Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(7632)

100
2953
Medium Cost
IBM icon
Sec9

Retrieves web content and files from any URL, converting them into high-quality markdown format with support for various content types and conversion engines.

Setup Requirements

  • ⚠️Requires Python 3.11+.
  • ⚠️Database migration is critical for v0.7.0 multi-tenancy; requires careful .env setup and database backup.
  • ⚠️ARM64 platforms (e.g., Apple Silicon) may need PyPI installation instead of Docker images for some features (like Fast Time Server) due to emulation limitations or missing builds for Rust plugins.
  • ⚠️SQLite 'disk I/O error' on macOS requires specific database path adjustments or environment configuration.
Verified SafeView Analysis
The server features comprehensive security, including multi-factor authentication, RBAC, encrypted storage for sensitive data, and robust input validation to prevent common web vulnerabilities. It leverages Rust-accelerated plugins for sensitive tasks like PII filtering, secrets detection, and SQL sanitization, enhancing memory safety and performance. Extensive logging and auditing capabilities for security events are in place, with explicit handling of security headers and certificate validation (e.g., Ed25519 signatures). Documentation emphasizes secure configuration practices.
Updated: 2025-12-14GitHub
100
9652
Medium Cost

zen-mcp-server

by BeehiveInnovations

Sec7

A server for coordinating and managing AI agents, likely for simulations or complex task execution, leveraging Claude LLMs.

Setup Requirements

  • ⚠️Requires Claude API Key (Paid)
  • ⚠️Requires Docker (preferred) or a Python 3.x environment
  • ⚠️Configuration via environment variables (e.g., using a .env file based on .env.example)
Verified SafeView Analysis
The server will open network ports, which is an inherent risk of any server application. It interacts with external LLM APIs (Claude), requiring secure handling of API keys, which are likely managed via environment variables. No obvious signs of 'eval' or code obfuscation.
Updated: 2025-11-18GitHub
100
6126
Low Cost
modelcontextprotocol icon

registry

by modelcontextprotocol

Sec8

Provides a centralized metadata registry for Model Context Protocol (MCP) servers, functioning as an 'app store' for discovering and publishing MCP server information.

Setup Requirements

  • ⚠️Requires Docker for local development (via `make dev-compose`)
  • ⚠️Requires Pulumi CLI for Kubernetes deployments
  • ⚠️Requires access to a Kubernetes cluster (Minikube for local, GCP for production)
  • ⚠️Authentication for publishing servers can be complex (GitHub, DNS, HTTP verification, or specific private keys for signing)
Verified SafeView Analysis
The project demonstrates a strong focus on security, leveraging standard authentication methods (GitHub OAuth/OIDC, DNS/HTTP verification) and secret management (Pulumi for deployment, Kubernetes Secrets). Rate limiting is configured via NGINX ingress. Hardcoded default secrets are present in `docker-compose.yml` and `Pulumi.local.yaml` for local development, which are replaced by properly secured values in staging/production deployments. Client-side command injection risks are identified in the `Argument` schema documentation, indicating awareness, but are not direct server vulnerabilities. Overall, the approach appears robust for its intended use, with appropriate distinctions between development and production security practices.
Updated: 2025-12-13GitHub
100
1084
Medium Cost
microsoft icon

azure-devops-mcp

by microsoft

Sec9

Provides a local Model Context Protocol (MCP) server for Azure DevOps, enabling AI agents and large language models (LLMs) to perform various Azure DevOps tasks directly from code editors, such as listing projects, managing work items, handling pull requests, interacting with wikis, and controlling pipelines.

Setup Requirements

  • ⚠️Requires Node.js 20+ to run.
  • ⚠️Requires an Azure DevOps account backed by Entra ID; personal Microsoft accounts are not supported.
  • ⚠️For 'envvar' authentication, the 'ADO_MCP_AUTH_TOKEN' environment variable must be explicitly set with a valid Azure DevOps token.
  • ⚠️In GitHub Codespaces or multi-tenant Azure environments with 'azcli' authentication, 'az login' may be required, and a specific '--tenant' ID might need to be provided to avoid authentication conflicts.
Verified SafeView Analysis
The server uses standard Microsoft authentication mechanisms (@azure/identity, @azure/msal-node) for secure interaction with Azure DevOps. It supports interactive OAuth, Azure CLI login, and environment variable-based Personal Access Token (PAT) authentication. There are no obvious hardcoded sensitive secrets (the client ID is a public application identifier) or malicious patterns like 'eval'. All network communication is with Azure DevOps APIs, as expected.
Updated: 2025-12-12GitHub
100
32435
Low Cost
1Panel-dev icon

1Panel

by 1Panel-dev

Sec7

A web-based Linux server management tool designed for host monitoring, file/database/container management, and AI/LLM deployment and orchestration through a Model Control Plane (MCP).

Setup Requirements

  • ⚠️Requires Docker for managing applications and LLMs.
  • ⚠️Primarily designed for Linux servers and requires root privileges for installation.
  • ⚠️A 'Pro Edition' with enhanced features might limit the open-source experience.
Verified SafeView Analysis
The project inherently operates with high privileges due to its server management nature. It leverages containerization for application deployment, which can enhance isolation, and includes built-in firewall management. The presence of a `SECURITY.md` file actively encourages vulnerability reporting. Sensitive data like passwords and private keys are handled with encryption (Base64 encoding followed by RSA encryption on the backend). While direct shell command execution is necessary for such a tool and is present in the Go backend, the provided truncated source does not reveal obvious malicious code or direct unsafe `eval`-like patterns or obfuscation.
Updated: 2025-12-12GitHub
100
1652
Medium Cost
OpenAgentPlatform icon

Dive

by OpenAgentPlatform

Sec7

Dive is an AI assistant desktop application for chat, LLM model management, and integration with local or OAP (Open AI Platform) Model Context Protocol (MCP) servers for advanced tool orchestration and code execution.

Setup Requirements

  • ⚠️Requires API keys for external LLM providers (e.g., OpenAI, Anthropic, AWS Bedrock), which are typically paid services.
  • ⚠️Requires local host dependencies (Python, Node.js, uv) to be downloaded and installed automatically upon first run or update, which consumes disk space and involves executing third-party binaries.
Verified SafeView Analysis
The application interacts with external LLM APIs and an OAP hub, managing API keys locally (entered via UI). It downloads and installs core host dependencies (Python, Node.js, uv) and dynamically configured Model Context Protocol (MCP) servers. While some dependencies use checksums (e.g., `uv`), this introduces a supply chain risk. A notable security concern is the `skip_tls_verify` option for model configurations, which disables SSL certificate validation and makes connections vulnerable to Man-in-the-Middle attacks if enabled by the user (though it includes a warning). The security of dynamically added custom MCP servers is external to the application itself and depends on user vetting.
Updated: 2025-12-11GitHub
100
39058
Medium Cost
sansan0 icon

TrendRadar

by sansan0

Sec9

A personalized news aggregation and AI-powered analysis tool that filters trending topics and provides multi-channel notifications, with advanced AI conversational analysis capabilities.

Setup Requirements

  • ⚠️AI model API Key is required for AI analysis features (e.g., SiliconFlow, potentially paid after free tier).
  • ⚠️GitHub Actions deployment requires configuring an S3-compatible cloud storage service (e.g., Cloudflare R2) and binding a payment method for identity verification.
  • ⚠️AI analysis features rely on locally accumulated news data; users need to run the crawler for a period to build sufficient historical data.
Verified SafeView Analysis
The project demonstrates good security practices by explicitly warning against hardcoding secrets, recommending environment variables for sensitive data, and defaulting to local-only binding (127.0.0.1:3333) for the HTTP mode of the MCP server. It handles external data fetching via standard `requests` library. While Docker management scripts (like `manage.py`) might use `shell=True` for internal commands, this is typically not exposed to arbitrary user input through the MCP server's public interfaces.
Updated: 2025-12-14GitHub
100
24492
Medium Cost
assafelovic icon

gpt-researcher

by assafelovic

Sec8

The GPT Researcher MCP Server enables AI assistants to conduct comprehensive web research and generate detailed, factual, and unbiased reports. It supports multi-agent workflows, local document analysis, and integration with external tools via the Machine Conversation Protocol (MCP) for various research tasks.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid)
  • ⚠️Requires Tavily API Key (Paid)
  • ⚠️Python 3.11+ required
  • ⚠️Potential OS-level library dependencies (e.g., glib, pango) for PDF generation on Linux/macOS
Verified SafeView Analysis
The project demonstrates good security practices regarding file path manipulation by using `sanitize_filename` and `os.path.basename` to prevent path traversal in file uploads, deletions, and report generation. Sensitive API keys are managed via environment variables. However, the default `docker-compose.yml` runs services as `user: root`, which grants excessive privileges within containers and should be mitigated for production. Additionally, the FastAPI server's CORS `allow_origins` includes `"*"` for testing purposes, which needs to be restricted to specific domains in a production environment. LLM-based components are also inherently susceptible to prompt injection risks.
Updated: 2025-12-14GitHub
100
8219
Low Cost
open-metadata icon

OpenMetadata

by open-metadata

Sec8

Plugin for Apache Airflow to expose REST APIs for deploying OpenMetadata workflow definitions and managing DAGs and tasks.

Setup Requirements

  • ⚠️Requires Apache Airflow version 2.3.3 to be installed.
  • ⚠️Requires manual configuration of `airflow.cfg` to set `dag_generated_configs` path.
  • ⚠️Requires manual creation of the `{AIRFLOW_HOME}/dag_generated_configs` directory.
Verified SafeView Analysis
The provided code snippets are client-side UI components and API definitions in TypeScript/JavaScript. They interact with a backend Airflow server via REST APIs, leveraging JWT for authentication (as indicated by the README and `LoginAPI.ts`). There are no direct indications of server-side vulnerabilities like 'eval' or malicious patterns in the *provided* client code. Hardcoded secrets appearing as '*********' are part of mock data schemas, not active application logic. The critical security posture depends heavily on the server-side Airflow plugin and OpenMetadata backend implementation, which is not fully included for analysis. Client-side JWT handling is standard. Overall, the provided client-side code appears to follow reasonable practices, but the overall system's security is contingent on the unexamined server-side components.
Updated: 2025-12-14GitHub
100
7461
Medium Cost
firerpa icon

lamda

by firerpa

Sec1

AI-powered Android automation framework for mobile data and task automation.

Setup Requirements

  • ⚠️Requires Root access on Android devices.
  • ⚠️The `lamda-server-<ABI>.tar.gz` file must be manually downloaded and placed for Magisk installation.
  • ⚠️Requires a `LICENSE` environment variable, suggesting commercial licensing for full features.
  • ⚠️Docker is required for server deployment via `firerpa.yml`.
Review RequiredView Analysis
CRITICAL: The `tools/scp.sh`, `tools/ssh.sh`, and `tools/rsync.sh` scripts hardcode a universal RSA private key. This means anyone with access to the source code can impersonate clients configured to use this default key, leading to complete compromise. Additionally, these scripts disable SSH host key checking (`-o StrictHostKeyChecking=no`), making connections vulnerable to Man-in-the-Middle attacks. The system requires root access, which amplifies the impact of any security flaw. The `startmitm.py` script facilitates MITM attacks by installing a CA certificate, and `DNS2SOCKS.c` enables DNS tunneling, which, while functional, poses significant risks if misused. The default proxy credentials are randomly generated, which is good, but the core vulnerability of the hardcoded SSH key remains.
Updated: 2025-12-13GitHub
100
1989
High Cost
cyberagiinc icon

DevDocs

by cyberagiinc

Sec8

DevDocs is a web crawling and content extraction platform designed to accelerate software development by converting documentation into LLM-ready formats for intelligent data querying and fine-tuning.

Setup Requirements

  • ⚠️Requires Docker installed and running on your system.
  • ⚠️Relies on the `Crawl4AI` service, provided as a Docker image.
  • ⚠️Requires careful environment variable configuration, especially `NEXT_PUBLIC_BACKEND_URL` and `CRAWL4AI_API_TOKEN`, for non-default or production deployments.
Verified SafeView Analysis
The server includes robust path traversal prevention for file content access. However, a default demo API key for Crawl4AI is hardcoded, which should be replaced in production environments. The use of `execPromise` to run shell scripts from an API endpoint (`/api/debug`) is present, but it's specifically for a contained debug script (`debug_crawl4ai.sh`), which reduces immediate risk within a self-hosted development context. The MCP server is executed with write access to `/app/storage/markdown`, making its integrity critical.
Updated: 2025-12-11GitHub
100
12970
High Cost
triggerdotdev icon

trigger.dev

by triggerdotdev

Sec6

The MCP (Model Context Protocol) Server acts as an interface for AI agents (and other clients) to interact with Trigger.dev tasks, enabling advanced features like executing Python scripts, generating SQL, performing web crawling, and leveraging code interpreters within orchestrated workflows.

Setup Requirements

  • ⚠️Requires Trigger.dev account/project (free tier available, but advanced usage may incur costs).
  • ⚠️Requires OpenAI API Key (or Anthropic API key for Claude models) for AI functionality (paid service).
  • ⚠️Requires Postgres database connection string (e.g., for Vercel Postgres or local instance).
  • ⚠️Requires Python 3.x environment with specified dependencies (e.g., 'uv pip sync requirements.txt', 'playwright install' for web crawling).
  • ⚠️May require Docker/Kubernetes runtime for Trigger.dev task execution if self-hosting, and specific container builds (e.g., for Playwright, Python).
  • ⚠️Optional: Slack Bot Token and Channel ID for AI agent approval workflows.
  • ⚠️Optional: E2B Code Interpreter API Key for Python sandbox execution (paid service).
  • ⚠️Optional: Fal.ai API Key for image processing/AI models (paid service).
  • ⚠️Optional: Replicate API Key for image generation (paid service).
Verified SafeView Analysis
The system demonstrates capabilities for arbitrary code/SQL execution (via AI agents, sandboxes, Python scripts with external input), web crawling (SSRF risk), and external CLI command execution. While intended for controlled environments with security measures (e.g., E2B Code Interpreter sandbox, Slack approval steps, Trigger.dev platform authorization), these patterns are inherently high-risk if misused or misconfigured. The core MCP server itself appears to be a robust orchestration layer, but the tools it exposes carry the most significant risks. A 'TODO' is noted in 'd3-chat/src/app/api/slack/interaction/route.ts' for Slack request verification, which would be a critical vulnerability in a production scenario.
Updated: 2025-12-14GitHub
PreviousPage 6 of 636Next