Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(7756)

44
29
High Cost
kintone icon

mcp-server

by kintone

Sec8

The Kintone MCP Server allows AI assistants to interact with Kintone applications by providing a set of tools for data and app management.

Setup Requirements

  • ⚠️Requires Kintone API credentials (Base URL and either Username/Password or API Token).
  • ⚠️Requires Node.js or Docker installed on the machine.
  • ⚠️The `kintone-download-file` tool requires the `KINTONE_ATTACHMENTS_DIR` environment variable to be set for file storage.
Verified SafeView Analysis
The server relies heavily on environment variables and command-line arguments for sensitive configurations (Kintone credentials, PFX certificates, proxy settings, attachments directory). Robust Zod schemas are used for input validation, mitigating basic injection risks for configuration. File operations (downloading attachments) are constrained to a specified `KINTONE_ATTACHMENTS_DIR`, with filename sanitization to prevent path traversal within that directory. However, if an attacker could control the `KINTONE_ATTACHMENTS_DIR` itself, it could pose a risk. As this is typically set by the server administrator, this risk is managed by trusted environment setup. No 'eval' or arbitrary command execution with unvalidated user input was found. Overall, it is relatively secure when deployed in a trusted environment with properly configured sensitive variables.
Updated: 2025-12-13GitHub
44
36
Low Cost
nisalgunawardhana icon

How-To-Create-MCP-Server

by nisalgunawardhana

Sec9

Set up a basic .NET Model Context Protocol (MCP) server for tool integration with AI assistants like Copilot Chat.

Setup Requirements

  • ⚠️Requires .NET SDK 8.
  • ⚠️Recommends VS Code C# Dev Kit extension for best experience.
  • ⚠️Uses a prerelease NuGet package (`ModelContextProtocol --prerelease`) which might introduce instability.
Verified SafeView Analysis
The server communicates via standard input/output (stdio) as defined by the Model Context Protocol. The provided `HelloTool` is extremely simple and outputs a fixed string to the console. The inherent security relies on the trust of the `ModelContextProtocol` library itself and any other tools added by the developer. No direct network listeners or external untrusted input processing (beyond stdin messages which are handled by the protocol library) are evident in the provided code.
Updated: 2025-12-07GitHub
44
2
Low Cost
mohrstade icon
Sec9

Provides a semantic layer for BigQuery's Austin Bikeshare public dataset, simplifying data querying and analysis through a defined interface for tools like Claude Desktop.

Setup Requirements

  • ⚠️Requires Python 3.13 or newer.
  • ⚠️Requires the `uv` package installer for the recommended setup as per the README.
  • ⚠️Requires Google Cloud Platform (GCP) authentication (e.g., `gcloud auth application-default login`) to connect to BigQuery, even for public datasets.
Verified SafeView Analysis
Connects to a public BigQuery dataset (`bigquery-public-data`). Uses standard and reputable data libraries (Ibis, boring-semantic-layer). No obvious hardcoded sensitive credentials, 'eval' usage, or malicious patterns were found in the provided source code. Relies on standard GCP authentication mechanisms for BigQuery access, which are assumed to be configured externally.
Updated: 2025-11-26GitHub
44
19
Medium Cost
IBM icon
Sec9

The IBM i MCP Server acts as a central tool provider, enabling AI agents to interact with IBM i systems using natural language for system administration, performance monitoring, database operations, and security analysis.

Setup Requirements

  • ⚠️Requires an IBM i System with DB2i database access.
  • ⚠️Requires Python 3.12+ for client/agent components.
  • ⚠️Docker is highly recommended for running the full agent infrastructure.
  • ⚠️Using AI agents (client-side) requires an API key from a supported LLM provider (e.g., OpenAI, WatsonX, Anthropic), which may incur costs.
Verified SafeView Analysis
The server employs robust security measures: It uses environment variables for sensitive credentials (DB2i_HOST, DB2i_USER, DB2i_PASS), preventing hardcoded secrets. SQL execution is rigorously validated against a list of forbidden keywords (e.g., 'TRUNCATE', 'DELETE', 'DROP') using both AST parsing and regex to prevent SQL injection and dangerous operations. The system supports multiple authentication strategies (IBMiToken, JWT, OAuth) with configurable key paths and token expiry. It also implements rate limiting and input sanitization, and explicitly flags potentially destructive tools with `destructiveHint: true` for agent awareness. These comprehensive measures make it highly secure for its intended purpose of exposing IBM i services to AI agents.
Updated: 2025-12-12GitHub
44
34
High Cost
uscensusbureau icon
Sec5

This MCP server provides a standardized client-server interface to query and interact with various U.S. Census Bureau data APIs, allowing AI assistants to access demographic and geographic information.

Setup Requirements

  • ⚠️Requires a valid `CENSUS_API_KEY` obtained from the U.S. Census Bureau.
  • ⚠️Requires Docker and a PostgreSQL database for setup and operation.
  • ⚠️The default `DATABASE_URL` in `mcp-db/src/helpers/database.helper.ts` uses hardcoded credentials (`mcp_user:mcp_pass`) which must be overridden with strong, unique credentials in production for security.
Verified SafeView Analysis
The server uses environment variables for `CENSUS_API_KEY` and `DATABASE_URL`, which is good practice. However, `DATABASE_URL` has a hardcoded default (`postgresql://mcp_user:mcp_pass@localhost:5432/mcp_db`) that is a critical security risk if not overridden in a production environment. Additionally, the `SeedRunner`'s `fetchFromApi` method logs the full API URL, which includes the `CENSUS_API_KEY` as a query parameter, making it visible in logs if not properly redacted.
Updated: 2025-12-05GitHub
44
2
High Cost
pgElephant icon

NeuronDB

by pgElephant

Sec3

The NeuronMCP server acts as a Model Context Protocol (MCP) gateway, enabling MCP-compatible clients (like Claude Desktop) to interact with the NeuronDB PostgreSQL extension for vector search, machine learning, RAG pipelines, and agent runtime capabilities.

Setup Requirements

  • ⚠️Requires a running PostgreSQL instance (version 16 or later) with the NeuronDB extension installed.
  • ⚠️Many ML and embedding tools, especially for larger models, may incur significant costs from external LLM providers (e.g., OpenAI, Hugging Face APIs).
  • ⚠️Requires Docker and Docker Compose for the recommended deployment, which adds setup complexity for users unfamiliar with containerization.
Review RequiredView Analysis
The C-based PostgreSQL extension code (`NeuronDB/src/search/sparse_search.c`, `hybrid_search.c`, `semantic_keyword_search.c`, `multi_vector_search.c`, `faceted_vector_search.c`, `temporal_vector_search.c`, `diverse_vector_search.c`) constructs SQL queries by directly concatenating user-provided table and column names (`tbl_str`, `col_str`, `facet_str`, `ts_str`) into the query string using `%s` in `appendStringInfo`. This is a classic SQL injection vulnerability, as malicious input in these parameters could alter the SQL query. For instance, a user could supply a table name like `mytable; DROP TABLE important_data;` leading to data loss or unauthorized access. While the Node.js/TypeScript layer of NeuronMCP generally uses parameterized queries and `escapeIdentifier` for dynamic SQL, the underlying C extension functions contain this critical flaw. The `PluginManager` allows loading external plugins, which could be a risk if not sourced from trusted origins.
Updated: 2025-11-30GitHub
44
9
Low Cost
matlab icon
Sec6

Publishes MATLAB functions as Model Context Protocol (MCP) tools on MATLAB Production Server, enabling AI agents to call and leverage MATLAB's computational capabilities.

Setup Requirements

  • ⚠️Requires MATLAB R2025b or later.
  • ⚠️Requires MATLAB Compiler SDK for building deployable archives.
  • ⚠️Requires MATLAB Production Server R2022a or later (must be configured to allow archive management).
  • ⚠️Specific Python packages (e.g., `requests`, `FastMCP`, `matplotlib`) are needed for various utility scripts and example servers.
Review RequiredView Analysis
The `file_persist` Go binary, part of the framework's utilities, offers broad filesystem access (copy, create, delete, list) to AI agents via URI commands. This is a significant security risk if the orchestrating AI agent or the hosting environment is compromised or not properly sandboxed. While there's no evidence of 'eval', obfuscation, or hardcoded secrets in the provided Go/Python code, the exposed capabilities require strict permission management and careful trust considerations for the AI agent. The `README` for test tools also cautions that they may do "unconventional or wrong" things.
Updated: 2025-12-04GitHub
44
23
Medium Cost
zacharypodbela icon

django-rest-framework-mcp

by zacharypodbela

Sec8

Enables developers to quickly build Model Context Protocol (MCP) servers for existing Django REST Framework APIs, allowing AI agents and LLM clients to leverage these endpoints as tools.

Setup Requirements

  • ⚠️Requires Python 3.8+.
  • ⚠️Requires Django 4.0+ and djangorestframework 3.14.0+.
  • ⚠️MCP requests bypass parts of the standard DRF request lifecycle (e.g., `dispatch`, `initialize_request`, `finalize_response`, `handle_exception`), which developers must be aware of for custom logic.
  • ⚠️STDIO transport for MCP clients is not directly supported and requires an `mcp-remote` bridge for local testing with tools like Claude Desktop.
Verified SafeView Analysis
The MCP endpoint (`/mcp/`) uses `@csrf_exempt`, bypassing Django's CSRF protection; this is standard for API endpoints primarily consumed by non-browser clients, but should be noted. The overall security relies heavily on the underlying Django REST Framework's authentication, permission, and throttling configurations. The documentation explicitly warns that DRF's built-in throttling is not a robust security measure against sophisticated attacks like brute-forcing or Denial of Service (DoS). The demo `settings.py` includes a `SECRET_KEY` marked as 'insecure' by Django, which is acceptable for development/demo purposes but must be replaced in a production environment.
Updated: 2025-11-25GitHub
44
8
Low Cost
mcp-use icon

inspector

by mcp-use

Sec5

An interactive developer tool for testing, debugging, and monitoring Model Context Protocol (MCP) servers, including support for MCP-UI and OpenAI Apps SDK widgets.

Setup Requirements

  • ⚠️Requires a running MCP server to inspect.
  • ⚠️Client-side LLM features (Chat, Sampling) require API keys for OpenAI, Anthropic, or Google models (paid services), configured within the UI.
  • ⚠️Requires a Node.js runtime environment for local execution.
Review RequiredView Analysis
The server includes a proxy endpoint (`/inspector/api/proxy`) that accepts a user-controlled `X-Target-URL` header to forward requests. Without robust server-side validation against internal network access or malicious IPs, this could lead to Server-Side Request Forgery (SSRF) vulnerabilities, allowing an attacker to make arbitrary requests from the server's perspective. The client-side `OpenAIComponentRenderer` uses iframes with `allow-same-origin` in its sandbox configuration, combined with script injection for dev widgets and a proxy for production widgets. While Content Security Policies (CSPs) are applied, complex iframe interactions and dynamic content loading always carry a non-zero risk of XSS if the hosted content or the injection mechanism has a vulnerability. Telemetry is collected, but users can disable it via environment variables or local storage.
Updated: 2025-12-12GitHub
44
42
Low Cost
aashari icon
Sec9

Enables AI assistants to interact with Atlassian Confluence for knowledge retrieval, search, and content management.

Setup Requirements

  • ⚠️Requires Confluence Cloud (Confluence Server/Data Center is not supported).
  • ⚠️Requires an Atlassian API Token generated from your Atlassian account.
  • ⚠️Requires Node.js 18.0.0 or higher.
Verified SafeView Analysis
The server follows good security practices by loading credentials from environment variables or a global config file, rather than hardcoding. Input validation is handled using Zod schemas for tool arguments and basic JSON parsing for CLI inputs. Network interactions are confined to the Atlassian API and a local MCP transport (HTTP or STDIO). File system access is limited to temporary logs and raw response storage in a designated `/tmp/mcp/` directory. No direct usage of `eval` or obvious malicious patterns were detected.
Updated: 2025-12-08GitHub
44
30
High Cost
antvis icon
Sec9

A Model Context Protocol (MCP) server that provides AntV documentation context and code examples for AI development and quality assurance workflows.

Setup Requirements

  • ⚠️Requires Node.js >= v18.0.0
  • ⚠️Requires an MCP Client (e.g., Cursor, VSCode MCP Extension) to connect and utilize its functionality
  • ⚠️Relies on external Context7.com and DeepWiki.com services for documentation retrieval; functionality will be impaired if these services are unavailable
Verified SafeView Analysis
The server interacts with external services (context7.com and mcp.deepwiki.com) to fetch documentation. These are legitimate documentation sources, and the access is controlled by specific endpoints. Robust input validation is implemented using Zod schemas for all tool inputs. No 'eval' or other direct arbitrary code execution vectors were found. No hardcoded secrets were identified.
Updated: 2025-12-11GitHub
44
36
Medium Cost
democratize-technology icon

vikunja-mcp

by democratize-technology

Sec9

Serves as an AI-optimized Model Context Protocol (MCP) gateway for Vikunja, enabling AI models or other MCP clients to interact with and manage tasks, projects, users, labels, and other entities within a Vikunja instance.

Setup Requirements

  • ⚠️Requires a running Vikunja server instance to connect to.
  • ⚠️Requires a Vikunja API Token or JWT for authentication; certain advanced operations (e.g., user management, data export) specifically require JWT authentication.
  • ⚠️Node.js runtime environment is required.
Verified SafeView Analysis
The codebase demonstrates a strong focus on security, with explicit mentions of implemented fixes for common architectural vulnerabilities (race conditions, memory leaks, inconsistent state) in the rate-limiting middleware. It utilizes robust input validation (`zod` for JSON, RFC 4180 compliant CSV parsing), sanitization, and secure parsing techniques (`jsonata` for filters instead of `eval`) to prevent injection attacks (XSS, prototype pollution). Sensitive data (API tokens, URLs) is actively masked in logs and configuration. Concurrency is managed with mutexes, and resilience is enhanced with circuit breakers. The project structure modularizes components, reducing the attack surface. While no system is perfectly secure, this project shows excellent adherence to modern security best practices in its design and implementation.
Updated: 2025-12-13GitHub
PreviousPage 69 of 647Next