Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(7756)

46
55
Medium Cost
joelhooks icon

logseq-mcp-tools

by joelhooks

Sec8

Provides AI assistants structured access to a Logseq knowledge graph for retrieval, summarization, analysis, and modification.

Setup Requirements

  • ⚠️Requires Logseq to be running with the HTTP API enabled and an authentication token configured.
  • ⚠️For Claude Desktop integration, Node.js needs to be installed system-wide (e.g., via Homebrew) to avoid conflicts with version managers.
  • ⚠️Absolute path to `index.ts` is crucial for client configurations (Claude Desktop, Cursor, Junie).
Verified SafeView Analysis
The server securely handles the Logseq authentication token via environment variables. It primarily interacts with a local Logseq instance, limiting network exposure. Tools that execute DataScript queries (`smartQuery`) use predefined templates to reduce direct injection risks from user input. The main 'risk' is the inherent capability of AI to modify the Logseq graph via tools like `createPage`, `addJournalEntry`, and `addNoteContent`, which requires careful permission management of the AI client itself.
Updated: 2025-12-01GitHub
46
58
High Cost
docdyhr icon

mcp-wordpress

by docdyhr

Sec9

Acts as an AI-driven WordPress management server, providing tools for SEO optimization, content management, performance monitoring, and secure API interactions.

Setup Requirements

  • ⚠️Requires a running WordPress instance (local or remote) with REST API enabled and accessible.
  • ⚠️Requires WordPress Application Passwords or JWT Authentication plugin for robust authentication setup.
  • ⚠️Requires environment variables for WordPress connection details and credentials (e.g., WORDPRESS_SITE_URL, WORDPRESS_USERNAME, WORDPRESS_APP_PASSWORD).
Verified SafeView Analysis
The server implements extensive security features including robust input validation (Zod schemas, `InputSanitizer`), multiple authentication methods (App Passwords, JWT, Basic, API Key) managed securely via environment variables, rate limiting, and structured logging with sensitive data redaction. URL sanitization prevents common network-based attacks. The `src/security` directory contains modules for AI-driven scanning, code review, automated remediation, monitoring, and CI pipeline integration, indicating a strong focus on security best practices. No `eval` is found in the core server runtime, and external API integrations handle secrets via environment variables. File paths are handled carefully to prevent traversal.
Updated: 2025-11-20GitHub
46
40
Medium Cost
contentful icon
Sec9

This MCP server enables AI assistants to manage Contentful content, assets, and workflows using natural language.

Setup Requirements

  • ⚠️Requires Contentful Space ID and a Contentful Management API Personal Access Token to be configured via environment variables.
  • ⚠️The `get_initial_context` tool must be called first to initialize the connection and retrieve usage instructions before any other tools can be used.
  • ⚠️Batch operations for publishing/unpublishing assets and entries are limited to 100 items. Archiving/unarchiving multiple assets/entries is processed sequentially and will stop at the first failure.
Verified SafeView Analysis
The project follows secure practices for handling Contentful Management API tokens, requiring them to be provided via environment variables. No hardcoded secrets, 'eval', or code obfuscation are apparent in the provided source. It relies on well-known Contentful SDKs and tools (`contentful-management`, `contentful-export`, `contentful-import`), assuming their inherent security. The clear separation of concerns and explicit parameter handling contribute to a robust security posture.
Updated: 2025-12-12GitHub
46
7
Medium Cost
yutakobayashidev icon

ava

by yutakobayashidev

Sec9

AI-powered progress tracking and communication tool for developers, integrating with coding agents and Slack to reduce context switching.

Setup Requirements

  • ⚠️Requires Node.js 18+
  • ⚠️Requires Docker & Docker Compose for PostgreSQL database
  • ⚠️Detailed Slack App setup required (creating app, configuring OAuth, scopes, slash commands, interaction URLs)
  • ⚠️Requires OpenAI API Key (paid tier recommended for consistent use)
  • ⚠️Requires Stripe account and API Key (for subscription features)
Verified SafeView Analysis
The project demonstrates strong security practices including OAuth 2.1 with PKCE, Slack request signature verification, timing-safe comparisons for sensitive data, robust input validation using Zod, and secure environment variable handling. Event sourcing pattern enhances data integrity and auditability. External client metadata fetching includes size limits, timeouts, and validation. No obvious 'eval' or obfuscation found.
Updated: 2025-12-13GitHub
46
33
Low Cost
PromptExecution icon

just-mcp

by PromptExecution

Sec3

Provides an MCP (Model Context Protocol) server for AI agents to discover, execute, and introspect Justfile recipes, enabling automated build and task management without direct shell access.

Review RequiredView Analysis
The `executor.rs` module directly substitutes user-provided arguments (via the `run_recipe` tool) and Justfile variables into shell commands executed with `sh -c`. This design pattern is highly vulnerable to command injection, as malicious input in arguments or variables could execute arbitrary code on the host system. The claim of being 'Safer Than Raw Bash Access' is not supported by the current implementation which directly uses `sh -c` with interpolated user input.
Updated: 2025-12-03GitHub
46
48
Medium Cost
mahdin75 icon

geoserver-mcp

by mahdin75

Sec8

Enables Large Language Models (LLMs) to interact with and manage geospatial data and services through the GeoServer REST API.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️A running GeoServer instance with REST API enabled is prerequisite.
  • ⚠️Requires GeoServer connection details (URL, username, password) to be provided via environment variables or command-line arguments.
  • ⚠️If using Docker, ensure the `--storage` directory is mounted as a volume for file-related operations.
Verified SafeView Analysis
The server uses environment variables or command-line arguments for GeoServer credentials (URL, username, password), which is good practice to avoid hardcoding. There are no obvious `eval` or `os.system` calls with unvalidated user input that would indicate direct code injection vulnerabilities. The `resolve_storage_path` function attempts to sandbox file operations to a specified base directory if `--storage` is provided, which mitigates some path traversal risks for file uploads. The primary security consideration is the extensive administrative control granted over GeoServer (e.g., creating/deleting workspaces, layers, users). If the GeoServer instance is not properly secured, or if the LLM is given overly permissive access, a compromised LLM or a malicious prompt could lead to data manipulation, deletion, or exposure.
Updated: 2025-12-13GitHub
46
52
Medium Cost
rashidazarang icon

airtable-mcp

by rashidazarang

Sec9

The server acts as an AI agent for Airtable, enabling natural language interaction with Airtable bases, tables, records, schemas, and webhooks, and providing AI-powered analytics and automation features through the Model Context Protocol.

Setup Requirements

  • ⚠️Requires an Airtable Personal Access Token (PAT) with specific scopes (e.g., data.records:read/write, schema.bases:read/write, webhook:manage).
  • ⚠️Requires Node.js >=18.0.0 and Python 3.10+ to run all implementations.
  • ⚠️Needs a compatible MCP client application (e.g., Claude Desktop, Cursor, Zed) to function, as it's not a standalone UI.
Verified SafeView Analysis
The project demonstrates a strong focus on security, explicitly addressing and fixing past XSS and command injection vulnerabilities (v3.2.4, v3.2.3 release notes). Input validation, URL encoding, and PII masking are implemented across the TypeScript and JavaScript codebases. OAuth2 with PKCE adds a layer of authentication security. The Python implementation utilizes the `requests` library, which generally handles parameter encoding safely. A minor concern is the use of `ast.literal_eval` in the Python `inspector_server.py` for parsing `config_json`; while intended for controlled Smithery configuration, `ast.literal_eval` can be a high-risk function if input is not fully trusted. Overall, the proactive security fixes and robust implementation practices make the server generally safe to run.
Updated: 2025-12-01GitHub
46
42
Medium Cost
jonigl icon
Sec5

Proxies Ollama API requests, enriching /api/chat with tools from multiple Model Context Protocol (MCP) servers and orchestrating multi-round tool execution.

Setup Requirements

  • ⚠️Requires a running Ollama server (local or remote).
  • ⚠️Requires a 'mcp-config.json' file for defining MCP servers, which must be correctly formatted and accessible.
  • ⚠️Requires Python >= 3.10.15.
Verified SafeView Analysis
The server allows defining local MCP servers via 'command' in 'mcp-config.json'. This enables arbitrary command execution on the host system based on the configuration file, posing a significant security risk if the 'mcp-config.json' is compromised or not securely managed. Additionally, the default 'CORS_ORIGINS' setting of '*' allows requests from all origins, which is explicitly warned against for production environments and could lead to Cross-Origin Request Forgery (CSRF) vulnerabilities if not properly configured by the user. Ensure 'mcp-config.json' is secure and 'CORS_ORIGINS' is restricted to trusted domains.
Updated: 2025-12-13GitHub
46
51
Medium Cost
hloiseau icon

mcp-gopls

by hloiseau

Sec9

An MCP server that enables AI assistants to utilize Go's Language Server Protocol (gopls) for advanced code analysis, navigation, refactoring, and execution of Go tooling within Go workspaces.

Setup Requirements

  • ⚠️Requires Go 1.25+ to be installed.
  • ⚠️Requires 'gopls' to be installed (go install golang.org/x/tools/gopls@latest).
  • ⚠️Requires the '--workspace' flag or MCP_GOPLS_WORKSPACE environment variable to specify the absolute path to the Go project root.
  • ⚠️Requires specific JSON configuration within the AI client (e.g., Cursor, Claude Desktop, GitHub Copilot) to connect to the MCP server.
Verified SafeView Analysis
The project's core functionality involves executing external Go development tools (go, gopls, govulncheck). While this introduces a reliance on the security of these external binaries, the project itself does not show signs of direct 'eval' usage, obfuscation, or hardcoded secrets. It manages environment variables like GOTOOLCHAIN for its subprocesses to ensure consistent behavior. Users should be aware that granting AI access to this tool allows it to execute Go commands within the specified workspace.
Updated: 2025-11-25GitHub
46
66
Low Cost
loonghao icon
Sec9

An MCP-compliant server enabling AI assistants to send various message types (text, markdown, images, files) to WeCom (WeChat Work) groups via webhooks.

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️A WeCom (WeChat Work) bot webhook URL must be configured as the WECOM_WEBHOOK_URL environment variable.
Verified SafeView Analysis
The server securely handles the WeCom webhook URL via environment variables, without hardcoding. It performs input validation for message content and type. External network calls use `aiohttp`, and communication with WeCom relies on the `notify-bridge` library, abstracting the underlying API interactions. File and image paths are validated for existence and type before sending. There is no usage of `eval` or obvious obfuscation. A score of 9 is given as `notify-bridge` is an external dependency whose internal security aspects are not part of this codebase's audit.
Updated: 2025-12-14GitHub
46
102
Medium Cost
KatherLab icon

STAMP

by KatherLab

Sec2

Enable LLM agents to orchestrate and interact with STAMP's computational pathology tools for whole-slide image analysis, biomarker prediction, model training, and inference.

Setup Requirements

  • ⚠️Requires `uv` package manager (version 0.8.5+)
  • ⚠️Requires system-level OpenCV dependencies (e.g., `libgl1-mesa-glx` on Ubuntu)
  • ⚠️Many advanced models and GPU features require specific CUDA compute capabilities (e.g., COBRA needs 8.0+) and can have high memory demands during compilation (`flash-attn`, `mamba-ssm`).
  • ⚠️Some models may require access to gated HuggingFace repositories, potentially requiring manual authentication.
  • ⚠️Server timeout for long-running tasks (e.g., preprocessing, cross-validation) needs to be adjusted in client configuration to avoid connection drops.
Review RequiredView Analysis
The server uses `subprocess.run()` to execute `stamp` CLI commands, with the `mode` and `config` parameters directly derived from user input (LLM agent calls). This creates a critical command injection vulnerability where a malicious actor or agent could craft inputs to execute arbitrary system commands, potentially leading to data exfiltration, system compromise, or denial of service. While `_resolve_path` attempts to restrict file system access for `read_file` and `list_files`, it does not mitigate the risk from `subprocess.run` in `_run_stamp` which can bypass file system restrictions entirely. The `stamp` CLI itself may have further vulnerabilities not audited here.
Updated: 2025-12-04GitHub
46
6
Low Cost
can1357 icon

agentx

by can1357

Sec9

AI-native terminal issue tracker for developers, providing structured task management, Git integration, and a Model Context Protocol server for agent interaction.

Setup Requirements

  • ⚠️Requires Rust toolchain (compiler and Cargo) for building and installation.
  • ⚠️Requires Git installed and configured locally for Git integration features (branch creation, commits).
Verified SafeView Analysis
The MCP server operates over standard input/output (stdio), which limits direct network exposure. File system and Git operations are performed, but these are tied to explicit issue management commands and parameter validation is in place. No dynamic code execution (e.g., 'eval') based on user input or hardcoded sensitive information was observed in the provided source code. The primary security consideration would be the integrity of the upstream MCP client feeding commands via stdio.
Updated: 2025-11-24GitHub
PreviousPage 64 of 647Next