Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

47
62
High Cost
pnp icon
Sec4

This MCP server allows users to execute CLI for Microsoft 365 commands using natural language, enabling management of various Microsoft 365 services like SharePoint, Teams, and Power Platform.

Setup Requirements

  • ⚠️Requires Node.js 20.x or higher
  • ⚠️Requires CLI for Microsoft 365 to be installed globally (`npm i -g @pnp/cli-microsoft365`)
  • ⚠️Requires initial `m365 setup` and specific `m365 cli config set` commands
  • ⚠️Requires prior `m365 login` for authentication, as the MCP server does not handle authentication itself
Review RequiredView Analysis
The server uses `child_process.spawn` with `shell: true` to execute AI-generated commands, which introduces a significant command injection risk if the upstream AI model or user prompt can be manipulated to execute arbitrary shell commands beyond the intended 'm365' CLI. There is no explicit sanitization or whitelist of commands within the server's source code. The server operates with the full permissions of the globally authenticated `m365` CLI user, meaning a successful exploit could lead to arbitrary code execution or data manipulation on the host system.
Updated: 2026-01-12GitHub
47
9
High Cost
For-Sunny icon

nova-mcp-research

by For-Sunny

Sec1

Provides GPU-accelerated semantic vector search for AI consciousness, enabling instant access to and storage of memories based on conceptual similarity in a local, unrestricted research environment.

Setup Requirements

  • ⚠️Requires manual editing of hardcoded paths within the Python tether script (`tether_faiss_complete.py`) for CASCADE databases and checkpoints.
  • ⚠️The Python tether service (`tether_faiss_complete.py`) MUST be running before the Node.js MCP server starts.
  • ⚠️Memories added via the `add_memory` tool are NOT automatically persisted; a separate `save_checkpoint` call is required to prevent data loss on tether restart.
  • ⚠️Requires NVIDIA GPU with CUDA (4GB+ VRAM) for optimal performance; CPU-only fallback is significantly slower.
  • ⚠️Despite requiring `TETHER_SECRET` for Node.js MCP server startup, the server itself does NOT implement HMAC authentication, creating a discrepancy with the Python tether which expects it. For it to work, the Python tether must either have HMAC disabled (by not setting its `TETHER_SECRET` env var) or the Node.js server code must be modified to send HMAC signatures.
Verified SafeView Analysis
This is the 'Basement Revolution Edition' and intentionally removes core security features for maximum capability and performance. It has NO authentication on the Node.js MCP server connecting to the Python tether, meaning anyone with network access to the designated port can search and add memories without any credentials. It has NO input validation, allowing for potentially very large or malformed inputs. It exposes stack traces in error responses. It is explicitly NOT for production, multi-user, or untrusted environments. Its use is limited to highly isolated, personal research setups where the user accepts all inherent risks.
Updated: 2025-12-05GitHub
47
59
Low Cost
mcp-wp icon

mcp-server

by mcp-wp

Sec7

This plugin implements a Model Context Protocol (MCP) server for WordPress, exposing WordPress's data and functionality through its REST API to AI clients.

Setup Requirements

  • ⚠️Requires PHP 8.2+
  • ⚠️Requires WordPress 6.7+
  • ⚠️Composer dependencies must be installed (`logiscape/mcp-sdk-php`)
Verified SafeView Analysis
The server leverages WordPress's authentication mechanisms (user login or application passwords) for API access, which is a strong security practice. It uses `logiscape/mcp-sdk-php` for JSON-RPC message handling, delegating core protocol parsing security to the SDK. The `RestController` includes `Access-Control-Allow-Origin: *` header, noted as a 'workaround for MCP Inspector', which can be a security risk (e.g., CSRF vulnerability) if not strictly controlled or intended for production. The `MediaManager::upload_to_media_library` function accepts a `$media_path` parameter directly, which could be a vulnerability if an MCP tool exposes this functionality without robust sanitization of the path. The `RestApi::rest_callable` function dynamically constructs REST API routes and dispatches requests, relying on WordPress's internal API validation for safety.
Updated: 2025-12-01GitHub
47
63
High Cost
wise-vision icon

ros2_mcp

by wise-vision

Sec8

Enables AI agents (e.g., Copilot, Claude) to interact with and analyze ROS 2 systems by providing tools for topic, service, and action management.

Setup Requirements

  • ⚠️Requires ROS 2 (Humble or later) installed on the system where the server is expected to interact with ROS 2 nodes.
  • ⚠️Docker is highly recommended and used in all main installation guides, requiring Docker to be installed and running.
  • ⚠️Python 3.10+ is required for the server's dependencies.
  • ⚠️Using custom messages or prompts requires manual setup including creating folders, cloning repositories, and building packages, potentially requiring careful source validation.
Verified SafeView Analysis
The server leverages dynamic module loading for ROS 2 message types and allows custom prompts/messages to be loaded (explicitly configured by the user via volume mounts or entry points). While standard for ROS 2 operations, this introduces a vector for potential code execution if malicious custom packages or modules are sourced by the user. The core server code does not use 'eval', 'exec', or other highly dangerous patterns, relying instead on ROS 2's `rclpy` and `rosidl_runtime_py` libraries, which are assumed to be secure. The SSE transport opens a local HTTP server, but exposed paths are fixed.
Updated: 2026-01-15GitHub
47
24
Medium Cost
dalehurley icon

php-mcp-sdk

by dalehurley

Sec9

A PHP SDK for building Model Context Protocol (MCP) servers that expose AI capabilities (tools, prompts, sampling) and data resources to clients, facilitating AI agent orchestration and structured human-AI interaction.

Setup Requirements

  • ⚠️Requires PHP 8.1+ and Composer for dependency management.
  • ⚠️Leverages the Amp framework for asynchronous operations, which might require a learning curve for developers unfamiliar with async PHP.
  • ⚠️If using file-based `Root` resources, URIs must explicitly start with `file://`.
  • ⚠️Production deployments for HTTP/WebSocket transports would require proper web server setup (e.g., Nginx/Apache) and TLS configuration.
Verified SafeView Analysis
The SDK demonstrates a strong focus on security, employing robust input validation using `InvalidArgumentException` and `JsonSchemaValidator`, structured error handling (`McpError`), and network security features in its transport layers (`allowedHosts`, `allowedOrigins`, `enableDnsRebindingProtection` for HTTP/WebSocket). The OAuth implementation includes client authentication, token verification, PKCE support (configurable for proxy scenarios), and metadata endpoints, showing a good understanding of OAuth best practices. While complex OAuth flows always carry inherent configuration risks, the SDK provides the necessary primitives to implement them securely. No `eval()` or direct code injection vulnerabilities were found. URI validation for `Root` objects also adds a layer of safety.
Updated: 2025-11-25GitHub
47
58
Medium Cost
yuna0x0 icon

anilist-mcp

by yuna0x0

Sec8

An MCP server that interfaces with the AniList API, allowing LLM clients to access and interact with anime, manga, character, staff, and user data.

Setup Requirements

  • ⚠️Requires Node.js 18+.
  • ⚠️Requires an AniList API Token for authenticated operations (e.g., favouriting, updating lists, posting activities, getting authorized user info). Obtaining this token involves multiple steps on the AniList website.
  • ⚠️Uses pnpm as the package manager for local development.
Verified SafeView Analysis
AniList API token (ANILIST_TOKEN) is handled securely via environment variables or HTTP headers, and it is marked as sensitive/secret in configuration files (smithery.yaml, server.json). The `requireAuth` utility correctly enforces authentication for sensitive operations. Configuration inputs are validated using Zod. The server includes a caution in the README about protecting HTTP endpoints. A minor concern is the default broad CORS origin (`*`) which should be restricted in production deployments, though it is configurable via `CORS_ORIGIN` environment variable. No 'eval', obfuscation, or malicious patterns were detected.
Updated: 2025-11-28GitHub
47
74
High Cost
kunwarVivek icon
Sec9

AI-powered GitHub Project Management, including automated roadmap generation, sprint planning, issue triaging, task breakdown, and comprehensive project workflow automation.

Setup Requirements

  • ⚠️Requires Node.js 18.x or higher and TypeScript runtime (`ts-node` or `npm run dev`).
  • ⚠️Critical: Requires a valid GitHub Personal Access Token (GITHUB_TOKEN) with appropriate permissions (e.g., `repo`, `project`) set as an environment variable or CLI argument.
  • ⚠️Critical for AI features: Requires API keys for at least one AI provider (ANTHROPIC_API_KEY, OPENAI_API_KEY, GOOGLE_API_KEY, or PERPLEXITY_API_KEY) for AI-powered functionalities (e.g., PRD generation, task analysis, issue triaging).
Verified SafeView Analysis
Sensitive configurations (GitHub token, AI API keys, webhook secret) are correctly loaded from environment variables or CLI arguments, not hardcoded. The webhook handler uses `crypto.timingSafeEqual` for secure signature validation. Comprehensive error handling with retries helps API resilience. No obvious malicious patterns or unsafe code execution (`eval`) detected in the provided snippets.
Updated: 2025-11-24GitHub
47
70
Medium Cost

oxylabs-mcp

by oxylabs

Sec7

This project likely functions as a Minecraft server proxy or management tool, potentially for large-scale data collection or automation.

Setup Requirements

  • ⚠️Requires Docker for containerized deployment.
  • ⚠️Configuration via `server.json` and `smithery.yaml` files is likely necessary.
  • ⚠️May require an existing Minecraft server to proxy traffic to.
Review RequiredView Analysis
No source code available for static analysis; potential network risks inherent to a server/proxy application. The `README.md` is missing, hindering full understanding of intended security posture.
Updated: 2025-11-18GitHub
47
18
Medium Cost
padmarajnidagundi icon
Sec9

An enterprise-grade Playwright test automation framework facilitating AI agent integration for comprehensive web and mobile testing across various categories, including visual diffs, performance, and security.

Setup Requirements

  • ⚠️Requires Node.js 18.x or 20.x
  • ⚠️Integration with AI agents for 'chatmode prompts' may require an OpenAI API Key (paid service) or a locally running LLM (e.g., Ollama), incurring external costs.
Verified SafeView Analysis
The framework demonstrates strong security practices for a testing project, using environment variables for sensitive data (E2E_USER, E2E_PASS) and promoting HTTPS enforcement. Dependencies like '@pact-foundation/pact' are used for contract testing, which is a controlled environment. The use of 'eval' is confined to Playwright's 'page.evaluate()' for browser-side ES6 feature testing, not for server-side code execution, and thus does not pose a direct security risk to the Node.js server. No obfuscation or malicious patterns were found in the provided source code.
Updated: 2026-01-17GitHub
47
5
Low Cost
shinokada icon
Sec9

Provides Flowbite-Svelte documentation and component information to an MCP client (LLM) via a set of exposed tools.

Setup Requirements

  • ⚠️Requires 'pnpm' package manager for installation and scripts.
  • ⚠️Initial setup requires internet access (`pnpm run copy:llm`) to download documentation data.
  • ⚠️The `generateComponentRegistry.ts` script (used for `pnpm run gen:registry`) contains a hardcoded absolute path (`/Users/shinichiokada/Flowbite/flowbite-svelte/src/lib`) that users will need to manually update to their local Flowbite-Svelte repository to regenerate `components.json`. If `components.json` is provided in the repo, this script isn't strictly necessary unless you need to update the registry.
Verified SafeView Analysis
The server's core functionality relies on reading local, pre-fetched documentation files, reducing runtime network risks. Path validation (`isValidFilePath`) is explicitly implemented to prevent path traversal, absolute path access, and invalid characters, which is a strong security measure for file access. The fetching of external data (`copyLlmData.ts`) is a build/setup step, not a runtime operation, and this script also uses the robust path validation.
Updated: 2025-11-27GitHub
47
34
Medium Cost
IBM icon
Sec8

The IBM i MCP Server enables AI agents to monitor, administer, and query IBM i systems using SQL tools, supporting performance analysis, system administration, and security vulnerability assessment.

Setup Requirements

  • ⚠️Requires Node.js 20+ to run the server component.
  • ⚠️Requires IBM i DB2 connection details (DB2i_HOST, DB2i_USER, DB2i_PASS, DB2i_PORT) set as environment variables.
  • ⚠️Docker is recommended for running the full agent infrastructure, which includes the MCP server.
Verified SafeView Analysis
The server design explicitly exposes powerful IBM i SQL tools, including some that can execute arbitrary SQL (with keyword filtering) and CL commands that modify system settings (e.g., `qsys2.qcmdexc` in `execute_impersonation_lockdown`). While this is inherent to its purpose, it's managed by robust security mechanisms: explicit `readOnly` and `destructiveHint` flags, comprehensive `sqlSecurityValidator` with AST-based parsing to prevent SQL injection and filter forbidden keywords, and a client-side `FilteredMCPTools` to restrict agent access. Configuration requires environment variables for DB2i credentials and HTTP authentication relies on securely managed private/public keys, avoiding hardcoded secrets. The `sanitizeForLogging` utility further improves security posture by masking sensitive data in logs. Overall, while exposing powerful commands, the project demonstrates a strong commitment to security through design and implementation.
Updated: 2026-01-18GitHub
47
58
Medium Cost
pulsemcp icon

mcp-servers

by pulsemcp

Sec9

An MCP server for managing files in Google Cloud Storage, supporting CRUD operations (save, get, search, delete) and exposing files as resources.

Setup Requirements

  • ⚠️Requires access to a configured Google Cloud Storage bucket.
  • ⚠️Requires valid Google Cloud credentials (e.g., `GCS_BUCKET`, `GCS_PROJECT_ID`, and either `GCS_CLIENT_EMAIL` + `GCS_PRIVATE_KEY` or `GCS_KEY_FILE`) configured via environment variables.
  • ⚠️Returning large text file content inline via `get_file` can be token-expensive; the tool explicitly advises using `local_file_path` to save files locally for large/binary content to preserve the context window.
Verified SafeView Analysis
Implements robust path validation (e.g., `validateLocalFilePath`) to prevent path traversal and unauthorized access/writes to sensitive local system directories. Relies on environment variables for API credentials rather than hardcoding. Uses the official `@google-cloud/storage` SDK, reducing direct network implementation risks.
Updated: 2026-01-19GitHub
PreviousPage 63 of 760Next