Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

47
195
High Cost
finite-sample icon

rmcp

by finite-sample

Sec9

Perform sophisticated statistical analysis, econometrics, machine learning, and time series tasks using natural language conversations with AI assistants, demonstrating capabilities through a web interface.

Setup Requirements

  • ⚠️Requires R (4.4.0+) to be installed locally, with a comprehensive ecosystem of up to 429 R packages, which need to be installed.
  • ⚠️The Streamlit demo and Claude web integration require an Anthropic (Claude) API Key, which is a paid service.
  • ⚠️Python 3.10+ is required.
  • ⚠️Docker is recommended for full R integration development and some advanced deployment/testing scenarios.
Verified SafeView Analysis
The project explicitly prioritizes security by design, implementing a Virtual File System (VFS) to restrict file access to allowed paths, a comprehensive 4-tier R package whitelist (429 packages) with security assessments, and a "Universal Operation Approval System" for sensitive operations (e.g., file writing, package installation, system calls). It uses `subprocess` to execute R scripts, which can be risky, but this risk is extensively mitigated by the VFS, package sandboxing, and explicit user/admin approval mechanisms for potentially dangerous R functions like `system()` or `install.packages()`. No hardcoded secrets were identified in the truncated source. The Streamlit app handles API keys as session-only and untracked. CORS is configurable for HTTP transport. It is designed to be safe if configured correctly and used responsibly.
Updated: 2025-12-28GitHub
47
59
Medium Cost
mcpc-tech icon

mcpc

by mcpc-tech

Sec7

Build and compose agentic Model Context Protocol (MCP) servers and tools, enabling AI assistants to discover, integrate, and orchestrate other MCP servers for complex tasks.

Setup Requirements

  • ⚠️Requires Deno runtime environment installed (can use `npx deno run`).
  • ⚠️Requires other MCP servers to be installed and configured (e.g., `desktop-commander`, `lsmcp`, `claude-code-acp`).
  • ⚠️GitHub API integration requires a `GITHUB_PERSONAL_ACCESS_TOKEN` with `repo`, `read:org`, `user` scopes.
  • ⚠️Using AI SDK modes (`ai_sampling`, `ai_acp`) requires a compatible LLM client (e.g., VS Code with Copilot, Claude Desktop) and corresponding API keys for the chosen LLMs.
Verified SafeView Analysis
The project's core functionality involves orchestrating other tools and executing code/commands, which inherently requires flexible permissions. While some examples and CLI usage (`deno run --allow-all`) grant broad access, the `plugin-code-execution` module provides a secure Deno sandbox with granular permission control for user-provided JavaScript code. The framework encourages best practices for handling secrets (e.g., `GITHUB_PERSONAL_ACCESS_TOKEN` via environment variables). A documented `eval` example in plugin documentation includes a warning not to use it in production, which demonstrates awareness but can still be a risk for inexperienced users. Overall, security depends heavily on how users configure and deploy agents, and the trustworthiness of integrated MCP servers.
Updated: 2026-01-19GitHub
47
87
High Cost
microsoft icon

files-mcp-server

by microsoft

Sec6

This server provides a local testing environment for the Model Context Protocol, allowing clients to interact with Microsoft OneDrive and SharePoint resources via contextual tools and resources.

Setup Requirements

  • ⚠️Requires `ODMCP_TENANT_ID` and `ODMCP_CLIENT_ID` environment variables to be set.
  • ⚠️Requires an MCP client that supports the Model Context Protocol.
  • ⚠️Delegated authentication via the 'protected resource flow' is mentioned as being supported by specific clients like Visual Studio Code Insiders, indicating potential client-side requirements for full authentication.
Verified SafeView Analysis
The server implements delegated authentication (`requireAuthentication`) for its primary MCP endpoints, expecting a Bearer token. However, a specific direct file stream route (`/file/*/contentStream`) hardcodes `const token = "fake"`, which would prevent successful access to real Microsoft Graph API content through that endpoint and could lead to confusion or misuse if not carefully understood. The project explicitly states it is for 'DEVELOPER ENVIRONMENT — NOT FOR PRODUCTION'. No direct 'eval' or obfuscation was found. The core MCP communication relies on properly provided tokens.
Updated: 2026-01-07GitHub
47
71
Medium Cost
RamXX icon

mcp-tavily

by RamXX

Sec9

Provides AI-powered web search, answer generation, and news search capabilities to LLMs via the Tavily API for research, fact-finding, and gathering detailed information.

Setup Requirements

  • ⚠️Requires a Tavily API key (Tavily is a paid service).
  • ⚠️Requires Python 3.11 or later.
Verified SafeView Analysis
The Tavily API key is securely managed via environment variables or command-line arguments, not hardcoded. Input validation for parameters is implemented using Pydantic models. Domain list parsing uses `json.loads` within a controlled context, with fallbacks for non-JSON strings, which appears safe. The server interacts via MCP's `stdio_server`, avoiding direct network exposure. External API calls to Tavily are a core function and handled responsibly.
Updated: 2025-11-25GitHub
47
145
Low Cost
jcaromiq icon

goku

by jcaromiq

Sec4

Goku is an HTTP load-testing tool designed for benchmarking and performance analysis of web services; the MCP server allows LLM agents to programmatically interact with this load testing functionality.

Setup Requirements

  • ⚠️Requires Rust toolchain (`cargo`) for building from source or `curl`/`wget` for script installation.
  • ⚠️The MCP server runs as a long-running process and communicates via standard I/O (stdio), requiring proper process management.
Review RequiredView Analysis
The `reqwest` client used for making HTTP requests is configured by default with `danger_accept_invalid_certs(true)`, which disables SSL/TLS certificate validation. This makes all requests vulnerable to man-in-the-middle attacks and should be addressed by either enabling validation by default or providing a clear, configurable option to disable it only when necessary. The MCP server allows arbitrary URL targets for load testing, which, if not properly sandboxed or secured, could be misused by an agent to target internal networks or perform unintended requests.
Updated: 2025-11-25GitHub
47
63
Medium Cost
AzureCosmosDB icon
Sec9

Enables AI assistants (LLMs like Claude, Continue.dev) to interact with and query Azure Cosmos DB databases using natural language.

Setup Requirements

  • ⚠️Requires an existing Azure Cosmos DB account with configured URI, key (or Managed Identity), database, and container.
  • ⚠️Requires Python 3.8 or higher, Node.js 14+ (for JavaScript sample), Go, or Java for respective implementations.
  • ⚠️Claude Desktop integration requires setting up an additional Python proxy script to bridge STDIO to HTTP transport.
Verified SafeView Analysis
The server loads sensitive Cosmos DB credentials from environment variables or a .env file, supporting Azure Managed Identity for enhanced security, which is a good practice. Default network binding is to localhost (127.0.0.1:8080), limiting external exposure. No explicit 'eval' usage or code obfuscation was found. Error handling for tool calls wraps exceptions, preventing direct exposure of internal stack traces, though some generic error messages might reveal operation failure types.
Updated: 2025-11-25GitHub
47
49
High Cost
raine icon
Sec8

An MCP server that allows AI agents like Claude Code to consult stronger, more capable AI models (e.g., GPT-5.2, Gemini 3.0 Pro) for complex code analysis, debugging, and architectural advice.

Setup Requirements

  • ⚠️Requires API keys (e.g., OPENAI_API_KEY, GEMINI_API_KEY, DEEPSEEK_API_KEY) for API mode, which are typically paid services.
  • ⚠️Requires local installation and authentication of `gemini` CLI or `codex` CLI tools if using CLI mode.
  • ⚠️Requires Node.js version 18.0.0 or higher.
Verified SafeView Analysis
The server uses `child_process.spawn` for CLI integrations with `shell: false`, which mitigates direct shell injection. API keys are loaded from environment variables, preventing hardcoding. Input file paths for context (via `processFiles`) are resolved to absolute paths, but direct user input of malicious paths could theoretically lead to unintended file reads, though typically these are controlled by the invoking AI agent. The risk primarily lies with potential vulnerabilities in the external CLI tools (Gemini CLI, Codex CLI) that are invoked, or how they parse constructed prompt/file arguments.
Updated: 2026-01-12GitHub
47
39
Medium Cost
crawlbase icon

crawlbase-mcp

by crawlbase

Sec9

A Model Context Protocol (MCP) server that enables AI agents and LLMs to fetch fresh, structured, real-time web content (HTML, Markdown, screenshots) via Crawlbase's scraping infrastructure.

Setup Requirements

  • ⚠️Requires free/paid Crawlbase API tokens (CRAWLBASE_TOKEN, CRAWLBASE_JS_TOKEN).
  • ⚠️Requires Node.js version >= 18.0.0.
Verified SafeView Analysis
The server uses Zod for robust input validation on all API parameters, significantly reducing injection risks. It handles sensitive tokens by allowing them via environment variables or per-request HTTP headers, which is a good security practice. File system access is limited to reading static `package.json` and controlled debug logs. The use of `sharp` for image processing includes size limits (8000px max dimension) to prevent potential image-bomb attacks. Debug logging, if enabled in production, could potentially expose request details, but this is an opt-in configuration.
Updated: 2025-11-25GitHub
46
63
Medium Cost
heurist-network icon

heurist-mesh-mcp-server

by heurist-network

Sec8

Provides AI models (like Claude) access to Web3 and blockchain tools via the Heurist Mesh API for tasks such as cryptocurrency data analysis, token security review, and social media intelligence.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Requires a Heurist API key to access most tools (free credits available with invite code 'claude').
  • ⚠️Installation requires either UV package manager (recommended) or Docker.
  • ⚠️For Claude Desktop users connecting to an SSE endpoint, `mcp-proxy` is recommended for connectivity.
Verified SafeView Analysis
No 'eval' or obfuscation found. Network calls are made to configurable Heurist Mesh API endpoints. The server relies on the `HEURIST_API_KEY` for authentication with the Heurist Mesh API, which should be managed securely by the user (e.g., via environment variables) to prevent unauthorized access. The code primarily acts as a proxy, so its security is also dependent on the security of the upstream Heurist Mesh API. Input sanitization for tool arguments is handled by the underlying Heurist Mesh API, not explicitly within this server.
Updated: 2026-01-15GitHub
46
55
Medium Cost
StacklokLabs icon

mkp

by StacklokLabs

Sec7

MKP is a Model Context Protocol (MCP) server for Kubernetes, enabling LLM-powered applications to interact with Kubernetes clusters by providing tools for resource listing, getting, applying, deleting, and executing commands.

Setup Requirements

  • ⚠️Requires Go 1.24+ and a Kubernetes cluster with configured kubeconfig.
  • ⚠️Write operations (apply_resource, delete_resource, post_resource) are disabled by default and must be explicitly enabled with `--read-write=true`.
  • ⚠️The 'ExecInPod' capability, if enabled, grants significant access and requires careful Kubernetes RBAC configuration for the server's service account to mitigate security risks.
Verified SafeView Analysis
The server includes an `ExecInPod` functionality, which allows arbitrary command execution within pods. While this is a core feature, it's a high-risk operation and relies heavily on appropriate Kubernetes RBAC configurations for the server's service account to prevent abuse. The server defaults to read-only mode, and write operations must be explicitly enabled via a flag, which is a good security practice. Rate limiting is built-in and enabled by default to protect against excessive API calls. The project maintains a security policy and responsible disclosure process.
Updated: 2026-01-13GitHub
46
21
Low Cost
infobip icon
Sec8

Exposes any OpenAPI documented HTTP API as a Model Context Protocol (MCP) server for AI agents, with support for mock mode and authentication.

Setup Requirements

  • ⚠️Requires Java 21 or newer.
  • ⚠️Docker is the recommended method for building and running the server locally.
  • ⚠️Requires a valid and accessible OpenAPI specification URL to function (or needs to be in mock mode for testing).
  • ⚠️If authentication is enabled, a valid `infobip.openapi.mcp.security.auth.auth-url` endpoint is required.
Verified SafeView Analysis
The framework itself appears well-engineered with explicit handling for authorization headers in core components (ToolHandler, InitialAuthenticationFilter). Authentication is delegated to a configurable external `auth-url`, which is a good security practice. However, the overall security posture heavily depends on the trustworthiness of the provided OpenAPI specification and configured API endpoints. Malicious OpenAPI specifications or API responses could potentially lead to data exposure or prompt injections into AI agents. The 'JSON double serialization mitigation' helps handle malformed LLM inputs, preventing certain types of errors but should not be seen as a replacement for robust input validation on the underlying API. There are no obvious signs of 'eval' or similar dangerous dynamic code execution patterns on untrusted inputs within the provided source.
Updated: 2026-01-19GitHub
46
13
High Cost
OriNachum icon

reachy-mini-mcp

by OriNachum

Sec7

Control a Reachy Mini robot through an MCP or OpenAI-compatible API, enabling dynamic execution of robot movements, gestures, and conversational interactions.

Setup Requirements

  • ⚠️Requires a Reachy Mini Robot (physical or simulated via MuJoCo).
  • ⚠️Requires the Reachy Mini Daemon running and accessible (default: http://localhost:8000).
  • ⚠️Requires Python 3.10+.
  • ⚠️For TTS functionality, requires the 'piper' executable and a compatible voice model (e.g., set `PIPER_MODEL` environment variable).
  • ⚠️Full 'Conversation Stack' including an LLM (e.g., Llama-3.2-3B-Instruct-FP8 via vLLM) requires Docker and GPU hardware for efficient inference.
Verified SafeView Analysis
The server uses dynamic loading of Python scripts from a controlled 'tools_repository/scripts' directory for tool execution via `importlib.util.spec_from_file_location` and `spec.loader.exec_module`. While this is dynamic code execution, it's safer than `eval()` or `exec()` of arbitrary strings, which the `INLINE_REMOVAL_SUMMARY.md` explicitly states have been removed. The `tts_queue.py` module utilizes `subprocess.run` and `subprocess.Popen` to interact with `piper` (TTS) and `aplay` (audio playback); inputs for these commands appear to be reasonably handled (e.g., text via stdin, temporary files for audio) to mitigate injection risks. No obvious hardcoded secrets were found, with environment variables used for configuration. If `server_openai.py` is used, it binds to `0.0.0.0` which means it can be externally accessible if the host's firewall permits, posing a standard network exposure risk. The most significant inherent security consideration is the power of the `operate_robot` tool, especially in its 'sequence mode', when controlled by an external, potentially unconstrained LLM, which could lead to unintended or potentially destructive robot actions.
Updated: 2025-11-21GitHub
PreviousPage 65 of 760Next