Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

47
63
Low Cost
mcpdotdirect icon

template-mcp-server

by mcpdotdirect

Sec9

Provides a CLI tool and template to quickly get started building a Model Context Protocol (MCP) server using FastMCP, supporting both stdio and HTTP transports.

Setup Requirements

  • ⚠️The default scripts in `package.json` (e.g., `npm start`, `npm run dev`) are configured to use Bun as the JavaScript runtime, requiring Bun to be installed in the execution environment.
  • ⚠️Requires Node.js version 18.0.0 or higher.
  • ⚠️Peer dependencies such as 'typescript', '@valibot/to-json-schema', and 'effect' need to be installed separately in the consuming project if not handled automatically by the package manager.
Verified SafeView Analysis
The server implementation relies on the FastMCP framework for protocol handling and uses Zod for robust input parameter validation in tools, which is a good practice for preventing injection attacks. The `create-mcp-server` CLI script performs file system operations typical of a project generator but includes checks (e.g., verifying directory emptiness) to prevent unintended overwrites. No hardcoded secrets, 'eval', or direct command injection vulnerabilities were found in the provided source code. Potential risks are primarily dependent on how FastMCP internally handles argument validation for prompts/resources and any custom logic introduced by the user beyond the template.
Updated: 2025-11-26GitHub
47
14
Medium Cost
mcbodge icon

MudMCP

by mcbodge

Sec9

Provides AI assistants with real-time, structured access to MudBlazor component documentation and code examples via the Model Context Protocol.

Setup Requirements

  • ⚠️Requires .NET 10 SDK (Preview) which may need specific installation steps or have stability considerations.
  • ⚠️Initial startup involves cloning the MudBlazor repository (~500MB), requiring significant disk space and network bandwidth, leading to a slow first run.
Verified SafeView Analysis
The project uses Roslyn for static analysis of a trusted, external MudBlazor repository, not for executing arbitrary user code. Deployment scripts include robust input validation, path traversal protection, and error handling. No hardcoded secrets were found in the truncated code. The `AllowedHosts: *` default in `appsettings.json` is common but should be restricted in production, and deployment documentation correctly advises HTTPS for production environments. Code review for deployment scripts is enforced.
Updated: 2026-01-19GitHub
47
10
High Cost

llms

by matteocervelli

Sec8

A centralized configuration and documentation management system for LLMs, providing tools for building skills, commands, agents, prompts, and managing MCP servers across multiple LLM providers.

Setup Requirements

  • ⚠️Requires Python 3.11+.
  • ⚠️Requires API keys for LLM providers (e.g., Anthropic, OpenAI), which are paid services.
  • ⚠️Uses `uv` for dependency management, which needs to be installed if not already present.
Verified SafeView Analysis
The system interacts with external LLM APIs (Anthropic, OpenAI) which requires secure handling of API keys (e.g., via `.claude/settings.local.json` which is gitignored). It executes local scripts and development hooks. The project itself explicitly integrates security assessments and checks within its `FEATURE-IMPLEMENTER` workflow, which is a positive indicator for the code it generates, but users should be mindful of running any multi-agent system that can execute code.
Updated: 2025-11-17GitHub
47
53
Medium Cost
jenkinsci icon

mcp-server-plugin

by jenkinsci

Sec8

Enables Jenkins to act as a Model Context Protocol (MCP) server, exposing Jenkins functionalities as tools for LLM-powered applications or IDEs.

Setup Requirements

  • ⚠️Requires Jenkins version 2.479 or higher to be pre-installed and running.
  • ⚠️Authentication requires generating a Jenkins API token and using it with HTTP Basic Authentication.
  • ⚠️For enhanced security, explicit system properties must be set to enforce Origin header validation for incoming requests.
Verified SafeView Analysis
The plugin leverages Jenkins' robust security model, requiring Jenkins API tokens for authentication and respecting user permissions (ACL). Origin header validation is implemented and configurable, though it's not strictly enforced by default to facilitate AI agent usage. Dynamic method invocation is constrained to annotated methods on registered extensions, which is standard for Jenkins plugins. Parameter deserialization uses reflection for plugin compatibility but operates within the Jenkins parameter framework. No hardcoded secrets or obvious malicious patterns were found. Running safely requires proper Jenkins security configuration and consideration of the origin header validation settings.
Updated: 2026-01-13GitHub
47
14
Low Cost
contextstream icon

mcp-server

by contextstream

Sec9

Provides AI tools with persistent context, semantic code search, and team knowledge sharing across sessions.

Setup Requirements

  • ⚠️Requires a ContextStream API key for authentication (free plan available, but some features are PRO-gated).
  • ⚠️Node.js runtime version 18 or higher is required.
  • ⚠️Claude Code users are strongly recommended to install provided hooks to ensure AI uses ContextStream search and planning features effectively, overriding default behaviors.
Verified SafeView Analysis
The server primarily operates by making HTTP requests to a configurable API URL (defaulting to contextstream.io) and reading/writing local configuration files. File system operations are generally confined to user home directories or project roots (`.contextstream/config.json`, `~/.contextstream-mappings.json`, `~/.claude/hooks/`) and utilize `path.join` for safer path construction. Sensitive information like API keys is handled via environment variables or headers, aligning with best practices. Embedded Python hooks are provided for specific editor integrations; their source is transparent and they do not execute arbitrary user input. There are no obvious `eval` or direct `child_process.exec` calls with unvalidated user input. The code appears well-structured with security considerations in mind.
Updated: 2026-01-16GitHub
47
54
Medium Cost
greirson icon

mcp-todoist

by greirson

Sec9

Connects Claude with Todoist for comprehensive task and project management through natural language, acting as an AI assistant for productivity.

Setup Requirements

  • ⚠️Requires a Todoist API token, which must be manually obtained from Todoist account settings.
  • ⚠️Reminder Management features (create, update, delete reminders) require a Todoist Pro or Business plan.
  • ⚠️Requires specific JSON configuration to integrate with Claude Desktop or other Model Context Protocol (MCP) clients.
Verified SafeView Analysis
The server demonstrates strong security practices including retrieving the Todoist API token from environment variables, comprehensive input validation and sanitization (XSS, script injection, SQL injection patterns, safe URL protocols, allowed file types for attachments) via `src/validation.ts`, and a `DryRunWrapper` to simulate mutations without making real changes when enabled. A critical fix for a bulk operation vulnerability (Issue #34) highlights a proactive approach to security. While exhaustive security is never guaranteed, the codebase shows a high level of diligence.
Updated: 2026-01-17GitHub
47
9
Low Cost
For-Sunny icon
Sec9

Production-grade GPU-accelerated vector memory for AI applications, providing secure and high-performance vector search.

Setup Requirements

  • ⚠️Requires an NVIDIA GPU with CUDA support for optimal sub-2ms performance (CPU-only mode is slower).
  • ⚠️A separate Python tether service (e.g., 'tether_faiss_complete.py' from the RESEARCH_TOOLS directory) must be running and accessible via TCP socket on a specified host and port (e.g., localhost:9997).
  • ⚠️A secure 32-character hex 'TETHER_SECRET' must be generated and consistently configured as an environment variable for both the Node.js MCP server and the Python tether for authentication to succeed.
Verified SafeView Analysis
Implements robust HMAC-SHA256 authentication for communication, replay protection via timestamp validation (MAX_TIMESTAMP_DRIFT), and input validation with Zod schemas. Error responses are sanitized (stack traces are suppressed). Relies on a securely generated 'TETHER_SECRET' environment variable for authentication, which is critical for preventing unauthorized access to the underlying Faiss tether. Communication with the Python tether is via TCP socket, making network security important.
Updated: 2025-12-05GitHub
47
52
Medium Cost
jonigl icon
Sec2

Provides an API layer in front of the Ollama API, seamlessly adding tools from multiple MCP servers so every Ollama request can access all connected tools transparently.

Setup Requirements

  • ⚠️Requires an Ollama server running (local or remote).
  • ⚠️Requires a `mcp-config.json` file defining MCP servers.
  • ⚠️Requires Python 3.10.15 or newer.
Review RequiredView Analysis
The bridge allows configuration of Model Context Protocol (MCP) servers via a `mcp-config.json` file. When configuring `stdio` transport, the `command` and `args` fields in this file are executed as shell commands on the host machine. If `mcp-config.json` is not trusted or can be manipulated by an attacker, this can lead to arbitrary code execution, which is a critical security risk. Environment variables, either directly retrieved via `os.getenv` or expanded from `${env:VAR_NAME}` within the configuration, can influence server behavior including commands executed or URLs accessed, posing an injection risk if untrusted. The default `CORS_ORIGINS` is `*`, which allows all origins and is not recommended for production environments.
Updated: 2026-01-16GitHub
47
62
Medium Cost
barryyip0625 icon

mcp-discord

by barryyip0625

Sec9

Enables AI assistants to interact with the Discord platform by providing a set of Discord-related functionalities via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires a Discord bot with a token and specific privileged intents enabled (Message Content, Server Members, Presence) in the Discord Developer Portal.
  • ⚠️The Discord bot must be added to the target Discord server(s) with appropriate permissions (e.g., Administrator or specific granular permissions like Send Messages, Manage Channels, etc.).
  • ⚠️Requires Node.js v16.0.0+ and npm v7.0.0+ to run locally.
Verified SafeView Analysis
The server uses standard practices for Discord bot development, including robust error handling and input validation (Zod schemas). Discord bot tokens are handled via environment variables or command line arguments, preventing hardcoding. There are no obvious signs of 'eval' or other direct arbitrary code execution vulnerabilities. The `searchMessagesHandler` properly uses `URLSearchParams` for constructing API queries, minimizing injection risks. The system requires specific Discord bot intents and server permissions, which is standard for Discord integrations.
Updated: 2026-01-13GitHub
47
38
Medium Cost
ssakone icon

pb_mcp_server

by ssakone

Sec8

Provides an MCP interface for AI assistants to interact with PocketBase databases for data management, authentication, and administrative tasks.

Setup Requirements

  • ⚠️Requires Node.js version 18.0.0 or higher.
  • ⚠️Requires a running PocketBase instance accessible at the configured URL (default: http://127.0.0.1:8090).
  • ⚠️Many administrative and user management operations require PocketBase admin credentials for full functionality.
Verified SafeView Analysis
The server uses environment variables for sensitive configuration (PocketBase URL, admin credentials), which is good practice. It implements session management and explicit authentication checks for privileged operations. A robust testing suite (including property-based tests) significantly enhances reliability and security posture. The 'send_custom_request' tool is very powerful, allowing raw HTTP requests to any PocketBase API endpoint, potentially with admin privileges. While flexible, this tool poses a significant risk if the MCP server itself is exposed publicly or used in an untrusted environment, as a compromised client could perform arbitrary actions on the PocketBase instance. However, in its intended local/trusted MCP client deployment, this is a feature rather than a vulnerability.
Updated: 2025-11-29GitHub
47
80
Medium Cost
keboola icon

mcp-server

by keboola

Sec1

Keboola MCP Server acts as an open-source bridge connecting Keboola projects with modern AI agents (e.g., Claude, Cursor, CrewAI, LangChain). It exposes Keboola features like data storage access, SQL transformations, job triggers, and data app management as callable tools for AI assistants, enabling them to interact with and manage data in Keboola without manual glue code.

Setup Requirements

  • ⚠️Requires a Keboola project and a valid Keboola API token for operation.
  • ⚠️Local setup requires careful configuration of OAuth client credentials and the MCP server's URL.
  • ⚠️Python 3.9+ is required to run the server locally.
Review RequiredView Analysis
Critical SQL Injection Risk: The `query_data` tool (used in `tools/sql.py` and potentially injected into `data_apps`) directly passes user-provided SQL queries to the backend without explicit sanitization by the tool itself. If AI agents construct these queries from untrusted user input, it creates a severe SQL injection vulnerability. High Arbitrary Code Execution Risk: The `modify_data_app` tool accepts `source_code` as input, which is then executed as a Streamlit application. An AI agent, if compromised or given malicious instructions, could inject arbitrary Python code into these data apps, potentially leading to unauthorized actions within the sandboxed environment. Medium OAuth Redirect URI Whitelist Concerns: The OAuth provider validates `https` redirect URIs against a predefined whitelist but allows arbitrary custom URI schemes. While custom schemes typically require client-side registration, this approach could be exploited if a local system has a vulnerable handler for a custom scheme or if the `https` whitelist is incomplete. Low Risk from Debugging Flag: The `KEBOOLA_MCP_SERVER_OAUTH_LOG_ALL` environment variable, if enabled in a production environment, could expose sensitive OAuth token details in server logs.
Updated: 2026-01-19GitHub
47
52
Medium Cost
gavdilabs icon

cap-mcp-plugin

by gavdilabs

Sec9

Integrate SAP CAP services with the Model Context Protocol (MCP) to expose them as AI-accessible resources, tools, and prompts for natural language interaction and automation.

Setup Requirements

  • ⚠️Requires SAP Cloud Application Programming Model (CAP) version 9+ and Express version 4+ to run.
  • ⚠️For authentication (XSUAA/IAS), OAuth credentials (client ID, client secret, URL) must be configured externally in CAP's environment settings (`cds.env.requires.auth.credentials`).
  • ⚠️A custom URI template workaround is implemented for an MCP SDK bug, which might require attention if the SDK is updated.
Verified SafeView Analysis
The server implements robust security measures including input validation (Zod, ODataQueryValidator with forbidden patterns), sanitization of environment variables, and leverages CAP's authentication and authorization system (inheriting roles and restrictions). It uses helmet for HTTP security headers and CORS. OAuth integration relies on @sap/xssec for token validation and exchange. Potential area of concern includes `cds.parse.expr` for OData filters, though it's heavily mitigated by prior validation.
Updated: 2026-01-13GitHub
PreviousPage 64 of 760Next