Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

46
108
Low Cost
KatherLab icon

STAMP

by KatherLab

Sec4

Enables LLM agents to orchestrate end-to-end computational pathology tasks from Whole Slide Images, including feature extraction, model training, cross-validation, deployment, and heatmap generation.

Setup Requirements

  • ⚠️Requires `uv` (version 0.8.5 or newer) for installation and dependency management.
  • ⚠️Native OpenCV dependencies (e.g., `libgl1-mesa-glx` or `libgl1 libglx-mesa0 libglib2.0-0` on Ubuntu) must be manually installed.
  • ⚠️GPU installation can be time-consuming, memory-intensive, and prone to PyTorch version mismatches, sometimes requiring manual `uv cache clean` operations.
  • ⚠️Requires Python 3.11+ and specific PyTorch versions (e.g., `torch>=2.7.1,<2.8.0`).
Review RequiredView Analysis
The server executes the `stamp` CLI via `subprocess.run` with dynamically generated configurations from user (LLM agent) input. This presents a significant risk of command injection if the `stamp` CLI or its underlying dependencies do not robustly sanitize all possible arguments and file paths. While `read_file` and `list_files` tools attempt path sanitization to limit file access to the server's base directory, this mechanism is not foolproof and could potentially be bypassed via directory traversal vulnerabilities, leading to exposure of sensitive local files. Therefore, running this server without strong sandboxing (e.g., Docker with strict security policies) is highly discouraged.
Updated: 2026-01-19GitHub
46
4
Low Cost
nirholas icon
Sec3

This MCP server is designed to fetch, parse, and organize documentation from websites implementing the llms.txt standard. It transforms raw documentation into structured, agent-ready formats, exposing tools for AI agents, LLMs, and automation workflows to consume documentation programmatically.

Setup Requirements

  • ⚠️Requires Node.js runtime (implied by Node.js/TypeScript codebase).
  • ⚠️Network access is required to fetch documentation from external websites, which may require specific firewall rules or proxy configurations if deployed publicly.
  • ⚠️Relies on `npx` being available in the execution environment to run the STDIO server locally.
Review RequiredView Analysis
The server's core functionality involves fetching content from arbitrary URLs provided by the client. This introduces a significant risk of Server-Side Request Forgery (SSRF) if input URLs are not rigorously validated, sanitized, and sandboxed. Maliciously crafted URLs could lead to unauthorized access to internal resources, data leakage, or resource exhaustion. Additionally, parsing and processing external HTML/Markdown content carries a risk of injection vulnerabilities or exploits if the parsing libraries are not robust or the environment is not sufficiently sandboxed.
Updated: 2026-01-19GitHub
46
68
Medium Cost
2b3pro icon
Sec6

Manages a Roam Research knowledge graph via CLI and exposes its functionalities as tools for AI agents (like Claude) to read, write, and organize notes.

Setup Requirements

  • ⚠️Requires Node.js runtime environment to run the server or CLI.
  • ⚠️Requires a Roam Research API token, implying access to a Roam Research graph (a paid service).
  • ⚠️Environment variables must be configured either for single-graph mode (`ROAM_API_TOKEN`, `ROAM_GRAPH_NAME`) or multi-graph mode (`ROAM_GRAPHS`, `ROAM_DEFAULT_GRAPH`).
Verified SafeView Analysis
The `roam_datomic_query` tool allows execution of arbitrary Datalog queries, which poses a significant risk if the Roam API token has broad permissions, as it can potentially read or modify any data without further validation. There is a potential ReDoS (Regular Expression Denial of Service) vector if a malicious regex pattern is provided to the `regexFilter` parameter within the `roam_datomic_query` tool. The CORS configuration in `src/config/environment.ts` can be a vulnerability if set to '*' in a production environment, allowing requests from any origin.
Updated: 2026-01-18GitHub
46
42
High Cost
KemingHe icon
Sec9

Provides up-to-date information and commands for various Python package managers (pip, conda, poetry, uv, pixi, pdm) by cross-referencing official documentation.

Setup Requirements

  • ⚠️Requires Docker to be installed and running on the host system.
  • ⚠️Specific `mcp.json` configuration is needed for integration with Agentic IDEs.
  • ⚠️Users need to actively manage Docker image versions (e.g., pin to a commit hash for production).
Verified SafeView Analysis
The server runs within a Docker container, providing good isolation. It primarily serves as a documentation search tool, mitigating common risks associated with code execution. No 'eval' or direct execution of user-provided code is apparent in the summarized source. The content is sourced from 'official docs' which is a critical trust assumption. The primary risks would involve malicious content in the indexed documentation (unlikely for official docs) or a sophisticated exploit of the search/display logic.
Updated: 2026-01-13GitHub
46
114
Medium Cost
Jakedismo icon

codegraph-rust

by Jakedismo

Sec9

Transforms codebases into a semantically searchable knowledge graph, enabling AI agents to reason about code relationships, architecture, and impact rather than just performing text-based searches.

Setup Requirements

  • ⚠️Primarily targets macOS for installer scripts; Linux users may need manual adaptation.
  • ⚠️Requires a running SurrealDB instance (local or cloud) with the CodeGraph schema applied.
  • ⚠️Requires Rust toolchain and Homebrew (on macOS).
  • ⚠️For 'balanced' or 'full' indexing tiers, language-specific LSP tools (e.g., `rust-analyzer`, `typescript-language-server`, `pyright-langserver`) must be installed.
Verified SafeView Analysis
The project extensively uses environment variables and configuration files for API keys, avoiding hardcoded secrets. It integrates with various trusted LSP servers and LLM/embedding providers, relying on their security. The use of 'unsafe' for SIMD and memory-mapped files is noted, but this is a common practice for performance in Rust. Debug logging, when enabled via `CODEGRAPH_DEBUG=1`, can write sensitive query and result data to local files; users should be aware of this for security. Default SurrealDB credentials (`root`/`root`) are used in local development setups and should be changed for production deployments.
Updated: 2025-12-20GitHub
46
6
Low Cost
can1357 icon

agentx

by can1357

Sec9

AI-native terminal issue tracker for developers, providing structured task management, Git integration, and a Model Context Protocol server for agent interaction.

Setup Requirements

  • ⚠️Requires Rust toolchain (compiler and Cargo) for building and installation.
  • ⚠️Requires Git installed and configured locally for Git integration features (branch creation, commits).
Verified SafeView Analysis
The MCP server operates over standard input/output (stdio), which limits direct network exposure. File system and Git operations are performed, but these are tied to explicit issue management commands and parameter validation is in place. No dynamic code execution (e.g., 'eval') based on user input or hardcoded sensitive information was observed in the provided source code. The primary security consideration would be the integrity of the upstream MCP client feeding commands via stdio.
Updated: 2025-11-24GitHub
46
100
Medium Cost
ruanrongman icon

IntelliConnect

by ruanrongman

Sec5

An intelligent IoT platform enabling AI agent development, supporting various large language models, knowledge bases, voice applications, and device management for smart hardware like ESP-32.

Setup Requirements

  • ⚠️Requires Docker for easy setup of MySQL, Redis, EMQX, and InfluxDB.
  • ⚠️Requires Java 17 runtime environment.
  • ⚠️Requires an EMQX cluster with exhook configured for MQTT message processing.
  • ⚠️Numerous API keys are required for integrated AI services (e.g., DashScope, GLM, DeepSeek, SiliconFlow, weather services), which incur external costs.
Review RequiredView Analysis
The server uses Spring Security with JWT for authentication and authorization, and correctly externalizes most secrets via `@Value` annotations. However, it incorporates a JavaScript execution sandbox (`NashornSandbox`) for rule and control scripts, which inherently introduces a significant attack surface if sandboxing can be bypassed. Additionally, the `onMessagePublish` method in `HookProviderImpl.java` contains a comment '安全屏障,后续更新' (Security barrier, subsequent updates), indicating incomplete or potential security vulnerabilities related to MQTT message processing that require further attention. The permissive CORS configuration (`addAllowedOriginPattern("*")`) may also pose risks depending on deployment context.
Updated: 2026-01-19GitHub
46
25
Medium Cost
Michael-Obele icon

shadcn-svelte-mcp

by Michael-Obele

Sec8

Provides real-time access to shadcn-svelte component documentation, Bits UI API details, and Lucide Svelte icon search via an MCP server for AI-powered code editors and CLIs.

Setup Requirements

  • ⚠️Requires Node.js >= 20.9.0.
  • ⚠️Requires an AI-powered code editor or CLI client (e.g., Cursor, VS Code, Claude Code) for effective use.
  • ⚠️Caching functionality relies on a writable '.cache' directory.
Verified SafeView Analysis
The server performs web scraping using `crawlee` (Playwright) from external documentation sites. While the sources (shadcn-svelte.com, bits-ui.com, svelte-sonner.vercel.app, unpkg.com) are generally trusted, running Playwright with `--no-sandbox` (as configured) can slightly reduce isolation if highly malicious content were to be encountered. CORS are set to `*` in development and production, which is typical for public APIs. No hardcoded secrets or 'eval' calls were found in the provided code.
Updated: 2026-01-11GitHub
46
61
High Cost
The-AI-Alliance icon

gofannon

by The-AI-Alliance

Sec2

Rapidly prototype AI agents and web UIs, build conversational flows, preview interactions, and deploy agent-driven experiences.

Setup Requirements

  • ⚠️Requires OpenAI, Anthropic, or Gemini API keys (paid services).
  • ⚠️Requires Docker and Docker Compose for local setup.
  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Requires pnpm 8 or higher.
Review RequiredView Analysis
The system features explicit execution of user-provided or LLM-generated Python code via the `exec` function within a 'sandboxed environment'. This is a critical security vulnerability, as `exec` is notoriously difficult to secure against malicious code, potentially allowing arbitrary code execution, compromise of the host system, or data exfiltration. The sandboxed code also has access to network clients (`httpx.AsyncClient`, `RemoteMCPClient`, `GofannonClient`) enabling arbitrary network requests, which amplifies the risk of Server-Side Request Forgery (SSRF) and data exfiltration. Furthermore, hardcoded default passwords (e.g., 'password' for admin panel, 'minioadmin' for MinIO, 'admin:password' for CouchDB) are present in configuration files, posing significant vulnerabilities if not explicitly changed in production environments.
Updated: 2026-01-16GitHub
46
58
High Cost
shredEngineer icon

Archive-Agent

by shredEngineer

Sec9

An intelligent file indexer with powerful AI search (RAG engine), automatic OCR, and a seamless MCP interface to unlock documents with natural language.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid) for OpenAI provider, or local Ollama/LM Studio setup for local models.
  • ⚠️Docker is required for the Qdrant vector database (unless ARCHIVE_AGENT_QDRANT_IN_MEMORY is explicitly set to 1).
  • ⚠️System-wide installation of `pandoc` is required.
  • ⚠️Requires Python >= 3.10 and `uv` for environment management.
Verified SafeView Analysis
The project demonstrates robust security practices for an open-source tool. It utilizes Pydantic models with `extra='forbid'` for strict schema validation of AI responses, preventing unexpected data injection. `OPENAI_API_KEY` is correctly sourced from environment variables. `file_lock` ensures safe concurrent access to shared resources. The `mcp_server_host` is configurable to expose to LAN, giving the user control over network exposure. Arbitrary command execution via `subprocess.run` is limited to specific, justified system utilities (`nano`, `streamlit`, `docker`, `pandoc`). Overall, the architecture minimizes common attack vectors.
Updated: 2026-01-14GitHub
45
16
Medium Cost
robsyc icon

ld-spec-mcp

by robsyc

Sec9

Serves W3C Semantic Web specifications section-by-section and resource-by-resource to AI agents for efficient, targeted information retrieval.

Setup Requirements

  • ⚠️Requires Python 3.11 or newer
  • ⚠️Requires cloning the GitHub repository locally for setup
  • ⚠️Requires internet access to W3C specification websites for content fetching
Verified SafeView Analysis
The server fetches content from a predefined set of trusted W3C URIs listed in `index.yaml`. User input (`spec_key`, `ns_key`) is used to look up these trusted URIs, preventing arbitrary URL fetching (SSRF). While fetching external content inherently carries some risk, robust libraries like `httpx` (with timeout) and `BeautifulSoup`/`RDFLib` are used, along with explicit sanitization in `html_to_markdown` for known `html-to-markdown` library issues. No direct command injection, use of `eval`, or hardcoded secrets were identified. Input validation relies on `FastMCP` framework's `Annotated` types.
Updated: 2026-01-15GitHub
45
51
High Cost
drumnation icon
Sec8

Enables AI agents to search, download, and manage professional stock photos from Unsplash with automated attribution.

Setup Requirements

  • ⚠️Requires an Unsplash API access key (free tier available for testing, paid for higher limits).
  • ⚠️Requires Node.js 18.x or higher.
  • ⚠️Windows users may encounter 'Client closed' errors due to process management; specific `mcp.json` configurations are provided in documentation to mitigate this.
  • ⚠️While the default `downloadMode` is 'urls_only', auto-downloading many large images or generating complex attribution files can lead to significant token usage due to verbose JSON/HTML/React outputs for LLMs.
Verified SafeView Analysis
The server loads the Unsplash API key from environment variables, which is good practice. Filenames are sanitized, preventing common path traversal vulnerabilities. It primarily uses stdio for communication, reducing direct network attack surface. The use of `exiftool-vendored` for metadata processing involves spawning external binaries (perl script/executable) which is a potential, albeit common, point of exploitation if a maliciously crafted image could leverage `exiftool` vulnerabilities. No direct `eval` or similar dangerous patterns were found in the provided source code.
Updated: 2026-01-17GitHub
PreviousPage 67 of 760Next