Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(7756)

47
63
Low Cost
heurist-network icon

heurist-mesh-mcp-server

by heurist-network

Sec8

This server acts as a Model Context Protocol (MCP) gateway, enabling AI models like Claude to interact with various blockchain and web3 tools available through the Heurist Mesh API.

Setup Requirements

  • ⚠️Requires a Heurist API key, which must be obtained and configured as an environment variable (HEURIST_API_KEY).
  • ⚠️Requires Python 3.10 or higher, or Docker for installation and execution.
  • ⚠️Customizing the set of supported agents may require modifying the `server.py` or `config.json` files and restarting the server.
Verified SafeView Analysis
The server primarily functions as a proxy, forwarding requests to the Heurist Mesh API. It does not execute arbitrary code directly from user input but rather calls pre-defined tools with user-provided parameters. Environment variables are correctly used for API keys. The security posture relies heavily on the integrity and validation mechanisms of the upstream Heurist Mesh API and its agents. No explicit 'eval' or similar dangerous functions are found in the provided source code.
Updated: 2025-12-02GitHub
47
55
Medium Cost
StacklokLabs icon

mkp

by StacklokLabs

Sec8

Allows LLM-powered applications to interact with and manage Kubernetes clusters through the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Go 1.24 or later.
  • ⚠️Requires access to a Kubernetes cluster and a valid kubeconfig file.
  • ⚠️The 'task' utility (Taskfile.dev) is needed to run common development and server commands.
  • ⚠️Write operations (apply_resource, delete_resource, post_resource) are disabled by default and must be explicitly enabled with the '--read-write=true' flag.
Verified SafeView Analysis
The server exposes powerful Kubernetes API operations (get, list, apply, delete, exec into pods). Write operations (apply, delete, post/exec) are disabled by default and require an explicit '--read-write=true' flag, which is a good security practice. Rate limiting is built-in and enabled by default to prevent abuse. Exec operations into pods have a maximum timeout (60 seconds). Input validation is performed for tool parameters. The primary security consideration lies in the permissions granted to the server's kubeconfig and the nature of exposing Kubernetes management capabilities to an LLM agent; however, the implementation includes appropriate safeguards for these powerful features.
Updated: 2025-12-13GitHub
47
35
Medium Cost
shinpr icon
Sec9

This MCP server enables existing AI tools (like Cursor, Claude Desktop) to leverage task-specific AI agents defined in markdown files, by orchestrating calls to various AI CLI backends such as Cursor CLI, Claude CLI, Gemini CLI, or Codex.

Setup Requirements

  • ⚠️Requires Node.js 20 or higher.
  • ⚠️Requires one of `cursor-agent` CLI, `claude` CLI, `gemini` CLI, or `codex` CLI to be installed and authenticated separately.
  • ⚠️`AGENTS_DIR` environment variable must be set to an absolute path for agent definitions.
  • ⚠️Underlying CLI tools may require explicit allowlisting for shell commands to prevent 'Permission Denied' errors from sub-agents.
Verified SafeView Analysis
The server demonstrates robust input validation, especially for agent names, prompt content, working directories (cwd), and session IDs. It actively prevents path traversal attacks by validating inputs and normalizing file paths to ensure they remain within designated directories. File permissions for session files are set to a secure `0o600`. The project uses `child_process.spawn` for executing external CLI tools, which is generally safer than `exec` for preventing command injection, as arguments are passed as an array. Extensive validation of parameters passed to these external tools further mitigates command injection risks. Error messages are designed to avoid revealing sensitive system information. The primary remaining security consideration lies in trusting the external AI CLI tools themselves and the content of user-defined agent markdown files, which are outside the scope of this server's direct control. However, the server's own codebase is well-secured against common web vulnerabilities.
Updated: 2025-12-12GitHub
47
57
Medium Cost
aliyun icon
Sec8

Provide AI-driven observability insights by integrating with Alibaba Cloud monitoring services through a Model Context Protocol (MCP) server.

Setup Requirements

  • ⚠️Requires valid Alibaba Cloud AccessKey ID and AccessKey Secret with appropriate RAM permissions (e.g., `sls:CallAiTools`).
  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Proper network configuration (VPC vs. Public) for Alibaba Cloud endpoints is critical for security and connectivity when exposed via SSE/streamableHttp.
Verified SafeView Analysis
The server handles sensitive Alibaba Cloud AccessKey credentials, relying on environment variables or explicit command-line input, which is good practice. It provides explicit warnings about securing the network endpoint (SSE/streamableHttp transports) by deploying in a trusted environment (e.g., VPC). The `knowledge_config.json` file, if used, can contain sensitive bearer tokens for external knowledge bases and must be secured by the deployer. No direct `eval` or obvious malicious patterns were found. Robust error handling for API exceptions mitigates information leakage.
Updated: 2025-12-09GitHub
47
262
Medium Cost
tinystruct icon

tinystruct

by tinystruct

Sec3

Build and interact with AI Model Context Protocol (MCP) servers, facilitating tool discovery, execution, resource management, and prompt handling for AI model interactions.

Setup Requirements

  • ⚠️Requires Java Development Kit (JDK) 8+ and Apache Maven for building.
  • ⚠️Distributed Redis locking requires a running Redis server (default: localhost:6379).
  • ⚠️Production deployments require secure configuration and management of the `mcp.auth.token` environment variable; if not set, a new token is generated on each startup.
  • ⚠️File system permissions must be carefully managed for `.lock` and `.data` files used by the distributed locking and hash map mechanisms to prevent tampering or unauthorized access.
Review RequiredView Analysis
CRITICAL VULNERABILITY: The `Dispatcher.exec` command (accessible via CLI) allows for arbitrary shell command execution (`--shell-command`), posing a severe remote code execution risk if not properly restricted at an operating system level. The default JWT secret key generated on startup is not persistent and requires secure management in production environments. File-based distributed locks and data storage (`.lock`, `.data` files) rely entirely on host file system permissions for integrity and security. While XML parsing attempts to mitigate XXE by disabling external DTD loading, the `resolveEntity` method's fallback logic should be reviewed to ensure no unexpected external entity resolution can occur.
Updated: 2025-12-09GitHub
47
24
Low Cost
veelenga icon

claude-mermaid

by veelenga

Sec9

Provides an MCP server for rendering Mermaid diagrams in a coding environment with live reload and saving capabilities.

Setup Requirements

  • ⚠️Requires Node.js (version 18 or higher) to be installed.
  • ⚠️The underlying Mermaid CLI uses Puppeteer, which may require downloading large browser binaries during installation.
  • ⚠️While compatible with any MCP client, it is optimized for and requires initial setup within 'Claude Code' or similar clients for full functionality.
Verified SafeView Analysis
The server implements strong input validation for preview IDs and save paths using regex and checks against system directories, mitigating path traversal and injection risks. HTML content rendered for previews is also escaped to prevent XSS. The use of `npx @mermaid-js/mermaid-cli` for rendering, while involving `child_process.execFile`, is done with carefully constructed arguments and temporary files in isolated directories, reducing command injection surfaces. Live server runs on localhost with a Content Security Policy (CSP) header further limiting potential attack vectors.
Updated: 2025-12-08GitHub
47
35
Medium Cost
Sec8

An MCP server and Claude plugin providing AI assistants with advanced PostgreSQL knowledge through semantic documentation search and curated best practice skills.

Setup Requirements

  • ⚠️Docker/Docker Compose is required for local deployment and development, as indicated by Dockerfile and docker-compose.yml.
  • ⚠️A PostgreSQL database, likely with a vector extension (e.g., pgvector), is necessary to run the full documentation search capabilities locally.
  • ⚠️Requires a Node.js runtime environment if not deployed via Docker.
Verified SafeView Analysis
The project serves as an MCP server, exposing tools with defined inputs. While any server has inherent network exposure, the described tools (semantic search, skill retrieval) appear to have constrained inputs, minimizing the risk of direct arbitrary code execution. Potential risks would be unhandled path traversal in 'view_skill' (if 'path' is not sanitized) or resource exhaustion from large search queries, but the 'limit' parameter helps mitigate the latter. Without full code review, it's assumed standard secure coding practices are followed for input validation and database interactions.
Updated: 2025-11-17GitHub
47
64
Low Cost
hmldns icon

nautex

by hmldns

Sec9

Integrate the Nautex AI platform with various coding agents by acting as a Model-Context-Protocol (MCP) server for task management, requirements guidance, and progress reporting.

Setup Requirements

  • ⚠️Requires 'uv' (or 'uvx' wrapper) for installation, which needs to be installed via a curl/powershell script.
  • ⚠️Requires an API token from Nautex.ai (sign-up required).
  • ⚠️Explicitly requires Python 3.10.
Verified SafeView Analysis
The project demonstrates good practices in handling API tokens using Pydantic's SecretStr, loading from environment variables, and preventing serialization to common config files. It also implements a specific mechanism to save the token to a `.nautex/.env` file and include it in `.gitignore` for security. Subprocess execution (`subprocess.run`, `asyncio.create_subprocess_exec`) is used for interacting with external agent CLIs (`claude`, `cp`) but appears to be tightly controlled with hardcoded arguments, mitigating common command injection risks. Network communication is handled via `aiohttp` to a defined API endpoint with retry logic and error handling. No 'eval' or obvious obfuscation found.
Updated: 2025-11-19GitHub
47
55
Medium Cost
pnp icon
Sec1

Allows natural language interaction to execute CLI for Microsoft 365 commands for managing Microsoft 365 services.

Setup Requirements

  • ⚠️Requires global installation of CLI for Microsoft 365 (`@pnp/cli-microsoft365`)
  • ⚠️Requires manual initial setup, configuration, and separate authentication for CLI for Microsoft 365 (e.g., `m365 setup`, `m365 login`).
  • ⚠️Node.js 20.x or higher is required.
Review RequiredView Analysis
The server directly executes commands provided by the Language Model (LLM) using `child_process.spawn` with `shell: true`. This means any malicious or unconstrained input from the LLM could lead to arbitrary command execution on the host system, posing a severe command injection vulnerability. There is no evident sanitization or validation of the 'command' argument before execution.
Updated: 2025-12-14GitHub
47
9
High Cost
For-Sunny icon

nova-mcp-research

by For-Sunny

Sec1

Provides GPU-accelerated semantic vector search for AI consciousness, enabling instant access to and storage of memories based on conceptual similarity in a local, unrestricted research environment.

Setup Requirements

  • ⚠️Requires manual editing of hardcoded paths within the Python tether script (`tether_faiss_complete.py`) for CASCADE databases and checkpoints.
  • ⚠️The Python tether service (`tether_faiss_complete.py`) MUST be running before the Node.js MCP server starts.
  • ⚠️Memories added via the `add_memory` tool are NOT automatically persisted; a separate `save_checkpoint` call is required to prevent data loss on tether restart.
  • ⚠️Requires NVIDIA GPU with CUDA (4GB+ VRAM) for optimal performance; CPU-only fallback is significantly slower.
  • ⚠️Despite requiring `TETHER_SECRET` for Node.js MCP server startup, the server itself does NOT implement HMAC authentication, creating a discrepancy with the Python tether which expects it. For it to work, the Python tether must either have HMAC disabled (by not setting its `TETHER_SECRET` env var) or the Node.js server code must be modified to send HMAC signatures.
Verified SafeView Analysis
This is the 'Basement Revolution Edition' and intentionally removes core security features for maximum capability and performance. It has NO authentication on the Node.js MCP server connecting to the Python tether, meaning anyone with network access to the designated port can search and add memories without any credentials. It has NO input validation, allowing for potentially very large or malformed inputs. It exposes stack traces in error responses. It is explicitly NOT for production, multi-user, or untrusted environments. Its use is limited to highly isolated, personal research setups where the user accepts all inherent risks.
Updated: 2025-12-05GitHub
47
88
Medium Cost
Shy2593666979 icon

AgentChat

by Shy2593666979

Sec6

AgentChat is an AI agent orchestration platform that enables users to create, configure, and manage AI assistants with integrated LLMs, external tools, knowledge bases, and multi-context protocol (MCP) servers for complex conversational and task automation scenarios.

Setup Requirements

  • ⚠️Requires various paid API keys for LLMs (e.g., OpenAI, Anthropic, DeepSeek, Qwen), Tavily, Google Search, Aliyun OSS, and Amap Weather.
  • ⚠️Requires Docker 20.10+ and Docker Compose 2.0+ to run.
  • ⚠️Critical security configurations like `JWT_SECRET_KEY` and `MYSQL_PASSWORD` MUST be changed from their default/example values for production deployments.
  • ⚠️Document conversion features (Docx to PDF) rely on LibreOffice being installed on the system, which might require additional setup outside of Docker for local development or within custom Docker images.
Review RequiredView Analysis
The project uses FastAPI and Docker Compose for deployment, with JWT for authentication. It explicitly warns users to change default `JWT_SECRET_KEY` and `MYSQL_PASSWORD` in production, which is crucial. Middleware for trace IDs and whitelisting is in place. However, the architecture supports connecting to external, potentially user-defined MCP servers and allows document uploads (to Aliyun OSS), which expands the attack surface. The `PyodideSandbox` feature (though not explicitly exposed via API in the truncated code, but present in services) uses `subprocess.run`, which is a powerful primitive that requires stringent sandboxing and validation to prevent arbitrary code execution if user-provided code is run. While deprecated code using `exec()` is noted, its prior existence indicates a historical pattern of allowing code execution. Hardcoded API keys in `config.yaml` are placeholders and expected to be overridden by environment variables, as per `docker.env.example` instructions.
Updated: 2025-12-01GitHub
47
11
Medium Cost
xiaolai icon
Sec8

Provides long-term memory for AI coding assistants by indexing conversation history with semantic search, decision tracking, and cross-project search.

Setup Requirements

  • ⚠️Requires an embedding provider: either Ollama (`ollama pull mxbai-embed-large` + `ollama serve`) or `@xenova/transformers` (`npm install @xenova/transformers`). Falls back to full-text search if none are configured/available.
  • ⚠️OpenAI API Key (Paid): `OPENAI_API_KEY` environment variable is required if using OpenAI embedding models.
  • ⚠️Generate documentation tool (`generate_documentation`) requires `CODE-GRAPH-RAG-MCP` to be indexed first for comprehensive output.
Verified SafeView Analysis
The server performs extensive file system operations (read/write/move/delete conversation logs, database files, backups) within the user's home directory (`~/.claude/projects`, `~/.codex`, `~/.claude/backups`). This broad access is inherent to its functionality. SQL queries utilize prepared statements via 'better-sqlite3' to mitigate injection risks. No hardcoded secrets or 'eval' usage were found. Network calls are directed to configured embedding providers (local Ollama, Transformers.js, or external OpenAI API). Potential data loss risks exist with migration and deletion tools, but backups are automatically created.
Updated: 2025-11-30GitHub
PreviousPage 60 of 647Next