Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(7756)

48
49
Low Cost
gavdilabs icon

cap-mcp-plugin

by gavdilabs

Sec9

Integrate SAP CAP services with AI agents using the Model Context Protocol (MCP) by automatically generating MCP servers from annotated CAP services, enabling AI-native data access, intelligent automation, and business intelligence.

Setup Requirements

  • ⚠️Requires Node.js version 18 or higher.
  • ⚠️Requires SAP CAP version 9 or higher.
  • ⚠️Requires Express.js version 4 or higher.
  • ⚠️Dynamic resource queries may require all query parameters due to an underlying SDK template string issue (though the plugin provides a custom URI template workaround).
Verified SafeView Analysis
The server demonstrates strong security awareness through multiple layers of input validation (Zod for schemas, `ODataQueryValidator` with regex for forbidden patterns like SQL/JS injection), robust integration with CAP's authentication and authorization (`@sap/xssec` for OAuth/JWT, `cds.context.user`, `@restrict`), environment variable sanitization, and use of `helmet` for HTTP security headers. Custom URI template implementation, while a workaround for an SDK bug, includes explicit security checks. Sensitive fields can be omitted from output using `@mcp.omit` for data privacy, though these fields can still be provided as inputs for create/update operations. A `SECURITY.md` file is provided for vulnerability reporting, indicating proactive security posture.
Updated: 2025-12-03GitHub
48
2
Medium Cost
typedb icon

typedb-mcp

by typedb

Sec7

Enables AI assistants and other Model Context Protocol (MCP) clients to interact with TypeDB databases via a standardized Python server.

Setup Requirements

  • ⚠️Requires a running TypeDB Server instance (local or remote).
  • ⚠️Requires an existing TypeDB database with a specified name.
  • ⚠️Requires Python 3.9+.
Verified SafeView Analysis
The provided source code only includes the README.md, not the actual server implementation files (e.g., server.py, tools/). Therefore, a comprehensive security audit for patterns like 'eval', obfuscation, or malicious code cannot be performed. The server interacts with a database and executes TypeQL queries, which inherently carries a risk of injection if input is not properly sanitized and parameterized in the unseen code. Based on the README alone, no explicit dangerous patterns are visible, and environment variables are used for sensitive connection details, which is a good practice. The score assumes standard secure coding practices are followed in the underlying Python implementation.
Updated: 2025-11-27GitHub
48
3
High Cost
Kaiohz icon
Sec7

A FastAPI application providing a REST API and MCP server for Retrieval Augmented Generation (RAG) using the RAG-Anything library, integrated with Claude Desktop.

Setup Requirements

  • ⚠️Requires Python 3.13+
  • ⚠️Requires Docker & Docker Compose for a full setup (recommended)
  • ⚠️Requires an OpenRouter API Key for LLM access (paid service)
Verified SafeView Analysis
The application correctly uses environment variables for sensitive configurations like API keys, which is good practice. CORS `allow_origins` defaults to `["*"]`, which is overly permissive for production and should be restricted. File uploads via `/api/v1/file/index` save to a temporary directory; while generally safe, the processing by underlying libraries like `Docling` or `RAGAnything` should be sandboxed to prevent execution of malicious content, and `file.filename` should be robustly sanitized against directory traversal. Request forwarding to the LightRAG server carries `Authorization` headers, relying on LightRAG's security for handling these credentials. No direct `eval` or obvious command injection vulnerabilities were found in the provided code.
Updated: 2025-12-13GitHub
48
62
High Cost
GroundNG icon

VibeShift

by GroundNG

Sec8

VibeShift is an intelligent security agent that integrates with AI coding assistants to analyze AI-generated code for vulnerabilities, suggest remediations, and facilitate web test recording, crawling, and execution.

Setup Requirements

  • ⚠️Requires LLM API Key, Base URL, Version, and Model (e.g., OpenAI, Azure OpenAI, Google Gemini) configured in a .env file (paid service).
  • ⚠️Requires Playwright browser binaries to be installed (e.g., 'playwright install --with-deps').
  • ⚠️Requires external security tools (Semgrep, Nuclei) to be installed and in system PATH, or Docker for OWASP ZAP.
  • ⚠️The 'record_selectors_and_save_auth_state' feature will prompt for and save actual user credentials to disk (auth_state.json), posing a local security risk if compromised.
Verified SafeView Analysis
The system utilizes subprocess.run to execute external security tools (Semgrep, Nuclei, ZAP), which is a controlled but inherent risk. Input validation and command quoting (shlex.quote) are used to mitigate injection risks. Playwright's page.evaluate is used to inject JavaScript for DOM manipulation and event listening (e.g., click overrides, UI panel), which is standard practice for browser automation but means injected JS code runs in the browser context. LLM API keys are loaded via environment variables, not hardcoded, which is good practice. The auth_state.json feature saves user credentials to disk, which is a potential local information disclosure risk if the file is not adequately secured, though user-initiated.
Updated: 2025-11-29GitHub
48
5
High Cost
takereshui icon
Sec4

The server extracts text from various video and audio sources using multiple Automatic Speech Recognition (ASR) providers, including local Whisper and online services from JianYing (CapCut) and Bilibili.

Setup Requirements

  • ⚠️Requires FFmpeg to be installed on the system for audio extraction and processing.
  • ⚠️Whisper ASR provider (default) requires a one-time download of a ~1GB model on first use, which can take 10+ minutes and consumes significant disk space.
  • ⚠️Online ASR services (JianYing/Bcut) depend on the stability and availability of external, potentially reverse-engineered APIs, which may break without warning. The JianYing provider relies on an unverified third-party service for API signing.
Review RequiredView Analysis
The server disables SSL certificate verification for yt-dlp downloads (`nocheckcertificate: True`), which poses a significant Man-in-the-Middle (MiTM) risk. The JianYing ASR implementation relies on an external, unofficial third-party endpoint (`https://asrtools-update.bkfeng.top/sign`) for API signing, introducing a potential supply chain vulnerability. Using online ASR services inherently involves uploading audio data to third-party servers (ByteDance, Bilibili), which has privacy implications. No clear malicious patterns or hardcoded sensitive credentials were found, but the reliance on unverified external services and disabled SSL are critical concerns.
Updated: 2025-11-22GitHub
48
35
Medium Cost
itxaiohanglover icon

mcp-codestyle-server

by itxaiohanglover

Sec4

Provides code template search and retrieval to IDEs and AI agents via Model Context Protocol.

Setup Requirements

  • ⚠️Requires JDK 17+ and Maven 3.9+ to build and run.
  • ⚠️A functional remote repository server must be available at the configured 'repository.remote-path' if remote searching or template downloading is enabled/triggered.
  • ⚠️Ensure sufficient disk space and write permissions for the local cache directory (defaults to '/var/cache/codestyle/codestyle-cache' or '/tmp/codestyle-cache').
Review RequiredView Analysis
The server downloads and extracts ZIP archives from a configurable remote URL (repository.remote-path). If the remote server is untrusted or compromised, this could lead to remote code execution (e.g., via malicious files in the ZIP, or zip slip attacks). While Hutool's ZipUtil (used here) generally includes zip slip protections in recent versions, relying on a trusted remote source is critical. An attacker controlling 'repository.remote-path' could also facilitate Server-Side Request Forgery (SSRF). Running this requires a high degree of trust in the configured remote repository and its infrastructure.
Updated: 2025-12-14GitHub
48
86
Medium Cost
miantiao-me icon

github-stars

by miantiao-me

Sec7

A Cloudflare-powered MCP server that enables natural language search and querying of a user's GitHub starred repositories by processing their READMEs with AutoRAG.

Setup Requirements

  • ⚠️Requires GitHub Personal Access Token (with 'repo' scope), which grants broad access to your repositories and must be kept secure.
  • ⚠️Requires a Cloudflare account, including setting up an R2 bucket and an AutoRAG instance, which may incur costs.
  • ⚠️Requires `MCP_API_KEY` to be generated and configured for securing server access.
  • ⚠️Requires Node.js v22 and PNPM for local development and deployment.
Verified SafeView Analysis
The server enforces API key authentication (`MCP_API_KEY`), which is good practice. However, the data processing script (`scripts/index.js`) requires a GitHub Personal Access Token (`GH_TOKEN`) with `repo` scope, granting broad access to user repositories. Compromise of this token would pose a significant risk to the user's GitHub account. No direct 'eval' or obvious malicious patterns were found in the provided server-side logic. Overall safety depends heavily on secure management of these API keys/tokens.
Updated: 2025-12-13GitHub
48
59
Medium Cost
3ddelano icon
Sec6

The GDAI MCP plugin enables AI to remotely control the Godot Engine editor, automating tasks like scene creation, node manipulation, script editing, and debugging.

Setup Requirements

  • ⚠️Requires Godot Engine 4.1+
  • ⚠️Requires a compatible MCP Client (e.g., Cursor, Claude Desktop, VS Code with specific plugins) and configuration.
Verified SafeView Analysis
The plugin is designed to grant an AI agent extensive control over the Godot Editor, including modifying scenes, creating/editing scripts, and accessing the file system. While this is its intended purpose, it means that if the connected MCP Client is compromised or controlled by an untrusted entity, it could lead to arbitrary code execution within the Godot environment or unintended modifications to the project files. Users should ensure the MCP client and the LLM interacting with it are trusted. The actual source code of the plugin was not available for a detailed audit, so this assessment is based on described functionality.
Updated: 2025-12-02GitHub
48
5
High Cost
vishalveerareddy123 icon

Lynkr

by vishalveerareddy123

Sec9

An AI-powered orchestration platform enabling autonomous agents to interact with a development workspace, execute code, manage git, perform web searches, and communicate with various Large Language Models (LLMs) via a unified API.

Setup Requirements

  • ⚠️Requires API keys for LLM providers (e.g., Databricks, Azure Anthropic, OpenRouter, Azure OpenAI), which are typically paid services.
  • ⚠️Docker (or compatible container runtime) must be installed and configured if `MCP_SANDBOX_ENABLED` is true (default behavior for secure tool execution).
  • ⚠️A local Ollama instance with `OLLAMA_MODEL` downloaded is required if `PREFER_OLLAMA` is true or Ollama is the primary model provider.
  • ⚠️An external web search/fetch service is needed for web-related tools (default `http://localhost:8888/search`).
Verified SafeView Analysis
The server implements robust security measures, including: 1. Explicit blocklists for dangerous shell commands and Python code patterns (e.g., `rm -rf /`, fork bombs). 2. Redaction of sensitive content (private keys, potential secrets) from LLM outputs. 3. Granular policy controls for file access (`allowedPaths`, `blockedPaths`) and Git operations (`allowPush`, `allowCommit`). 4. Mandatory use of environment variables for API keys and sensitive configurations, preventing hardcoding. 5. Advanced sandboxing for `shell` and `python_exec` tools, leveraging Docker/container runtimes with configurable resource limits, network isolation, user/entrypoint control, and capability drops. This significantly mitigates risks associated with arbitrary code execution. The primary risk lies in misconfiguring the Docker sandbox image or disabling sandboxing, which would expose the host system.
Updated: 2025-12-13GitHub
48
111
High Cost
gustavoeenriquez icon

MakerAi

by gustavoeenriquez

Sec5

To enable Delphi developers to build and deploy advanced AI applications, including custom MCP servers, with support for various LLM providers, RAG, and multimodal capabilities.

Setup Requirements

  • ⚠️Requires API keys for commercial LLM providers, which are typically paid services.
  • ⚠️Requires Delphi IDE (versions 11 Alexandria to 13 Florence) and manual configuration of library paths.
  • ⚠️Compilation and installation of Delphi packages must follow a specific order.
Verified SafeView Analysis
The framework integrates with various external AI providers, requiring proper management of sensitive API keys (not explicitly shown as environment variables in provided examples). The newly introduced MCP SSE Server framework is explicitly labeled as 'experimental' with known connectivity issues, indicating potential instability and an unverified security posture. Without access to the full Delphi source code, a comprehensive security audit for patterns like 'eval', obfuscation, or other malicious code cannot be performed.
Updated: 2025-12-10GitHub
48
37
Medium Cost
iceener icon
Sec9

Serves as an optimized Model Context Protocol (MCP) gateway to the Linear API, enabling AI agents to manage Linear issues, projects, teams, cycles, and comments efficiently.

Setup Requirements

  • ⚠️Linear OAuth Application Setup: Requires creating an OAuth application in Linear settings, configuring redirect URIs, and obtaining `PROVIDER_CLIENT_ID` and `PROVIDER_CLIENT_SECRET` for anything beyond the quick-start API key method.
  • ⚠️Cloudflare KV Namespace Configuration: For Cloudflare Worker deployments, a KV namespace must be created and linked via `wrangler.toml` to store tokens.
  • ⚠️Token Encryption Key (`RS_TOKENS_ENC_KEY`): Highly recommended for production to encrypt OAuth tokens in storage; requires generating a 32-byte base64url key.
Verified SafeView Analysis
The server employs robust security measures, including OAuth 2.1 PKCE for authentication, and AES-256-GCM encryption for tokens at rest in both file-based (Node.js) and KV (Cloudflare Workers) storage, provided an `RS_TOKENS_ENC_KEY` is configured. Rate limiting, concurrency control, and CORS are implemented. The `README` explicitly highlights the need for further hardening (e.g., proper token validation, TLS, audit logging) for production-grade security beyond development convenience. No malicious patterns, `eval` usage, or hardcoded secrets were identified.
Updated: 2025-12-09GitHub
47
61
Low Cost
kadykov icon
Sec8

Provides token-efficient, granular access to OpenAPI (v3.0) and Swagger (v2.0) specifications via MCP Resources, enabling LLMs and MCP clients to explore API structure without loading entire large files into context.

Setup Requirements

  • ⚠️Requires Node.js (LTS recommended) or Docker installed in the environment where the MCP client runs.
  • ⚠️Requires an MCP client application (e.g., Claude Desktop, Windsurf, Cline) for execution.
  • ⚠️When using Docker with local specification files, explicit volume mounting ('-v') of the host file path into the container is required.
Verified SafeView Analysis
The server loads and processes OpenAPI/Swagger specification files from local paths or remote URLs. This functionality inherently involves file system and network access via the 'swagger2openapi' library. While the code itself does not contain explicit malicious patterns, hardcoded secrets, or direct 'eval' calls, processing untrusted external specification files could, in theory, expose vulnerabilities in the underlying parsing libraries (e.g., 'swagger2openapi', 'js-yaml'). The input 'specPath' is provided via command-line arguments by the MCP client runner, so the immediate risk is tied to the trustworthiness of the provided specification file.
Updated: 2025-12-15GitHub
PreviousPage 59 of 647Next