Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(7756)

48
54
Medium Cost
jlbadano icon

ig-mcp

by jlbadano

Sec9

Provides an MCP server to integrate AI applications with Instagram Business accounts, enabling programmatic interaction for tasks like profile management, media publishing, analytics, and direct messaging.

Setup Requirements

  • ⚠️Requires significant manual setup of an Instagram Business account, a Facebook Developer account, and a Facebook App to obtain API credentials (App ID, App Secret, long-lived Instagram Access Token, Instagram Business Account ID).
  • ⚠️Instagram Direct Messaging features (get_conversations, get_conversation_messages, send_dm) require 'instagram_manage_messages' permission, which demands 'Advanced Access' approval from Meta via a potentially lengthy App Review process.
  • ⚠️Requires Python 3.10+.
Verified SafeView Analysis
The server follows good security practices: sensitive credentials (access tokens, app secrets) are loaded from environment variables and not hardcoded, strong recommendations for credential security are provided in documentation. Pydantic models are used for data validation, and custom API error handling is implemented. Rate limiting is built-in. Image aspect ratio validation prevents some malformed media uploads. Structured logging enhances observability for security monitoring. No 'eval' or other dynamic code execution from untrusted input was identified. Potential risks lie mostly in the external management of API keys by users and the inherent trust given to URLs for media content (though validation is present).
Updated: 2025-12-08GitHub
48
130
Medium Cost
deepset-ai icon

hayhooks

by deepset-ai

Sec3

Deploying and serving Haystack AI pipelines and agents as REST APIs and MCP (Model Context Protocol) tools, with support for OpenAI-compatible chat endpoints and Open WebUI integration.

Setup Requirements

  • ⚠️Requires Python 3.10+ for MCP features.
  • ⚠️Requires external LLM API keys (e.g., OpenAI API Key) for most functional pipelines, incurring costs.
  • ⚠️No built-in authentication for API endpoints; requires an external security layer (e.g., reverse proxy) for production.
  • ⚠️Docker (or Docker Compose) is recommended for setting up dependent services like Elasticsearch for RAG examples.
Review RequiredView Analysis
The server's core functionality allows dynamic loading and execution of Python code (via pipeline_wrapper.py) or YAML definitions through its deployment APIs. If an attacker gains access to these unauthenticated (by default) endpoints, they can achieve arbitrary code execution. The default permissive CORS settings ('*') also pose a risk. While configurations exist to mitigate some risks (e.g., restricting CORS, disabling tracebacks), the default posture and core design for dynamic code loading make it a high-risk system if not properly secured with external authentication and access controls.
Updated: 2025-12-11GitHub
48
62
Medium Cost
yywz1999 icon

gdb-mcp-server

by yywz1999

Sec2

Provides an AI-assisted debugging server for GDB using the Model Context Protocol, enabling AI agents to interact with and control GDB sessions.

Setup Requirements

  • ⚠️Requires Python 3.7+ (tested with 3.11).
  • ⚠️Requires platform-specific dependencies like `pexpect` (Linux/macOS), `xdotool` (Linux for keyboard fallback), and `pyautogui` (Windows for keyboard fallback).
  • ⚠️Optimal terminal experience requires iTerm2 on macOS and tmux on Linux.
  • ⚠️A GDB process must be running and accessible in a specific terminal setup for the server to attach and interact reliably.
Review RequiredView Analysis
The server directly injects user-provided commands into underlying system utilities (AppleScript, tmux, pexpect, xdotool, pyautogui) without strong sanitization. This creates significant command injection vulnerabilities. A malicious AI agent or user controlling the `command` parameter could execute arbitrary shell commands or send arbitrary keystrokes to the host system, potentially impacting any active window. The server's reliance on 'send-keys' or 'write text' via terminal automation tools is inherently risky as it can simulate user input to any active application.
Updated: 2025-11-27GitHub
48
58
Medium Cost
hridaya423 icon

conductor-tasks

by hridaya423

Sec6

Conductor Tasks is an intelligent assistant for developers, transforming requirements into actionable tasks, generating implementation plans, tracking progress, and accelerating AI-powered development directly within the workflow. It serves as a comprehensive AI co-pilot for the development process.

Setup Requirements

  • ⚠️Requires at least one LLM API key (e.g., OPENAI_API_KEY, ANTHROPIC_API_KEY), which are often paid services.
  • ⚠️If 'OLLAMA_ENABLED=true' is set, a local Ollama server must be running with a model installed.
  • ⚠️For IDE integration, requires proper Model Context Protocol (MCP) server configuration within the editor.
  • ⚠️Requires Node.js v18.0.0 or higher.
  • ⚠️Creates and manages a 'TASKS.md' file in the project root by default, as well as '.conductor/templates' and IDE-specific rule directories (e.g., '.cursor/rules', '.roo').
Verified SafeView Analysis
The `propose-diff` command allows the application of LLM-generated diffs directly to files. While intended for AI-assisted code modification, applying arbitrary diff content from an LLM without rigorous human review or additional safeguards could potentially introduce malicious code or unintended modifications. The `originalHash` parameter checks file integrity but does not validate the content of the diff itself. All API keys for LLM providers are correctly handled via environment variables, mitigating hardcoded secret risks. File system operations for `TASKS.md` and IDE rule files are generally confined to the project's scope.
Updated: 2025-12-08GitHub
48
70
Medium Cost
chrisdoc icon

hevy-mcp

by chrisdoc

Sec8

The Model Context Protocol (MCP) server for the Hevy Fitness API enables AI assistants to access and manage workout data, routines, exercise templates, and more through the Hevy API.

Setup Requirements

  • ⚠️Requires a Hevy API Key, which typically necessitates a Hevy PRO subscription.
  • ⚠️Node.js v20 or higher is required.
  • ⚠️pnpm (via Corepack) is the recommended package manager.
Verified SafeView Analysis
The project fetches an OpenAPI specification from `api.hevyapp.com` during the `export-specs` build step, which involves parsing external JavaScript content. While `JSON.parse` is safer than `eval`, relying on external code always carries a risk if the source is compromised. The Sentry DSN is hardcoded in `src/index.ts`, which is not a critical vulnerability but generally configurable for server-side telemetry. Good security practices are observed for API key handling (via environment variables/CLI args) and webhook URL validation (ensuring HTTPS/HTTP and no loopback addresses).
Updated: 2025-12-11GitHub
48
86
Medium Cost
ccbikai icon

github-stars

by ccbikai

Sec8

A Cloudflare-powered MCP server that enables natural language search and querying of your GitHub starred repositories, including their README content, via an AI agent.

Setup Requirements

  • ⚠️Requires Node.js v22
  • ⚠️Requires PNPM package manager
  • ⚠️Requires GitHub Personal Access Token with `repo` scope
  • ⚠️Requires Cloudflare account with R2 bucket and AutoRAG instance
Verified SafeView Analysis
The server uses GitHub Personal Access Tokens with `repo` scope, which is a powerful permission. However, it's designed to access *your* own starred repositories and uses Cloudflare R2 and AutoRAG, implying the data remains within your Cloudflare infrastructure. Access to the MCP server itself is protected by an `MCP_API_KEY` environment variable. The system relies heavily on correct and secure configuration of these secrets by the user. There's no evident use of `eval` or other direct malicious patterns in the provided truncated code.
Updated: 2025-12-13GitHub
48
65
Medium Cost
Skobyn icon
Sec8

A Model Context Protocol (MCP) server that enables LLMs to interact with DataForSEO and Local Falcon SEO APIs for tasks like keyword research, backlink analysis, and SERP data retrieval.

Setup Requirements

  • ⚠️Requires DataForSEO API credentials (DATAFORSEO_LOGIN, DATAFORSEO_PASSWORD) as environment variables. LOCALFALCON_API_KEY is needed for optional Local Falcon tools.
  • ⚠️Requires Node.js and npm for installation (`npm install`) and building (`npm run build`).
  • ⚠️The HTTP server endpoint, when deployed (e.g., to Cloud Run), is publicly accessible by default. Production usage requires configuring authentication (e.g., API keys, IAM) as recommended in the provided documentation.
Verified SafeView Analysis
The code leverages Zod for robust input validation on tool parameters and relies on environment variables for API credentials, which are good practices. However, the HTTP server defaults to broad CORS (`Access-Control-Allow-Origin: *`), making it widely accessible. The `INTEGRATION_GUIDE.md` explicitly states it's 'currently unauthenticated (public access)' and recommends adding authentication (API Key or IAM) for production deployments. No 'eval' or direct command injection vectors are apparent within the server's core logic.
Updated: 2025-12-09GitHub
48
9
High Cost
zzgael icon

pedigree-mcp

by zzgael

Sec8

Generates family pedigree tree diagrams as PNG or SVG images, compliant with Bennett 2008/2022 NSGC standardized genetic notation, for use with Model Context Protocol (MCP) clients.

Setup Requirements

  • ⚠️Requires Node.js version 18 or higher as specified in `package.json`.
  • ⚠️The 'sharp' dependency, essential for PNG generation, is a native module that might require specific build tools (e.g., `libvips`) on the host system, although pre-compiled binaries often simplify installation.
  • ⚠️Generating complex pedigree diagrams (especially large SVG or high-resolution PNGs) can produce very large output strings (hundreds of KB to megabytes), resulting in high token usage if transmitted to an LLM context.
Verified SafeView Analysis
The server communicates over standard I/O (stdio), significantly limiting direct network exposure. Input validation for tool arguments is performed robustly using Zod. While the `Individual` schema uses `passthrough()` allowing arbitrary extra fields, these are not directly utilized in a way that could lead to code injection. The primary security considerations involve potential vulnerabilities in underlying native image processing (`sharp`) or SVG rendering (`jsdom`, `d3`) libraries. These are widely used and generally well-maintained projects. No hardcoded secrets or direct `eval` calls were found in the provided source code.
Updated: 2025-12-08GitHub
48
3
High Cost
mattzcarey icon

txt2mcp

by mattzcarey

Sec6

Converts text files or remote URLs into Model Context Protocol (MCP) servers, providing a searchable interface for AI agents.

Setup Requirements

  • ⚠️Requires a Cloudflare account with Workers, R2 Bucket, and Durable Objects configured (not a standalone server).
  • ⚠️The search index (`Orama`) is rebuilt on every search query, leading to high CPU and memory usage, especially for large documents, which can significantly increase operational costs and latency. The index should be persisted after creation/update.
  • ⚠️The use of `fetch(url)` for user-provided URLs in remote content ingestion can lead to SSRF vulnerabilities without robust URL validation.
Review RequiredView Analysis
The server fetches content from user-provided URLs in `/api/remote` and the `MCPServer.alarm` function. This presents a Server-Side Request Forgery (SSRF) vulnerability, as an attacker could potentially direct the server to make requests to internal network resources or sensitive Cloudflare metadata endpoints if the Worker runtime's network isolation is not sufficiently restrictive or if the URLs are not validated against private IP ranges/internal domains. While Cloudflare Workers offer some sandboxing, the code itself does not implement explicit URL validation to prevent this type of exploit.
Updated: 2025-11-25GitHub
48
69
Medium Cost
kopfrechner icon

gitlab-mr-mcp

by kopfrechner

Sec9

Enables AI agents to interact with GitLab merge requests and issues for code review and project management.

Setup Requirements

  • ⚠️Requires Node.js for execution.
  • ⚠️Requires a GitLab access token with appropriate API scopes (e.g., `api`, `read_api`) for authentication.
  • ⚠️Requires a GitLab host URL to be configured.
Verified SafeView Analysis
The server uses `@gitbeaker/rest` for GitLab API interactions, a well-maintained library. Sensitive credentials (`MR_MCP_GITLAB_TOKEN`, `MR_MCP_GITLAB_HOST`) are correctly handled via environment variables, not hardcoded. The `execAsync` utility is imported but not utilized in the provided code, mitigating a common security risk. Input validation for tool arguments is performed using `zod`. No `eval` or intentional obfuscation is present.
Updated: 2025-12-08GitHub
48
3
Medium Cost
DeepakJangra239 icon

kgraph

by DeepakJangra239

Sec9

Indexes codebases into a knowledge graph to enable semantic search, precise code navigation, and impact analysis for LLM agents.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️An initial `reindex_codebase(root_path="...")` call is mandatory after setup for the server to function, as it builds the knowledge graph.
  • ⚠️Performance for vector embeddings may vary significantly; it utilizes `mlx_embeddings` for Apple Silicon for speed, falling back to `sentence-transformers` on other platforms.
Verified SafeView Analysis
The project uses `sqlite3` with parameterized queries, and `yaml.safe_load` for parsing configuration, which are good practices. File system operations are scoped to a user-provided root path. Dynamic module loading for Tree-sitter parsers (`importlib.import_module`) is based on internal, trusted YAML configuration files, mitigating risk. There are no obvious `eval()` calls or direct `subprocess` invocations with unsanitized user input. The primary security consideration would be if an attacker could somehow inject malicious content into the `root_path` or internal configuration files, which is outside the immediate scope of the server's code handling.
Updated: 2025-12-03GitHub
48
80
High Cost
keboola icon

mcp-server

by keboola

Sec9

Connect AI agents and MCP clients (Cursor, Claude, Windsurf, VS Code) to Keboola projects, exposing data, transformations, SQL queries, and job triggers as callable tools.

Setup Requirements

  • ⚠️Requires an active Keboola project and a Keboola Storage API Token.
  • ⚠️Local setup necessitates configuring multiple OAuth-related environment variables (e.g., `MCP_SERVER_CLIENT_ID`, `MCP_SERVER_CLIENT_SECRET`, `MCP_SERVER_OAUTH_URL`, `MCP_SERVER_URL`), which can be complex.
  • ⚠️Requires a Python environment (3.8+) with specific dependencies (e.g., `pydantic`, `httpx`, `PyJWT`, `fastmcp`).
Verified SafeView Analysis
The OAuth implementation is robust, utilizing redirect URI whitelisting (`_WELL_KNOWN_DOMAINS`) and explicitly forbidding dangerous schemes (`_FORBIDDEN_SCHEMES`). JWTs are used for internal state, providing good integrity and obfuscation. Short-lived Keboola Storage API (SAPI) tokens are created with limited scopes (principle of least privilege). Sensitive logging is gated by an environment variable (`KEBOOLA_MCP_SERVER_OAUTH_LOG_ALL`). No obvious code execution vulnerabilities like `eval()` were found. The use of `httpx` with explicit timeouts is a good practice.
Updated: 2025-12-15GitHub
PreviousPage 58 of 647Next