Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

48
5
High Cost
takereshui icon
Sec4

The server extracts text from various video and audio sources using multiple Automatic Speech Recognition (ASR) providers, including local Whisper and online services from JianYing (CapCut) and Bilibili.

Setup Requirements

  • ⚠️Requires FFmpeg to be installed on the system for audio extraction and processing.
  • ⚠️Whisper ASR provider (default) requires a one-time download of a ~1GB model on first use, which can take 10+ minutes and consumes significant disk space.
  • ⚠️Online ASR services (JianYing/Bcut) depend on the stability and availability of external, potentially reverse-engineered APIs, which may break without warning. The JianYing provider relies on an unverified third-party service for API signing.
Review RequiredView Analysis
The server disables SSL certificate verification for yt-dlp downloads (`nocheckcertificate: True`), which poses a significant Man-in-the-Middle (MiTM) risk. The JianYing ASR implementation relies on an external, unofficial third-party endpoint (`https://asrtools-update.bkfeng.top/sign`) for API signing, introducing a potential supply chain vulnerability. Using online ASR services inherently involves uploading audio data to third-party servers (ByteDance, Bilibili), which has privacy implications. No clear malicious patterns or hardcoded sensitive credentials were found, but the reliance on unverified external services and disabled SSL are critical concerns.
Updated: 2025-11-22GitHub
48
44
Medium Cost
PSU3D0 icon
Sec8

An LLM-friendly API server for analyzing and editing spreadsheet files, enabling 'discover → profile → extract' workflows, 'what-if' scenarios, and VBA inspection without dumping entire files into LLM context.

Setup Requirements

  • ⚠️LibreOffice (soffice) is a required external dependency for write, recalculation, and screenshot tools, and its setup is complex outside of Docker.
  • ⚠️A Docker environment is strongly recommended for write/recalc tools due to complex LibreOffice setup and security isolation.
  • ⚠️The server strictly operates within a configured `workspace_root`; all workbook paths must be located within this directory.
Review RequiredView Analysis
External execution of LibreOffice (`soffice`) for recalculation and screenshots introduces a significant attack surface. While the server implements strong path validation (`workspace_root`) to prevent path traversal and resource limits (file size, cache, concurrent processes, response size) to mitigate DoS, the security of LibreOffice's macro execution environment and the specific custom macros (source not provided) are critical points of trust. The project strongly recommends running write/recalc features within a Docker container for isolation. Parsing complex Excel files via `umya_spreadsheet` also presents potential vulnerabilities. The server allows explicit control over overwriting original files via the `--allow-overwrite` flag.
Updated: 2026-01-08GitHub
48
62
Medium Cost
modelcontextprotocol icon

example-remote-server

by modelcontextprotocol

Sec9

A reference server demonstrating all Model Context Protocol (MCP) features and OAuth 2.0 authentication patterns.

Setup Requirements

  • ⚠️Requires Node.js >= 16.
  • ⚠️Docker is required for Redis-backed (persistent and multi-instance) session storage; otherwise, sessions are in-memory and non-persistent.
  • ⚠️The AUTH_SERVER_URL environment variable is required if AUTH_MODE is set to 'external'.
Verified SafeView Analysis
The server implements OAuth 2.0 with PKCE, robust token validation via introspection, and secure session management with user isolation. It utilizes environment variables for sensitive configuration and includes rate limiting for authentication and static assets. Permissive CORS is intentionally enabled for a public reference server to facilitate testing, but should be tightened for production deployments. No hardcoded secrets, obfuscation, or explicit malicious patterns were identified. Duplicate authorization code usage is detected and leads to token revocation, preventing replay attacks.
Updated: 2026-01-16GitHub
48
95
Low Cost
miantiao-me icon

github-stars

by miantiao-me

Sec7

A Cloudflare-powered MCP server allowing natural language search and query of GitHub starred repositories.

Setup Requirements

  • ⚠️Requires GitHub Personal Access Token with `repo` scope.
  • ⚠️Requires a Cloudflare account with R2 storage and AutoRAG instance configured.
  • ⚠️Requires Node.js (v22 recommended) and PNPM package manager.
Verified SafeView Analysis
The server uses API key authentication (MCP_API_KEY) which is good. However, it requires a GitHub Personal Access Token (GH_TOKEN) with 'repo' scope, which is a high-privilege secret. This token is used to fetch all starred repositories and their READMEs. If compromised, it could expose sensitive repository data. The processed data is stored in Cloudflare R2 and indexed by Cloudflare AutoRAG; security depends on the robustness of these Cloudflare services and the user's configuration of R2 access credentials. The API response returns stringified raw data from AutoRAG, which may contain sensitive information depending on the source data.
Updated: 2026-01-17GitHub
48
66
Medium Cost
3ddelano icon
Sec4

The plugin enables AI models to directly control and automate tasks within the Godot Game Engine editor, such as scene creation, node manipulation, script editing, and debugging.

Setup Requirements

  • ⚠️Requires Godot Engine 4.1+ installed.
  • ⚠️Requires an MCP client (e.g., Cursor, Claude Desktop, VS Code extension) to interact with the server.
  • ⚠️Plugin installation within a Godot project is required, followed by configuration in the chosen MCP client.
Review RequiredView Analysis
The actual plugin source code (beyond README.md) is not provided, making a thorough security audit impossible. The plugin grants external AI clients significant control over the Godot editor and its project files, including reading, writing, and executing scripts. This high level of control inherently carries security risks. If the connected MCP client or the underlying AI model were compromised, it could lead to unauthorized modifications, data exfiltration, or arbitrary code execution within the user's development environment. The README's advice to "not commit the plugin to the public repository of your game" suggests a potential for sensitive exposure or misuse if not carefully managed. Without details on network communication security, input sanitization, and access control mechanisms, the potential for vulnerabilities remains significant.
Updated: 2026-01-16GitHub
48
116
High Cost
gustavoeenriquez icon

MakerAi

by gustavoeenriquez

Sec5

Enables Delphi developers to create and deploy custom AI orchestration services as MCP Servers, supporting various LLM providers and RAG capabilities.

Setup Requirements

  • ⚠️Requires a valid API key for external LLM providers (e.g., OpenAI, Gemini, Claude) which may incur costs.
  • ⚠️Requires Delphi 11 Alexandria, 12 Athens, or 13 Florence IDE for development and compilation.
  • ⚠️The MCP SSE Server implementation is experimental and may have intermittent connectivity drops.
  • ⚠️Compiling for Linux requires significant manual adjustments to library paths and dependencies.
Review RequiredView Analysis
Cannot perform a detailed security audit as the actual Delphi source code files were not provided, only the README.md. No 'eval', obfuscation, hardcoded secrets, or malicious patterns were identified within the *provided text*, but this does not reflect the underlying Delphi code. A neutral score is given due to lack of actionable audit information.
Updated: 2026-01-15GitHub
48
59
Low Cost
softwaremill icon

chimp

by softwaremill

Sec9

Builds Model Context Protocol (MCP) servers in Scala 3, exposing type-safe tools over a JSON-RPC HTTP API.

Setup Requirements

  • ⚠️Requires Scala 3 and a Java Virtual Machine (JVM) to run.
  • ⚠️The `scala-cli` tool is required to run the quickstart and other examples directly as standalone scripts.
Verified SafeView Analysis
The library is designed with type-safety and relies on Circe for JSON decoding, which inherently mitigates common injection risks by strictly mapping incoming JSON to predefined Scala types. There is no evidence of 'eval' or dynamic code execution based on user-supplied input. Examples involving external network calls (e.g., weather tool) use hardcoded API endpoints, preventing user-supplied URL injection. JSON-RPC requests are parsed and dispatched with explicit error handling for invalid requests, methods, or parameters. No hardcoded secrets or credentials were identified in the provided source code.
Updated: 2026-01-18GitHub
48
155
Medium Cost
tuannvm icon
Sec9

This client bridges Slack with AI models and external tools via the Model Context Protocol (MCP), enabling AI to interact with real systems and data through Slack conversations.

Setup Requirements

  • ⚠️Requires Slack Bot and App tokens for integration.
  • ⚠️Requires OpenAI API Key (a paid service) for OpenAI LLM and RAG features, or other LLM API keys for alternative providers.
  • ⚠️Full functionality depends on external Model Context Protocol (MCP) servers (e.g., filesystem, Git, Kubernetes) which need to be deployed and configured separately.
Verified SafeView Analysis
The project demonstrates robust security practices, including the use of environment variables for secrets, explicit access control for Slack interactions, tool-level permissions (allow/block lists) for MCP servers, and integration of security scanning (Trivy, govulncheck) in its CI/CD pipeline. The use of `exec.Command` for stdio MCP servers is configured by administrators, not directly exposed to untrusted user input. Network policies are also supported in Helm deployments. The primary security risk lies in misconfiguration (e.g., allowing overly permissive tools or access) rather than inherent vulnerabilities in the client's codebase itself, which provides the necessary controls for secure operation.
Updated: 2026-01-01GitHub
47
63
Low Cost
kadykov icon
Sec8

Provides token-efficient, on-demand access to OpenAPI and Swagger specifications for MCP clients (like LLMs) by exposing parts of the specification via resource templates.

Setup Requirements

  • ⚠️Requires Node.js (v22+ recommended) OR Docker installed.
  • ⚠️Requires an existing OpenAPI v3.0 or Swagger v2.0 specification file (local or remote URL).
  • ⚠️Requires an MCP client application (e.g., Claude Desktop, Windsurf, Cline) to connect and interact with the server.
Verified SafeView Analysis
The server primarily parses and traverses OpenAPI/Swagger specifications. The main attack surface is the `specPath` argument, which can be a local file path or a remote URL. While the server doesn't execute arbitrary code directly from the spec content, a malicious or extremely large/malformed spec could potentially lead to DoS or parser vulnerabilities in the `swagger2openapi` library or underlying JSON/YAML parsers. All URI path components are URL-encoded, and object lookups use Maps to mitigate prototype pollution.
Updated: 2026-01-19GitHub
47
61
Medium Cost
aliyun icon
Sec8

The server provides AI-driven interaction capabilities for Alibaba Cloud observability products (SLS, ARMS, CloudMonitor, Prometheus), enabling natural language queries and analysis of multimodal data by mapping natural language to standardized tool calls.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Requires Alibaba Cloud Access Key ID and Access Key Secret with appropriate permissions for SLS, CMS, and potentially ARMS (including `sls:CallAiTools` for AI features).
  • ⚠️Requires active Alibaba Cloud Log Service (SLS) and Cloud Monitor Service (CMS) instances with configured data.
Verified SafeView Analysis
The server explicitly warns about network exposure risks when running with SSE transport, emphasizing that users are responsible for access control. Credentials (Access Key ID/Secret, STS Token, RAM Role ARN) are handled securely via environment variables or direct parameters, not hardcoded. Standard Alibaba Cloud SDKs are used for interactions. No obvious malicious patterns or 'eval' usage were found. The primary security consideration is proper deployment and access control by the user, especially when exposing the server publicly with valid cloud credentials.
Updated: 2026-01-13GitHub
47
35
Medium Cost
Sec8

An MCP server and Claude plugin providing AI assistants with advanced PostgreSQL knowledge through semantic documentation search and curated best practice skills.

Setup Requirements

  • ⚠️Docker/Docker Compose is required for local deployment and development, as indicated by Dockerfile and docker-compose.yml.
  • ⚠️A PostgreSQL database, likely with a vector extension (e.g., pgvector), is necessary to run the full documentation search capabilities locally.
  • ⚠️Requires a Node.js runtime environment if not deployed via Docker.
Verified SafeView Analysis
The project serves as an MCP server, exposing tools with defined inputs. While any server has inherent network exposure, the described tools (semantic search, skill retrieval) appear to have constrained inputs, minimizing the risk of direct arbitrary code execution. Potential risks would be unhandled path traversal in 'view_skill' (if 'path' is not sanitized) or resource exhaustion from large search queries, but the 'limit' parameter helps mitigate the latter. Without full code review, it's assumed standard secure coding practices are followed for input validation and database interactions.
Updated: 2025-11-17GitHub
47
15
Medium Cost
tmonk icon

mcp-stata

by tmonk

Sec7

Connects AI agents to a local Stata installation for executing commands, analyzing data, generating visualizations, and inspecting results.

Setup Requirements

  • ⚠️Requires Stata 17+ (commercial software, not open source).
  • ⚠️Requires Python 3.12+.
  • ⚠️Manual configuration of `STATA_PATH` environment variable may be needed if Stata auto-discovery fails.
  • ⚠️Installation recommends `uv` tool.
Verified SafeView Analysis
The server includes an `eval()` function in `stata_client.py` for evaluating user-provided filter expressions. While `__builtins__` is restricted to an empty dictionary, `eval()` remains a pattern that requires careful scrutiny for potential sandbox escapes, especially if Stata variable names could be manipulated. `subprocess.run()` is used for specific tasks (e.g., Windows PNG export, log reading fallback) and sometimes with `shell=True`, but paths are typically generated internally via `tempfile`, mitigating direct shell injection risks from user input. The internal HTTP server for data browsing is restricted to localhost (`127.0.0.1`) and secured with short-lived bearer tokens, limiting external attack surface. Overall, common patterns with known risks are present but with noticeable mitigation strategies.
Updated: 2026-01-19GitHub
PreviousPage 62 of 760Next