Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(7756)

46
28
Low Cost
Daniel09Fernandes icon

DMCPServer

by Daniel09Fernandes

Sec8

DMCPServer allows Delphi developers to create and expose Master Control Protocol (MCP) servers, enabling integration with AI platforms like Claude for external tool execution and resource management.

Setup Requirements

  • ⚠️Requires Delphi development environment
  • ⚠️Requires `boss` package manager
  • ⚠️Requires a specific port for HTTP protocol
Verified SafeView Analysis
The provided code snippets demonstrate good practices for input parameter extraction and validation within registered actions. The core server implementation (HTTP/STDIO handling) is not fully exposed, so standard web security considerations (e.g., DoS protection, robust header parsing, proper error codes) are assumed to be handled securely by the underlying framework. No 'eval' or direct malicious patterns are present in the shown code.
Updated: 2025-11-27GitHub
46
22
Medium Cost
commerce-operations-foundation icon

mcp-reference-server

by commerce-operations-foundation

Sec7

The Commerce Operations Foundation MCP Server standardizes the interface between AI agents (like Claude) and fulfillment systems, enabling AI to manage e-commerce operations like order capture, inventory, and fulfillment via plug-and-play adapters.

Setup Requirements

  • ⚠️Requires Node.js 18+ installed.
  • ⚠️Custom adapters can be loaded dynamically from NPM or local files, requiring careful vetting of their source code due to inherent security risks (full system permissions upon loading).
  • ⚠️The `ADAPTER_CONFIG` environment variable must contain valid JSON.
Verified SafeView Analysis
The server explicitly uses dynamic imports to load adapters from NPM packages or local files (`AdapterFactory`). This design, while enabling flexibility, poses a significant security risk if adapters from untrusted sources are loaded, as they execute with full system permissions. The `README.md` and `AdapterFactory` code itself acknowledge this warning. `ApiClient` handles API keys (e.g., `X-API-Key`), which are sensitive credentials and must be managed securely (e.g., via environment variables). A `LogSanitizer` is implemented to redact sensitive data in logs, which is a good practice. Overall, safe operation relies heavily on trusted adapter sources and a secure deployment environment (e.g., containerization, whitelisting).
Updated: 2025-11-25GitHub
46
90
High Cost
ruanrongman icon

IntelliConnect

by ruanrongman

Sec7

Backend service for an intelligent IoT platform, integrating AI agents and physical device control.

Setup Requirements

  • ⚠️Requires Docker for easy setup of MySQL, Redis, EMQX, and InfluxDB.
  • ⚠️Requires Java 17 runtime environment.
  • ⚠️Requires an EMQX cluster with exhook configured for MQTT message processing.
  • ⚠️Requires API keys for various external Large Language Models (LLMs) and potentially other AI services (e.g., Dashscope, GLM, DeepSeek, SiliconFlow, UniApi).
  • ⚠️Knowledge base (RAG) functionality depends on a ChromaDB instance.
Verified SafeView Analysis
The project uses standard Spring Security with JWT for authentication and authorization. Secrets are externalized into configuration. A JavaScript sandbox (NashornSandbox) is present for script execution, which is a potential attack vector if not configured securely, although parameters for resource limits are provided. The CORS configuration is permissive ('*') which is suitable for development but should be restricted in a production environment. No obvious malicious patterns were detected.
Updated: 2025-12-09GitHub
46
47
Low Cost
Azure icon
Sec8

Enables AI assistants to interact with and debug Kubernetes clusters by translating natural language requests into Kubernetes operations.

Setup Requirements

  • ⚠️Requires `kubectl` to be installed and in PATH. Additional CLIs (`helm`, `cilium`, `hubble`) are required if enabled via `--additional-tools` flag.
  • ⚠️Requires a valid Kubernetes `kubeconfig` file accessible in the environment.
  • ⚠️Designed to be integrated with an AI client (e.g., AutoGen, GitHub Copilot) that supports the Model Context Protocol (MCP), requiring client-side setup.
Verified SafeView Analysis
The server uses `shlex.Split` for parsing commands, which is safer than simple string splitting, but still executes external CLI tools via `exec.CommandContext`. A robust security model is implemented with `--access-level` (readonly, readwrite, admin) and `--allow-namespaces` flags, which filter allowed operations and namespaces. However, the effectiveness heavily relies on the completeness and correctness of the command validation logic (`pkg/security/validator.go`) to prevent all potential command injection or unauthorized access, which is complex for arbitrary CLI commands. Telemetry is collected by default (opt-out), including a hashed device ID (derived from MAC address), which is a privacy consideration.
Updated: 2025-12-12GitHub
46
59
High Cost
The-AI-Alliance icon

gofannon

by The-AI-Alliance

Sec1

Gofannon is a web application designed for subject matter experts to rapidly prototype AI agents, compose tools, integrate data sources, define decision paths, and design lightweight web UIs to wrap them, enabling quick iteration and sharing of agent-driven experiences.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose for full local setup.
  • ⚠️Requires Node.js (v18+) and pnpm (v8+) for frontend development.
  • ⚠️Requires Python (v3.10+) and pip for backend development.
  • ⚠️Full AI functionality requires API keys for OpenAI, Google Gemini, Anthropic, or local Ollama instances.
  • ⚠️Admin panel is disabled by default and needs `VITE_ADMIN_PANEL_ENABLED=true` and `ADMIN_PANEL_PASSWORD` environment variables to be activated.
Review RequiredView Analysis
The server's Python backend (specifically `_execute_agent_code` in `webapp/packages/api/user-service/dependencies.py`) directly uses `exec()` to run user-generated Python code. Critically, it passes the full `__builtins__` module to the execution context, making standard Python functions like `open()`, `os.system()`, `subprocess.run()`, and `eval()` fully available to the executed code. This is an extremely severe vulnerability, as a malicious user can write agent code to execute arbitrary system commands, read/write any files accessible to the server process, exfiltrate environment variables, or make arbitrary network requests (e.g., using `httpx.AsyncClient()` which is also available). Additionally, the `McpClientService` allows making HTTP requests to user-provided URLs without domain validation when listing tools, posing a Server-Side Request Forgery (SSRF) risk. The default CORS policy of `allow_origins=["*"]` in development mode is also a concern if unintentionally deployed to production. Due to the direct and unrestricted arbitrary code execution from user input, this system is highly insecure if exposed to untrusted users.
Updated: 2025-12-12GitHub
45
8
Low Cost
athola icon
Sec9

Acts as a skills support engine for Claude Code and Codex CLI, validating, analyzing, and syncing skills bidirectionally between both CLIs, and serving them via MCP.

Setup Requirements

  • ⚠️Requires Rust toolchain >= 1.75 for building from source or `cargo install`.
  • ⚠️`SKRILLS_CODEX_API_KEY` or `SKRILLS_CLAUDE_API_KEY` are required for subagent functionality, typically involving paid services.
  • ⚠️The installation script may require `jq` or `python3` as a fallback for JSON processing if `jq` is not found.
Verified SafeView Analysis
The project has a highly detailed threat model, outlines implemented and planned security controls (e.g., path canonicalization, JSON schema validation for MCP messages, no server-side execution of skill content, ephemeral prompt storage), and actively uses security tooling like `cargo audit` and CodeQL. The primary risk identified is the `sh -c` command execution for launching subagents, where `agent.path` (a filesystem path) is directly interpolated. While contextualized for local execution and relying on the external `codex` CLI, it's a point where shell injection could theoretically occur if `agent.path` itself were maliciously crafted or if `codex` is vulnerable. However, extensive security documentation and practices indicate a strong focus on security.
Updated: 2025-12-14GitHub
45
38
Medium Cost
PagerDuty icon
Sec9

Provides tools to interact with the PagerDuty API, allowing MCP-enabled AI clients/agents to manage incidents, services, schedules, and event orchestrations.

Setup Requirements

  • ⚠️Requires 'asdf-vm' and 'uv' for environment management.
  • ⚠️Requires a PagerDuty User API Token (not account-level) with appropriate permissions.
  • ⚠️Requires Python 3.12 or newer.
Verified SafeView Analysis
Secrets (PAGERDUTY_USER_API_KEY, PAGERDUTY_API_HOST) are loaded from environment variables, which is a good practice. Write operations are explicitly disabled by default and require a `--enable-write-tools` flag for activation, significantly reducing the risk of accidental destructive actions. The server acts as a wrapper for the PagerDuty API; therefore, the primary security consideration is the scope of permissions granted to the PagerDuty User API Token by the user. No direct 'eval' or command injection vulnerabilities observed.
Updated: 2025-12-10GitHub
45
10
Medium Cost
julymetodiev icon

post-cortex

by julymetodiev

Sec9

Post-Cortex is an MCP server that provides AI assistants with long-term memory, storing conversations, decisions, and insights in a searchable knowledge base with automatic entity extraction and semantic search capabilities.

Setup Requirements

  • ⚠️To enable full semantic search, the server must be built with the 'embeddings' feature (`cargo build --release --features embeddings`), which involves downloading local AI models.
  • ⚠️Requires manual configuration in `~/Library/Application Support/Claude/claude_desktop_config.json` for integration with Claude Desktop.
  • ⚠️Database is locked by another process (likely the daemon) if you try to use `pcx export` or `pcx import` without stopping the daemon first, requiring a daemon restart or `pkill`.
Verified SafeView Analysis
The server is implemented in Rust, which offers strong memory safety. A key feature is 'Privacy-First - All processing runs locally, no external APIs', significantly reducing network-based security risks and reliance on third-party services. The daemon mode binds to localhost (127.0.0.1) by default, limiting external exposure. Data is stored locally in '~/.post-cortex/data'. Export/Import functionality exists but is user-initiated. No 'eval' or similar dynamic code execution risks were found in the truncated source code. Overall, the design prioritizes local processing and uses robust language features, making it highly secure against common vulnerabilities.
Updated: 2025-12-14GitHub
45
46
Low Cost
Sec8

A backend HTTP server likely used as a control plane or for data collection/processing within an observability or monitoring system.

Setup Requirements

  • ⚠️Docker required to build and run the containerized server.
  • ⚠️Go compiler (v1.16+) required if building and running directly without Docker.
Verified SafeView Analysis
The project uses Go, which generally provides strong type safety and memory management, reducing common classes of vulnerabilities. No 'eval' or obvious obfuscation is apparent from file names. As an HTTP server, standard network risks (e.g., DoS, unauthenticated access) are present; however, without source code review, specific vulnerabilities cannot be identified. Running in a controlled environment with proper access controls is recommended.
Updated: 2025-11-18GitHub
45
8
Low Cost
athola icon

skrills

by athola

Sec5

A skills support engine for Claude Code and Codex CLI that validates, analyzes, and synchronizes skills bidirectionally.

Setup Requirements

  • ⚠️Requires API keys (e.g., SKRILLS_CODEX_API_KEY, SKRILLS_CLAUDE_API_KEY) for subagent functionality, which typically involve paid services.
  • ⚠️Building from source requires a Rust toolchain (>= 1.75 recommended).
  • ⚠️Installation may fall back to `jq` or `python3` if the client's `claude` CLI is not available.
Review RequiredView Analysis
The server runs locally over stdio by default, limiting direct network exposure. However, the `skrills agent` command executes shell commands constructed using the path of a discovered agent (e.g., `codex --yolo exec 'Load agent spec at {}'`). If a malicious `AGENT.md` file is introduced into a skill discovery path, this can lead to arbitrary command execution (Remote Code Execution) on the user's system. While the project includes a detailed threat model and mentions path canonicalization, the core mechanism of executing user-defined/discovered commands remains a significant vulnerability, particularly for 'Skill Injection Attacks' as acknowledged in the `threat-model.md`. Subagent backends also make external API calls requiring API keys from environment variables.
Updated: 2025-12-14GitHub
45
53
Low Cost
openSVM icon
Sec9

Provides a unified Multi-Chain Protocol (MCP) server for Solana RPC methods, network management, and optional monetized access via the x402 payment protocol, supporting stdio, HTTP, and WebSocket transports.

Setup Requirements

  • ⚠️Requires Rust toolchain installed for building and running.
  • ⚠️Requires a running Solana RPC endpoint (configurable via SOLANA_RPC_URL or config.json).
  • ⚠️If the x402 payment protocol feature is enabled, it requires an external facilitator service (configured via facilitator_base_url in X402Config).
Verified SafeView Analysis
The server demonstrates strong security practices including explicit HTTPS enforcement for RPC URLs (`validate_rpc_url`), comprehensive input validation for network configuration, and active redaction/sanitization of sensitive data for logging (`sanitize_for_logging`). Custom error handling (`McpError`) prevents information leakage to clients. If the x402 payment protocol feature is enabled, it includes robust validation of payment transactions (e.g., `validate_svm_exact_payment`), ensuring strict adherence to expected instruction layouts and compute unit pricing to prevent malicious payments.
Updated: 2025-12-13GitHub
45
42
Medium Cost
ProfessionalWiki icon

MediaWiki-MCP-Server

by ProfessionalWiki

Sec8

Enables Large Language Model (LLM) clients to interact with and manage content on any MediaWiki wiki.

Setup Requirements

  • ⚠️A `config.json` file is required for interacting with private wikis or using authenticated tools.
  • ⚠️Authentication setup (OAuth2 token or bot username/password) is mandatory for tools marked with a lock icon (e.g., `create-page`, `update-page`, `delete-page`, `upload-file`).
Verified SafeView Analysis
The server correctly handles authentication (OAuth2 or bot passwords) for sensitive operations and explicitly sanitizes configuration to prevent credential exposure in resource content. Potential risks include Server-Side Request Forgery (SSRF) if the `upload-file-from-url` tool is misused with unvalidated URLs, allowing the LLM to access internal network resources. The `filepath` parameter in `upload-file` relies on the environment where the server runs and does not include explicit path validation, which could be problematic if the server is run in an untrusted environment where LLMs can specify arbitrary local paths.
Updated: 2025-12-08GitHub
PreviousPage 65 of 647Next