Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

45
52
High Cost
ScrapeGraphAI icon

scrapegraph-mcp

by ScrapeGraphAI

Sec9

Provides AI-powered web scraping, structured data extraction, multi-page crawling, and agentic automation capabilities for language models.

Setup Requirements

  • ⚠️Requires a ScrapeGraph AI API Key (paid service from dashboard.scrapegraphai.com).
  • ⚠️Python 3.13+ required.
  • ⚠️Node.js and npm/npx required for Smithery installation/usage.
Verified SafeView Analysis
The server acts as a secure proxy to the ScrapeGraph AI API, handling API keys via environment variables or MCP config, and using `httpx.Client` for external requests. Input parameters are validated. No `eval` or direct shell execution observed. The `agentic_scrapper` tool's interaction capabilities are dependent on the ScrapeGraph AI backend's safeguards and user intent, and users should exercise caution with untrusted URLs.
Updated: 2026-01-10GitHub
45
20
High Cost
AuraFriday icon
Sec2

Enables AI agents to control Autodesk Fusion 360 through its API, execute Python code directly within Fusion, and integrate with other Model Context Protocol (MCP) tools.

Setup Requirements

  • ⚠️Requires an external 'Aura Friday MCP-Link Server' to be installed and running.
  • ⚠️Requires Autodesk Fusion 360 to be installed and running as a host application.
  • ⚠️AI-executed Python code has FULL and UNRESTRICTED system access; users are solely responsible for all outcomes and must fully trust the AI and its prompts.
Review RequiredView Analysis
The server's design inherently grants 'ABSOLUTE MAXIMUM ACCESS' via `exec()` for Python code execution, allowing AI agents to run arbitrary code with full system, network, and Fusion API privileges. This is explicitly stated as a feature but represents a significant security risk if the AI agent or its prompts are untrusted or compromised. The `mcp_client.py` disables SSL certificate verification and hostname checking for its SSE connection, which is concerning, even if intended for localhost-only communication. Updates are cryptographically signed, which is a strong positive security feature.
Updated: 2026-01-16GitHub
45
40
High Cost
PagerDuty icon
Sec9

The PagerDuty MCP Server allows MCP-enabled clients (like AI agents) to interact with a PagerDuty account to manage incidents, services, schedules, event orchestrations, and other PagerDuty resources.

Setup Requirements

  • ⚠️Requires a PagerDuty User API Token for authentication.
  • ⚠️Python 3.12+ is required.
  • ⚠️Requires 'asdf-vm' and 'uv' for local development setup.
Verified SafeView Analysis
The server primarily relies on a PagerDuty User API Token, which is passed via environment variables (PAGERDUTY_USER_API_KEY, PAGERDUTY_API_HOST) and is not hardcoded. The default mode is read-only, requiring an explicit '--enable-write-tools' flag for any destructive operations, which is a good security practice. No direct use of 'eval' or other highly dangerous functions was found. It uses standard PagerDuty API calls.
Updated: 2026-01-14GitHub
45
16
Medium Cost
mholzen icon

workflowy

by mholzen

Sec6

Connect AI assistants to Workflowy data and outlines for search, bulk operations, and reporting, or manage Workflowy via CLI.

Setup Requirements

  • ⚠️Requires a Workflowy API Key (obtained from Workflowy.com/api-key/) saved to `~/.workflowy/api.key` or set as `WORKFLOWY_API_KEY` environment variable.
  • ⚠️The `transform` command's `--exec` flag allows arbitrary shell command execution on the host system, posing a significant security risk if exposed to an AI assistant (via MCP) or used carelessly. The `--write-root-id` restriction does not apply to `--exec` functionality.
  • ⚠️For offline mode, Workflowy's Dropbox auto-backup feature must be enabled and synced locally.
Verified SafeView Analysis
The `workflowy_transform` MCP tool and CLI `transform` command include an `--exec` flag that allows execution of arbitrary shell commands on the host machine. If the MCP server is run with `--expose=all` (or `--expose=transform`) and connected to an AI assistant, a malicious or poorly-constrained AI could execute arbitrary local code. While the `--write-root-id` feature provides sandboxing for Workflowy data operations, it does NOT mitigate the risk of local shell command execution via `--exec`. Users must exercise extreme caution when exposing `workflowy_transform` to AI assistants or when using the `--exec` flag directly. API keys are managed responsibly via file permissions and environment variables, not hardcoded.
Updated: 2026-01-18GitHub
45
15
Medium Cost
Xeron2000 icon

redBookMCP

by Xeron2000

Sec9

This server provides a Model Context Protocol (MCP) interface for generating Xiaohongshu-style graphic content, including outlines and images, by orchestrating calls to external AI services.

Setup Requirements

  • ⚠️Requires an external AI image generation API URL, API Key, and model name (e.g., OpenAI DALL-E compatible service), which are typically paid services.
  • ⚠️Requires Node.js and npm/pnpm to be installed.
  • ⚠️The project is explicitly marked as 'Deprecated' in the README, recommending the use of Claude Code's built-in skills instead, implying potential lack of maintenance or a superior alternative.
  • ⚠️Requires a local `DATA_DIR` to be specified and writable for storing project data and generated images.
Verified SafeView Analysis
The code appears generally well-structured and avoids common critical vulnerabilities like 'eval' or direct command injection in tool arguments. API keys and data directory paths are correctly retrieved from environment variables, preventing hardcoding of secrets. File system operations are confined to the `DATA_DIR` specified via environment variable, mitigating arbitrary file access. Network calls are outgoing to configurable image generation APIs. However, the project is marked as deprecated, which means it may not receive future security updates.
Updated: 2026-01-18GitHub
45
46
Low Cost
Sec8

A backend HTTP server likely used as a control plane or for data collection/processing within an observability or monitoring system.

Setup Requirements

  • ⚠️Docker required to build and run the containerized server.
  • ⚠️Go compiler (v1.16+) required if building and running directly without Docker.
Verified SafeView Analysis
The project uses Go, which generally provides strong type safety and memory management, reducing common classes of vulnerabilities. No 'eval' or obvious obfuscation is apparent from file names. As an HTTP server, standard network risks (e.g., DoS, unauthenticated access) are present; however, without source code review, specific vulnerabilities cannot be identified. Running in a controlled environment with proper access controls is recommended.
Updated: 2025-11-18GitHub
45
45
Medium Cost
MCPCat icon
Sec7

An analytics and observability SDK for Multi-modal Conversational Platform (MCP) servers, capturing user behavior and tool interactions for product development and debugging.

Setup Requirements

  • ⚠️Requires compatible MCP server: Supports 'mcp>=1.2.0' or 'fastmcp>=2.7.0,!=2.9.*'.
  • ⚠️Outbound network access required to 'https://api.mcpcat.io' and any configured telemetry endpoints.
  • ⚠️Project ID or Exporters required: Must be initialized with either an MCPCat project ID (from mcpcat.io) or a configuration for external telemetry exporters.
Review RequiredView Analysis
The SDK employs monkey-patching, which alters the runtime behavior of the host MCP server. It collects and transmits data (including tool call arguments, responses, and potentially full stack traces) to api.mcpcat.io and optional third-party observability platforms. Users must carefully implement the `redact_sensitive_information` callback to prevent sensitive data from being sent externally. No direct `eval()` or `exec()` calls, or obvious hardcoded secrets were found.
Updated: 2026-01-19GitHub
45
11
High Cost
Abbabon icon

unity-mcp-sharp

by Abbabon

Sec9

Integrates AI assistants with Unity Editor for game development automation via Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Unity 2021.3+ Editor
  • ⚠️Requires Docker Desktop installed and running
  • ⚠️Requires AI assistant configuration (e.g., VS Code, Cursor, Claude Desktop .json settings)
Verified SafeView Analysis
The server uses standard .NET and ASP.NET Core frameworks, runs locally or in a Docker container, and by default exposes ports 8080 for HTTP and WebSocket. No 'eval' or malicious patterns were found in the truncated code. Hardcoded secrets are not present for runtime server operation; package signing credentials are handled via .env for CI/CD. Default `ASPNETCORE_ENVIRONMENT=Development` in `docker-compose.yml` should be reviewed for production deployments, but doesn't inherently pose a critical risk for local development.
Updated: 2025-12-15GitHub
45
46
Medium Cost
uscensusbureau icon
Sec8

The MCP Server provides a standardized API for AI assistants (LLMs) to access and process U.S. Census Bureau data and geography information, enabling data retrieval and analysis through an agent-like interface.

Setup Requirements

  • ⚠️Requires a U.S. Census Bureau API Key (`CENSUS_API_KEY`).
  • ⚠️Requires Docker and Docker Compose for easy setup and database management.
  • ⚠️Initial database seeding can be time-intensive due to fetching large datasets from the Census API and processing them.
Verified SafeView Analysis
The server uses environment variables for sensitive data like `CENSUS_API_KEY` and `DATABASE_URL`, which is good practice. Input validation is implemented using `zod` schemas. Database interactions largely use parameterized queries, which mitigates common SQL injection risks. However, the `recordApiCall` and `hasApiBeenCalled` functions directly interpolate the `url` parameter into SQL queries. While `url` is typically constructed internally from trusted Census API endpoints, this pattern could pose a risk if malicious user input could somehow manipulate this variable without prior sanitization.
Updated: 2026-01-16GitHub
45
6
High Cost
spkane icon
Sec3

Enables AI assistants to integrate with FreeCAD for assisted development and debugging of 3D models, macros, and workbenches, supporting various CAD operations and environment introspection.

Setup Requirements

  • ⚠️Requires Python 3.11 to match FreeCAD's bundled Python for ABI compatibility; mismatch causes fatal crashes.
  • ⚠️Embedded connection mode crashes on macOS/Windows due to FreeCAD's library linking; use XML-RPC or Socket mode on these platforms.
  • ⚠️Requires the 'Robust MCP Bridge workbench' to be installed and manually started inside FreeCAD for XML-RPC and Socket modes.
  • ⚠️Docker deployments require `--add-host=host.docker.internal:host-gateway` and `FREECAD_SOCKET_HOST=host.docker.internal` to connect to FreeCAD on the host.
Verified SafeView Analysis
CRITICAL: The `execute_python` tool allows execution of arbitrary Python code within the FreeCAD environment, which can lead to severe security vulnerabilities if untrusted input is processed. This grants full access to the underlying system and FreeCAD's capabilities, including file system access and network operations (if FreeCAD itself is configured for them). While the `ServerConfig` includes `enable_sandbox: True` and `allow_network_access: False`, the effectiveness and scope of this sandbox are not explicitly detailed, and the direct `exec()` usage in the `_execute_code` method bypasses Python's normal security checks. Deploying this server on a system with sensitive data or network access, especially if exposed beyond localhost, is a significant risk. Users must carefully manage the trust level of the AI assistant and the code it generates. Additionally, the default `socket_host` can be configured to `0.0.0.0` making the server externally accessible.
Updated: 2026-01-19GitHub
45
41
Medium Cost
democratize-technology icon

vikunja-mcp

by democratize-technology

Sec10

Facilitates integration and automation of Vikunja task and project management by exposing its API functionalities via the Model Context Protocol (MCP), enabling structured, AI-driven interactions.

Setup Requirements

  • ⚠️Authentication Requirements: Requires a Vikunja API URL (VIKUNJA_URL) and API token (VIKUNJA_API_TOKEN). Certain operations (e.g., user management, data export) strictly require JWT authentication, which might necessitate changing the API token type.
  • ⚠️Vikunja API Limitations: The Vikunja 'Users' API endpoint is known to sometimes fail with standard API tokens, potentially impacting features that rely on user resolution, such as assignee assignments during batch imports.
  • ⚠️Performance for Large Datasets: Operations like 'vikunja_export_project' can consume significant memory for very large projects with numerous tasks or deep hierarchies, requiring awareness of configured limits or careful usage.
  • ⚠️Specific Permissions: Webhook operations and certain other advanced features may require API tokens with additional, specific permissions beyond basic access rights.
Verified SafeView Analysis
The project demonstrates an extremely high focus on security. It includes comprehensive input sanitization (XSS, SQL injection, Command Injection, Path Traversal, LDAP/NoSQL injection, Unicode bypass, Prototype Pollution) with 180+ regex patterns and 40 dedicated test cases. Production-grade rate limiting with circuit breakers and mutexes is implemented to prevent DoS attacks, memory leaks, and race conditions, explicitly addressing architectural flaws. Sensitive data like API tokens are handled via environment variables and masked in logs. The 'defense in depth' strategy is robust and well-documented.
Updated: 2026-01-11GitHub
45
40
Low Cost
contentful icon
Sec8

Provides AI assistants with comprehensive tools to interact with Contentful APIs for content creation, management, asset organization, workflow automation, and content modeling.

Setup Requirements

  • ⚠️Requires a Contentful Management API personal access token, which is a sensitive credential.
  • ⚠️Requires Node.js >=22.0.0 and npm >=10.0.0.
  • ⚠️Requires a Contentful account with a Space ID.
Verified SafeView Analysis
The project uses Contentful Management API tokens, which are handled as environment variables, a good security practice. It utilizes `child_process.execSync` in the license update script, but for a controlled, internal dependency check (`license-checker-rseidelsohn`). No obvious malicious patterns or widespread use of `eval` or similar dangerous functions were identified. Adherence to environment variable best practices for sensitive credentials is key to maintaining security.
Updated: 2026-01-16GitHub
PreviousPage 68 of 760Next