Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(7756)

47
145
Low Cost
jcaromiq icon

goku

by jcaromiq

Sec4

Goku is an HTTP load-testing tool designed for benchmarking and performance analysis of web services; the MCP server allows LLM agents to programmatically interact with this load testing functionality.

Setup Requirements

  • ⚠️Requires Rust toolchain (`cargo`) for building from source or `curl`/`wget` for script installation.
  • ⚠️The MCP server runs as a long-running process and communicates via standard I/O (stdio), requiring proper process management.
Review RequiredView Analysis
The `reqwest` client used for making HTTP requests is configured by default with `danger_accept_invalid_certs(true)`, which disables SSL/TLS certificate validation. This makes all requests vulnerable to man-in-the-middle attacks and should be addressed by either enabling validation by default or providing a clear, configurable option to disable it only when necessary. The MCP server allows arbitrary URL targets for load testing, which, if not properly sandboxed or secured, could be misused by an agent to target internal networks or perform unintended requests.
Updated: 2025-11-25GitHub
47
63
Medium Cost
AzureCosmosDB icon
Sec9

Enables AI assistants (LLMs like Claude, Continue.dev) to interact with and query Azure Cosmos DB databases using natural language.

Setup Requirements

  • ⚠️Requires an existing Azure Cosmos DB account with configured URI, key (or Managed Identity), database, and container.
  • ⚠️Requires Python 3.8 or higher, Node.js 14+ (for JavaScript sample), Go, or Java for respective implementations.
  • ⚠️Claude Desktop integration requires setting up an additional Python proxy script to bridge STDIO to HTTP transport.
Verified SafeView Analysis
The server loads sensitive Cosmos DB credentials from environment variables or a .env file, supporting Azure Managed Identity for enhanced security, which is a good practice. Default network binding is to localhost (127.0.0.1:8080), limiting external exposure. No explicit 'eval' usage or code obfuscation was found. Error handling for tool calls wraps exceptions, preventing direct exposure of internal stack traces, though some generic error messages might reveal operation failure types.
Updated: 2025-11-25GitHub
47
39
Medium Cost
crawlbase icon

crawlbase-mcp

by crawlbase

Sec9

A Model Context Protocol (MCP) server that enables AI agents and LLMs to fetch fresh, structured, real-time web content (HTML, Markdown, screenshots) via Crawlbase's scraping infrastructure.

Setup Requirements

  • ⚠️Requires free/paid Crawlbase API tokens (CRAWLBASE_TOKEN, CRAWLBASE_JS_TOKEN).
  • ⚠️Requires Node.js version >= 18.0.0.
Verified SafeView Analysis
The server uses Zod for robust input validation on all API parameters, significantly reducing injection risks. It handles sensitive tokens by allowing them via environment variables or per-request HTTP headers, which is a good security practice. File system access is limited to reading static `package.json` and controlled debug logs. The use of `sharp` for image processing includes size limits (8000px max dimension) to prevent potential image-bomb attacks. Debug logging, if enabled in production, could potentially expose request details, but this is an opt-in configuration.
Updated: 2025-11-25GitHub
47
58
High Cost
shredEngineer icon

Archive-Agent

by shredEngineer

Sec8

An intelligent file indexer with powerful AI search (RAG engine), automatic OCR, and a seamless MCP interface for document retrieval and question answering.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid) if OpenAI provider is selected, or local Ollama/LM Studio setup with specific models.
  • ⚠️Requires Docker for Qdrant server, or ARCHIVE_AGENT_QDRANT_IN_MEMORY environment variable for in-memory Qdrant.
  • ⚠️Requires Python >= 3.10, Pandoc, and a spaCy 'en_core_web_md' model.
  • ⚠️Initial installation requires running a shell script with chmod +x and sudo for system-level packages.
Verified SafeView Analysis
The MCP server can be configured to listen on all network interfaces (0.0.0.0), which could expose it to a local area network without explicit authentication. While MCP tools are read-only, users should be aware of this configuration option. The system uses environment variables for sensitive API keys (e.g., OPENAI_API_KEY) and relies on Docker for Qdrant, which is good practice. File processing, including OCR and entity extraction, inherently carries risks of processing untrusted content, though no direct execution vulnerabilities are apparent in the provided code.
Updated: 2025-12-02GitHub
46
23
High Cost
aws-solutions-library-samples icon

guidance-for-vibe-coding-with-aws-mcp-servers

by aws-solutions-library-samples

Sec8

This project provides guidance on building AI-powered development workflows using Amazon Bedrock AgentCore and the Model Context Protocol (MCP) for an interactive hotel booking agent system, demonstrating 'vibe coding' techniques.

Setup Requirements

  • ⚠️Requires Node.js (v20.18.1+) and pnpm to run local documentation and CDK commands.
  • ⚠️Requires Python 3.13 (as per ruff.toml), uv, AWS CLI, AWS CDK CLI, Docker, and Graphviz for full deployment.
  • ⚠️Requires an AWS account with appropriate IAM permissions for deploying CloudFormation stacks.
  • ⚠️AWS Bedrock AgentCore requires ARM64 container images; Docker Desktop handles emulation, but Docker Engine users may need specific binfmt setup.
  • ⚠️For AWS Workshop Studio users, a shell script (`tools/workshop-studio/scripts/open-vite-access.sh`) is required to open firewall rules (port 5173) for Vite dev server access using the participant's public IP.
Verified SafeView Analysis
The project uses AWS Secrets Manager and Parameter Store (SecureString) for managing API keys and Cognito credentials, which is a good practice. API Gateway access is restricted to the deploying AWS account via resource policies, enhancing security. However, the `open-vite-access.sh` script, intended for workshop environments, directly modifies security group ingress rules based on user-provided IP, which is a critical operation and could pose a risk if the input or script is compromised. Additionally, API Gateway logging to CloudWatch is suppressed by default for ease of deployment, potentially reducing monitoring visibility in a production scenario. Some CDK Nag suppressions are noted and justified for a workshop, but would require further hardening for production.
Updated: 2025-12-08GitHub
46
13
High Cost
OriNachum icon

reachy-mini-mcp

by OriNachum

Sec7

Control a Reachy Mini robot through an MCP or OpenAI-compatible API, enabling dynamic execution of robot movements, gestures, and conversational interactions.

Setup Requirements

  • ⚠️Requires a Reachy Mini Robot (physical or simulated via MuJoCo).
  • ⚠️Requires the Reachy Mini Daemon running and accessible (default: http://localhost:8000).
  • ⚠️Requires Python 3.10+.
  • ⚠️For TTS functionality, requires the 'piper' executable and a compatible voice model (e.g., set `PIPER_MODEL` environment variable).
  • ⚠️Full 'Conversation Stack' including an LLM (e.g., Llama-3.2-3B-Instruct-FP8 via vLLM) requires Docker and GPU hardware for efficient inference.
Verified SafeView Analysis
The server uses dynamic loading of Python scripts from a controlled 'tools_repository/scripts' directory for tool execution via `importlib.util.spec_from_file_location` and `spec.loader.exec_module`. While this is dynamic code execution, it's safer than `eval()` or `exec()` of arbitrary strings, which the `INLINE_REMOVAL_SUMMARY.md` explicitly states have been removed. The `tts_queue.py` module utilizes `subprocess.run` and `subprocess.Popen` to interact with `piper` (TTS) and `aplay` (audio playback); inputs for these commands appear to be reasonably handled (e.g., text via stdin, temporary files for audio) to mitigate injection risks. No obvious hardcoded secrets were found, with environment variables used for configuration. If `server_openai.py` is used, it binds to `0.0.0.0` which means it can be externally accessible if the host's firewall permits, posing a standard network exposure risk. The most significant inherent security consideration is the power of the `operate_robot` tool, especially in its 'sequence mode', when controlled by an external, potentially unconstrained LLM, which could lead to unintended or potentially destructive robot actions.
Updated: 2025-11-21GitHub
46
45
Low Cost
MCPCat icon
Sec9

This SDK integrates with MCP (Multi-Agent Communication Protocol) servers to collect user behavior analytics and forward telemetry (logs, traces, errors) to an analytics platform or third-party observability tools.

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️Needs an existing MCP server instance (official 'mcp' or community 'fastmcp') to integrate with.
  • ⚠️Requires 'project_id' for MCPCat analytics and/or specific API keys/DSNs (e.g., DD_API_KEY, SENTRY_DSN) for optional telemetry exporters.
Verified SafeView Analysis
The SDK leverages monkey-patching for deep integration with MCP server methods to intercept tool registration and execution. While this is a powerful technique, it appears to be implemented carefully for legitimate instrumentation purposes (adding context, tracking tool calls, adding a 'get_more_tools' tool) rather than arbitrary code execution. No direct use of 'eval' or obvious malicious patterns were found. Sensitive data redaction is supported via a user-defined hook. External network connections are made to the MCPCat analytics platform (hardcoded endpoint) and configurable third-party observability tools (OTLP, Datadog, Sentry), which is part of its core functionality. API keys and DSNs for these services are expected to be provided via configuration, not hardcoded within the SDK.
Updated: 2025-12-10GitHub
46
4
High Cost
missdeer icon

codex-mcp-rs

by missdeer

Sec9

Acts as an MCP server wrapping the Codex CLI for high-performance AI-assisted coding tasks.

Setup Requirements

  • ⚠️Requires Codex CLI installed and configured on your system.
  • ⚠️Requires Claude Code or another MCP client for interaction.
  • ⚠️Requires Rust 1.70+ (for building from source, NPM install uses pre-built binaries).
Verified SafeView Analysis
The server implements robust security measures for an AI agent wrapper. It defaults to safe sandbox policies (read-only) and requires explicit environment variable flags (CODEX_ALLOW_DANGEROUS, CODEX_ALLOW_YOLO, CODEX_ALLOW_SKIP_GIT_CHECK) to enable potentially dangerous modes. It enforces timeouts (MAX_TIMEOUT_SECS) to prevent unbounded execution and performs thorough path validation (working directory, image files) to mitigate file system manipulation risks. Output streaming includes size limits (MAX_AGENT_MESSAGES_SIZE, MAX_ALL_MESSAGES_SIZE, MAX_STDERR_SIZE, MAX_LINE_LENGTH) to prevent Out-Of-Memory attacks from large responses. The npm installation process downloads pre-built binaries from GitHub releases, which is a common and generally trusted distribution method. No 'eval' or obvious hardcoded secrets found. The primary remaining risk would be vulnerabilities within the underlying third-party Codex CLI itself, which this server wraps.
Updated: 2025-12-06GitHub
46
61
High Cost
wysh3 icon
Sec8

This server provides AI-powered research capabilities by automating interactions with Perplexity.ai's web interface, offering web search, content extraction, chat, and developer tooling without requiring API keys.

Setup Requirements

  • ⚠️Requires Bun runtime and Node.js 18+ for TypeScript compilation.
  • ⚠️Optional Perplexity Pro account support requires a one-time manual browser login via 'bun run login' to save the session.
  • ⚠️Browser automation is resource-intensive (CPU/RAM) and performance depends on website consistency, potentially leading to instability or timeouts.
Verified SafeView Analysis
The server relies heavily on Puppeteer for browser automation, which inherently involves executing JavaScript in a browser context when visiting external websites (e.g., Perplexity.ai, or arbitrary URLs for content extraction). The codebase demonstrates good practices such as filtering unsafe URL schemes (e.g., 'javascript:') in extracted content, implementing content type checks before extensive parsing, and using static scripts for browser evasion. There are no direct 'eval' calls in the Node.js server context handling user input. The main security considerations are the inherent risks of browser automation against external, potentially untrusted sites, and the stability/integrity of Perplexity.ai's website. The use of 'gitingest.com' for GitHub content is an external dependency risk.
Updated: 2025-12-13GitHub
46
25
Low Cost
Sec7

A backend server for a Minecraft-related application, likely providing data management or proxy services.

Setup Requirements

  • ⚠️Docker and Docker Compose are required for a quick start and deployment.
  • ⚠️A database (e.g., PostgreSQL, likely specified in docker-compose.yml or migrations) is required for data persistence; configuration will be via environment variables (see .env.sample).
  • ⚠️Node.js and npm/yarn are needed for local development setup and dependency management.
Verified SafeView Analysis
This is a standard Node.js/TypeScript backend server setup. Risks primarily stem from network exposure, configuration (e.g., sensitive environment variables), and potential supply chain vulnerabilities from npm dependencies. Use of Docker aids in containerization and isolation. No immediate signs of 'eval' or obfuscation were identified from the file list.
Updated: 2025-11-18GitHub
46
24
Low Cost
gsong icon

ccmcp

by gsong

Sec9

CLI tool to intelligently discover, validate, and select MCP server configurations for Claude Code before launching it.

Setup Requirements

  • ⚠️Requires Claude Code to be installed and available in your system's PATH.
  • ⚠️Requires Node.js 20+ to run.
  • ⚠️Full Terminal User Interface (TUI) features require a terminal with TTY support; otherwise, it falls back to a text-based prompt.
Verified SafeView Analysis
The server's core functionality involves local file system interaction and launching an external executable ('claude'). It utilizes `shell-quote` for proper argument escaping when spawning child processes, which is crucial for preventing command injection vulnerabilities. `execSync` is used for internal git commands, which is low risk in this context. No hardcoded secrets, 'eval', or code obfuscation were found. The primary security considerations depend on the 'claude' executable it launches and the user-defined MCP configurations, not the ccmcp tool itself.
Updated: 2025-12-14GitHub
46
51
Medium Cost
mailtrap icon

mailtrap-mcp

by mailtrap

Sec9

Provides an MCP server to send transactional emails, test emails in a sandbox, and manage email templates via Mailtrap.

Setup Requirements

  • ⚠️Requires a Mailtrap account, verified domain, API token, and Account ID. Sandbox functionality additionally requires a Mailtrap Test Inbox ID.
  • ⚠️Requires Node.js version >=16.20.1.
  • ⚠️Environment variables must be explicitly set for `MAILTRAP_API_TOKEN`, `DEFAULT_FROM_EMAIL`, `MAILTRAP_ACCOUNT_ID`, and `MAILTRAP_TEST_INBOX_ID`.
Verified SafeView Analysis
The server correctly uses environment variables for sensitive API tokens and IDs. Input validation is implemented using Zod schemas for tool inputs and additional runtime checks for content requirements. There are no apparent uses of 'eval', code obfuscation, or direct hardcoded secrets in the provided source. Network activity is limited to communication with the Mailtrap API via its official SDK and the MCP protocol. The overall structure and dependency usage indicate a well-engineered and secure approach.
Updated: 2025-12-12GitHub
PreviousPage 63 of 647Next