Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

46
91
Medium Cost
opensearch-project icon

opensearch-mcp-server-py

by opensearch-project

Sec9

Enables AI assistants and LLMs to interact with OpenSearch clusters by providing a standardized Model Context Protocol (MCP) interface through built-in and dynamic tools.

Setup Requirements

  • ⚠️Requires a running OpenSearch cluster to connect to.
  • ⚠️Authentication (IAM roles, AWS profiles, basic auth) needs careful configuration via environment variables or a YAML config file.
  • ⚠️Requires Python 3.10+.
  • ⚠️Recommended to install 'uv' for streamlined dependency management and execution via 'uvx'.
Verified SafeView Analysis
The server employs robust input validation through Pydantic models, structured authentication methods (IAM, Basic, AWS credentials, Header-based), configurable SSL verification, and active response size limiting to prevent memory exhaustion. Write operations via the GenericOpenSearchApiTool are protected by an explicit configuration setting (OPENSEARCH_SETTINGS_ALLOW_WRITE). No obvious 'eval' or hardcoded production secrets were found. The primary security consideration is user misconfiguration (e.g., enabling OPENSEARCH_NO_AUTH in production or allowing unrestricted write operations via GenericOpenSearchApiTool if not needed).
Updated: 2026-01-05GitHub
46
212
Medium Cost
ivo-toby icon
Sec9

A Model Context Protocol (MCP) server that exposes OpenAPI endpoints as MCP tools, along with optional support for MCP prompts and resources, enabling Large Language Models to interact with REST APIs.

Setup Requirements

  • ⚠️Requires a valid OpenAPI specification (URL, file path, stdin, or inline content) to be provided at startup.
  • ⚠️Requires an API base URL (--api-base-url or API_BASE_URL) for the target API.
  • ⚠️For APIs with complex authentication (e.g., expiring tokens, refresh tokens), a custom AuthProvider implementation is recommended/required, often involving manual token extraction from a browser session (as demonstrated in the Beatport example).
Verified SafeView Analysis
The server implements several security best practices including preventing HTTP header injection (CRLF), blocking user-controlled system headers (e.g., Host, Content-Length), and redacting sensitive data from authentication error responses (401/403). The HTTP transport validates Origin headers for localhost to prevent DNS rebinding attacks but notes that production implementations should use a whitelist, which is good practice. No 'eval' or obvious malicious patterns were found. Hardcoded secrets are explicitly placeholders.
Updated: 2025-12-30GitHub
46
51
Medium Cost
ProfessionalWiki icon

MediaWiki-MCP-Server

by ProfessionalWiki

Sec9

An MCP server that enables Large Language Model (LLM) clients to interact with any MediaWiki wiki.

Setup Requirements

  • ⚠️Requires a `config.json` file for private wikis or authenticated tools, which needs to be manually created and populated with wiki details and credentials.
  • ⚠️Authentication (OAuth2 or Bot Passwords) must be configured on the target MediaWiki instance for tools marked with 🔐, which involves wiki-specific setup steps.
  • ⚠️A Node.js runtime (version 18 or higher) or Docker environment is required to run the server.
Verified SafeView Analysis
The server demonstrates good security practices by externalizing sensitive credentials (OAuth2 tokens, usernames, passwords) into a `config.json` file. The `wikiService.sanitize` method explicitly prevents these credentials from being exposed in MCP resource content. The core logic relies on the `mwn` library for MediaWiki API interactions, abstracting much of the direct API handling. No 'eval' or obvious obfuscation was found. Network requests are made to configured MediaWiki instances, which is inherent to its functionality. The HTTP transport uses session IDs for request handling. Overall, the design prioritizes secure handling of sensitive data and external interactions.
Updated: 2026-01-19GitHub
46
88
High Cost
sib-swiss icon

sparql-llm

by sib-swiss

Sec7

An LLM-powered agent for generating, validating, and executing SPARQL queries against biomedical knowledge graphs, utilizing Retrieval-Augmented Generation (RAG) with endpoint-specific metadata and schema for improved accuracy.

Setup Requirements

  • ⚠️Requires OpenAI, OpenRouter, MistralAI, or Groq API Key (Paid)
  • ⚠️Docker required for core services (Qdrant, API)
  • ⚠️Python 3.10+ only
  • ⚠️Vector database initialization for production requires manual execution of `index_resources.py` script (`AUTO_INIT=false`)
Verified SafeView Analysis
The system employs several security measures, including `DOMPurify` for HTML sanitization in the frontend (preventing XSS), `validate_sparql_with_void` for checking generated SPARQL queries against known endpoint schemas (mitigating SPARQL injection), and environment variables for API key management. However, potential risks exist inherent to dynamic query generation and external API interactions. A sophisticated LLM jailbreak could theoretically influence the `endpoint_url` passed to `query_sparql` or craft malicious queries that bypass incomplete VoID schema validations, leading to SSRF or unintended data access on controlled endpoints. Logging of user questions and feedback (potentially sensitive information) is protected by an API key.
Updated: 2026-01-13GitHub
46
60
Medium Cost
oculairmedia icon

Letta-MCP-server

by oculairmedia

Sec7

A Model Context Protocol (MCP) server that provides comprehensive tools for agent management, memory operations, and integration with the Letta system.

Setup Requirements

  • ⚠️Requires Node.js and npm to run directly.
  • ⚠️Requires a running Letta instance, configured via `LETTA_BASE_URL` and `LETTA_PASSWORD` environment variables.
  • ⚠️The `InMemoryEventStore` is noted as 'not suitable for production' and should be replaced with persistent storage for production deployments.
  • ⚠️If using `export_agent` with XBackbone upload, ensure `XBACKBONE_URL` and `XBACKBONE_TOKEN` are securely configured via environment variables and not overridden by untrusted input.
Verified SafeView Analysis
The server acts as a proxy for the Letta API. Core security risks related to user-provided code execution (e.g., in `upload_tool`) are primarily handled by the Letta backend, not this MCP server directly. The HTTP transport includes origin validation (CORS) to prevent certain web-based attacks. However, there are potential local file system interaction risks in `export_agent` and `import_agent` if an attacker can manipulate file paths (e.g., directory traversal), though `path.resolve` mitigates some of this. The `export_agent` tool also supports uploading to a configurable XBackbone URL, which could introduce SSRF vulnerabilities if the `xbackbone_url` argument is not strictly controlled by environment variables and can be influenced by a malicious client. `LETTA_PASSWORD` is correctly handled as an environment variable.
Updated: 2026-01-19GitHub
46
61
High Cost
wysh3 icon
Sec8

This server provides AI-powered research capabilities by automating interactions with Perplexity.ai's web interface, offering web search, content extraction, chat, and developer tooling without requiring API keys.

Setup Requirements

  • ⚠️Requires Bun runtime and Node.js 18+ for TypeScript compilation.
  • ⚠️Optional Perplexity Pro account support requires a one-time manual browser login via 'bun run login' to save the session.
  • ⚠️Browser automation is resource-intensive (CPU/RAM) and performance depends on website consistency, potentially leading to instability or timeouts.
Verified SafeView Analysis
The server relies heavily on Puppeteer for browser automation, which inherently involves executing JavaScript in a browser context when visiting external websites (e.g., Perplexity.ai, or arbitrary URLs for content extraction). The codebase demonstrates good practices such as filtering unsafe URL schemes (e.g., 'javascript:') in extracted content, implementing content type checks before extensive parsing, and using static scripts for browser evasion. There are no direct 'eval' calls in the Node.js server context handling user input. The main security considerations are the inherent risks of browser automation against external, potentially untrusted sites, and the stability/integrity of Perplexity.ai's website. The use of 'gitingest.com' for GitHub content is an external dependency risk.
Updated: 2025-12-13GitHub
46
25
Low Cost
Sec7

A backend server for a Minecraft-related application, likely providing data management or proxy services.

Setup Requirements

  • ⚠️Docker and Docker Compose are required for a quick start and deployment.
  • ⚠️A database (e.g., PostgreSQL, likely specified in docker-compose.yml or migrations) is required for data persistence; configuration will be via environment variables (see .env.sample).
  • ⚠️Node.js and npm/yarn are needed for local development setup and dependency management.
Verified SafeView Analysis
This is a standard Node.js/TypeScript backend server setup. Risks primarily stem from network exposure, configuration (e.g., sensitive environment variables), and potential supply chain vulnerabilities from npm dependencies. Use of Docker aids in containerization and isolation. No immediate signs of 'eval' or obfuscation were identified from the file list.
Updated: 2025-11-18GitHub
46
55
Medium Cost
joelhooks icon

logseq-mcp-tools

by joelhooks

Sec8

Provides AI assistants structured access to a Logseq knowledge graph for retrieval, summarization, analysis, and modification.

Setup Requirements

  • ⚠️Requires Logseq to be running with the HTTP API enabled and an authentication token configured.
  • ⚠️For Claude Desktop integration, Node.js needs to be installed system-wide (e.g., via Homebrew) to avoid conflicts with version managers.
  • ⚠️Absolute path to `index.ts` is crucial for client configurations (Claude Desktop, Cursor, Junie).
Verified SafeView Analysis
The server securely handles the Logseq authentication token via environment variables. It primarily interacts with a local Logseq instance, limiting network exposure. Tools that execute DataScript queries (`smartQuery`) use predefined templates to reduce direct injection risks from user input. The main 'risk' is the inherent capability of AI to modify the Logseq graph via tools like `createPage`, `addJournalEntry`, and `addNoteContent`, which requires careful permission management of the AI client itself.
Updated: 2025-12-01GitHub
46
7
Medium Cost
yutakobayashidev icon

ava

by yutakobayashidev

Sec9

AI-powered progress tracking and communication tool for developers, integrating with coding agents and Slack to reduce context switching.

Setup Requirements

  • ⚠️Requires Node.js 18+
  • ⚠️Requires Docker & Docker Compose for PostgreSQL database
  • ⚠️Detailed Slack App setup required (creating app, configuring OAuth, scopes, slash commands, interaction URLs)
  • ⚠️Requires OpenAI API Key (paid tier recommended for consistent use)
  • ⚠️Requires Stripe account and API Key (for subscription features)
Verified SafeView Analysis
The project demonstrates strong security practices including OAuth 2.1 with PKCE, Slack request signature verification, timing-safe comparisons for sensitive data, robust input validation using Zod, and secure environment variable handling. Event sourcing pattern enhances data integrity and auditability. External client metadata fetching includes size limits, timeouts, and validation. No obvious 'eval' or obfuscation found.
Updated: 2025-12-13GitHub
46
33
Low Cost
PromptExecution icon

just-mcp

by PromptExecution

Sec3

Provides an MCP (Model Context Protocol) server for AI agents to discover, execute, and introspect Justfile recipes, enabling automated build and task management without direct shell access.

Review RequiredView Analysis
The `executor.rs` module directly substitutes user-provided arguments (via the `run_recipe` tool) and Justfile variables into shell commands executed with `sh -c`. This design pattern is highly vulnerable to command injection, as malicious input in arguments or variables could execute arbitrary code on the host system. The claim of being 'Safer Than Raw Bash Access' is not supported by the current implementation which directly uses `sh -c` with interpolated user input.
Updated: 2025-12-03GitHub
46
37
Medium Cost
shinpr icon

mcp-image

by shinpr

Sec9

The MCP server enables AI assistants to generate and edit images using Google's Gemini 3 Pro Image, with intelligent prompt optimization provided by Gemini 2.0 Flash.

Setup Requirements

  • ⚠️Requires a Google Gemini API Key, which is a paid service.
  • ⚠️Requires Node.js version 20 or higher.
  • ⚠️The `IMAGE_OUTPUT_DIR` environment variable must be an absolute path (e.g., /Users/username/images), not a relative path.
Verified SafeView Analysis
The server demonstrates a strong focus on security. It actively prevents path traversal and null byte injection in file operations via a dedicated `SecurityManager`. Sensitive information (like API keys, passwords, URLs, PII) is filtered and redacted from logs by the `Logger`. No hardcoded secrets or `eval` usage were found. External API calls to Google Gemini are expected, and network/API error handling is implemented. Overall, it appears safe to run, provided the user secures their `GEMINI_API_KEY` appropriately.
Updated: 2026-01-14GitHub
46
48
Medium Cost
mahdin75 icon

geoserver-mcp

by mahdin75

Sec8

Enables Large Language Models (LLMs) to interact with and manage geospatial data and services through the GeoServer REST API.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️A running GeoServer instance with REST API enabled is prerequisite.
  • ⚠️Requires GeoServer connection details (URL, username, password) to be provided via environment variables or command-line arguments.
  • ⚠️If using Docker, ensure the `--storage` directory is mounted as a volume for file-related operations.
Verified SafeView Analysis
The server uses environment variables or command-line arguments for GeoServer credentials (URL, username, password), which is good practice to avoid hardcoding. There are no obvious `eval` or `os.system` calls with unvalidated user input that would indicate direct code injection vulnerabilities. The `resolve_storage_path` function attempts to sandbox file operations to a specified base directory if `--storage` is provided, which mitigates some path traversal risks for file uploads. The primary security consideration is the extensive administrative control granted over GeoServer (e.g., creating/deleting workspaces, layers, users). If the GeoServer instance is not properly secured, or if the LLM is given overly permissive access, a compromised LLM or a malicious prompt could lead to data manipulation, deletion, or exposure.
Updated: 2025-12-13GitHub
PreviousPage 66 of 760Next