input validation on all tool arguments. It does not require or store any API keys. While the use of Puppeteer for web scraping external sites (Google Scholar, Cochrane) introduces a layer of complexity, it's configured for text extraction to well-known search engines and attempts to mitigate bot detection, not for arbitrary script execution in a manner that would compromise the server process itself. The `logSafetyWarnings` function reinforces its educational and non-clinical-decision-making purpose.
Updated: 2025-12-12GitHub
48
3
High Cost
Abhi-vish icon

code-buddy

by Abhi-vish

Sec3

Provides an AI-powered coding companion with comprehensive file system and development tools, integrating with MCP-compatible clients like Claude Desktop.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid)
  • ⚠️Requires Python 3.13 or higher
  • ⚠️Requires uv package manager for dependency management
Review RequiredView Analysis
The server includes tools that allow arbitrary command execution (`run_command`, `run_python`, `git`, `docker_tool`), HTTP requests (`http_request_tool`, `curl_tool`), and file system modifications outside the project root if `ALLOW_EXTERNAL_PATHS` is set to `true` (which is its default configuration in the provided example). While `PathValidator` attempts to block access to sensitive files, these tools offer broad system and network access. If the LLM's actions are unconstrained or if a vulnerability allows for command injection, this could lead to arbitrary code execution, data exfiltration, or other severe compromises. Running this server in a tightly controlled and isolated environment is highly recommended.
Updated: 2025-12-08GitHub
48
63
Medium Cost
cap-js icon

mcp-server

by cap-js

Sec7

A Model Context Protocol (MCP) server designed to assist AI models in the development of SAP Cloud Application Programming Model (CAP) applications by providing tools for model analysis and documentation search.

Setup Requirements

  • ⚠️Requires Node.js version 20 or higher.
  • ⚠️Initial Model Download: On first use of embedding-related features (e.g., `search_docs`), the server downloads a multi-megabyte ONNX model and tokenizer files from huggingface.co, requiring an active internet connection and local storage.
  • ⚠️Requires an MCP client (e.g., VS Code extension like Cline, opencode, GitHub Copilot agent mode) to interact with the server.
Verified SafeView Analysis
Potential Path Traversal Vulnerability: The `search_model` tool takes a `projectPath` argument, which is then passed to `cds.resolve` and `findCdsFiles`. The current code does not explicitly sanitize `projectPath` against path traversal attempts, meaning a malicious input could potentially lead to arbitrary file system access if `cds.resolve` or underlying Node.js `fs` operations do not sufficiently mitigate this. The `createEmbeddings` function also performs file I/O using an `id` parameter, which could be a path traversal vector if this function were exposed to untrusted input (currently it's internal to `searchMarkdownDocs` which uses a hardcoded ID, and commented as 'not for production'). No obvious hardcoded secrets or 'eval' usage found. External models are downloaded from trusted sources (HuggingFace, cap.cloud.sap).
Updated: 2025-12-09GitHub
48
34
Medium Cost
rocklambros icon

nist-csf-2-mcp-server

by rocklambros

Sec4

A professional cybersecurity assessment backend API for NIST CSF 2.0, providing real-time dashboards and executive reporting capabilities.

Setup Requirements

  • ⚠️Requires Node.js environment (supports ES Modules).
  • ⚠️Uses a local SQLite database for persistence, requiring careful management for production deployments.
  • ⚠️This repository contains only the backend API; a separate frontend project is needed for a full GUI.
Review RequiredView Analysis
The server demonstrates strong input validation using Zod schemas for most parameters, and includes robust security logging and monitoring features. Authentication mechanisms (JWT, API Key) are implemented but disabled by default in development. However, a critical vulnerability exists: the `generate_report` tool allows a user to specify `output_path` without sufficient path traversal validation. This could enable an attacker to write arbitrary files to sensitive locations on the server (e.g., `/etc/passwd`), potentially leading to remote code execution. This makes the application unsafe to run as-is without remediation.
Updated: 2025-12-06GitHub
48
72
Low Cost
rust-mcp-stack icon

rust-mcp-schema

by rust-mcp-stack

Sec9

Provides a type-safe Rust implementation of the Model Context Protocol (MCP) schema, serving as a foundational library for building compatible LLM applications and external data source integrations.

Setup Requirements

  • ⚠️Requires Rust toolchain (compiler, Cargo build system).
  • ⚠️URIs for roots are currently restricted to `file://` scheme.
  • ⚠️Understanding of the Model Context Protocol (MCP) specification is essential for effective use.
Verified SafeView Analysis
The project is a schema definition library, not a runnable application. It primarily consists of auto-generated Rust structs and enums for the Model Context Protocol, facilitating type-safe serialization and deserialization. The use of `serde_json::Value` for extensible fields (`_meta`, `extra`, `CustomRequest`, `CustomNotification`) is a common and necessary pattern for protocol extensibility; however, applications consuming these `Value` types must perform their own robust validation to mitigate risks if the data originates from untrusted sources and is used in contexts that could lead to vulnerabilities (e.g., arbitrary file paths, commands). The library itself does not contain `unsafe` code blocks, `eval` functions, hardcoded secrets, or direct network/filesystem interactions beyond what is inherent to data structuring. Warnings in the README about not trusting `ToolAnnotations` from untrusted servers are a good practice, shifting responsibility to consuming clients.
Updated: 2025-12-14GitHub
48
54
Medium Cost
mrsimpson icon
Sec8

Transforms any AI coding agent into a structured development partner by guiding it through battle-tested engineering workflows, managing long-term project memory, and providing context-aware process guidance.

Setup Requirements

  • ⚠️Requires Node.js >= 18.0.0.
  • ⚠️Requires pnpm >= 9.0.0 for development and installation.
  • ⚠️Requires an external Model Context Protocol (MCP) compatible AI coding agent (e.g., Amazon Q CLI, Claude Code, Gemini CLI) to function fully.
  • ⚠️Generates and manages project-specific state and documentation files within a `.vibe/` directory in the project root.
Verified SafeView Analysis
The server performs extensive file I/O operations within the project directory (e.g., for conversation state, plan files, and generated documentation) and uses `execSync` for Git operations (`git rev-parse`, `git symbolic-ref`) and `npx`/`npm` commands for CLI interactions. These are typical for development tools. The presence of `PathValidationUtils` suggests an effort to sanitize paths and prevent directory traversal, mitigating some risks. No direct `eval` on user input or clear malicious patterns are observed. As with any dev tool, user vigilance regarding input paths and configurations is advisable.
Updated: 2025-12-14GitHub
PreviousPage 57 of 647Next