Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

45
13
Medium Cost
xjustloveux icon

aspose-mcp-server

by xjustloveux

Sec9

Provides powerful office document processing capabilities (Word, Excel, PowerPoint, PDF) to Model Context Protocol (MCP) clients, enabling AI agents to interact with documents.

Setup Requirements

  • ⚠️Requires a valid Aspose license for full functionality; otherwise, it runs in trial mode with watermarks and limitations.
  • ⚠️For Linux/macOS, `libgdiplus` is required for certain image processing functions (e.g., slide export, thumbnail generation).
  • ⚠️While pre-compiled versions are self-contained, running from the DLL requires a .NET 8.0 Runtime installation.
Verified SafeView Analysis
The project demonstrates strong security practices including comprehensive path validation (preventing traversal attacks, limiting length, validating characters), array and string input validation, and robust error message sanitization to prevent information leakage in production. It supports optional API Key and JWT authentication with various modes and caching, and allows for session isolation. No obvious hardcoded secrets or malicious patterns were found. Code quality exceptions are well-documented and justified.
Updated: 2026-01-17GitHub
45
54
Medium Cost
gleanwork icon

mcp-server

by gleanwork

Sec8

The Glean MCP Server facilitates integration between AI clients (like LLMs or coding assistants) and Glean's enterprise knowledge base, providing tools for company search, people profile search, chat with Glean AI, and document retrieval.

Setup Requirements

  • ⚠️Requires `mise` for environment setup (Node.js and pnpm).
  • ⚠️Mandatory environment variables: `GLEAN_INSTANCE` and `GLEAN_API_TOKEN` for authentication with the Glean API.
  • ⚠️Recommended to use Glean's remote MCP server for better performance and updates, indicating this local server is primarily for experimental/testing use.
Verified SafeView Analysis
The server uses environment variables for sensitive API tokens (GLEAN_API_TOKEN), which is a good practice. Input validation for tool arguments is enforced using Zod schemas, significantly mitigating injection risks. Communication is via stdio, reducing external network attack surface. Docker deployment options suggest good security practices like dropping privileges and read-only filesystems. A direct `fetch` is used in `read_documents.ts` (noted as a workaround for an SDK bug) for Glean API calls, manually constructing headers, but the values for `Authorization` and `X-Glean-ActAs` still originate from controlled environment variables, so no immediate user-controlled injection is apparent. The `open` utility is used to display launch warnings, but the URLs are hardcoded to a Glean-controlled domain and package version, minimizing the risk of opening arbitrary malicious links.
Updated: 2026-01-15GitHub
45
16
High Cost
pwno-io icon

treesitter-mcp

by pwno-io

Sec8

Provides a Model Context Protocol (MCP) server and CLI for static code analysis using Tree-sitter.

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️Critical dependency inconsistency: `pyproject.toml` specifies `tree-sitter>=0.22.0`, but `docs/ARCHITECTURE.md` explicitly warns that newer versions of Tree-sitter (beyond 0.21.3) introduced breaking API changes which the code relies on. This discrepancy is likely to cause installation or runtime failures due to incompatible `tree-sitter` core or language bindings.
  • ⚠️Installing directly with `uv pip install treesitter-mcp` (or similar for other package managers) is recommended as the project includes multiple `tree-sitter-<language>` bindings.
Verified SafeView Analysis
The `treesitter_run_query` tool allows executing arbitrary Tree-sitter queries provided by the user. While Tree-sitter queries do not allow arbitrary code execution, a complex or resource-intensive query could potentially be used for a Denial-of-Service (DoS) attack by consuming excessive CPU or memory. File path handling for input and output files uses standard Python `os.path` functions (`abspath`, `expanduser`) and writes results to specified `output_file` paths, potentially overwriting existing files. No explicit hardcoded secrets or malicious patterns were found.
Updated: 2026-01-14GitHub
45
44
Medium Cost
yuna0x0 icon

hackmd-mcp

by yuna0x0

Sec7

The server provides an interface for LLM clients to access and manage HackMD notes, teams, user profiles, and reading history through the HackMD API.

Setup Requirements

  • ⚠️Requires a personal HackMD API Token, which must be created and securely provided.
  • ⚠️Requires Node.js 18+ to run.
  • ⚠️If self-hosting via HTTP transport, the endpoint must be secured by the user to prevent unauthorized access to your HackMD API token.
Verified SafeView Analysis
The server handles sensitive HackMD API tokens via environment variables or HTTP headers. It includes a feature to restrict allowed HackMD API URLs, which is a good security practice. However, if self-hosting the HTTP transport with a pre-configured token, the README explicitly warns that the endpoint must be protected with authentication, otherwise anyone can access the server using the configured token. There is also a point where base64-encoded config from query parameters is JSON parsed, which, while mitigated by subsequent schema validation, could potentially be a vector for malformed data attacks if not robustly handled by the underlying MCP SDK.
Updated: 2025-11-28GitHub
45
61
High Cost
gradion-ai icon

ipybox

by gradion-ai

Sec8

A Python code execution sandbox for AI agents to programmatically interact with MCP tools and execute code actions in a stateful, sandboxed environment.

Setup Requirements

  • ⚠️Requires `@anthropic-ai/sandbox-runtime` (npm package) for full sandboxing features, along with system dependencies (e.g., `ripgrep`, `bubblewrap`).
  • ⚠️Sandboxing with `sandbox-runtime` is primarily supported on macOS; Linux/Windows users must run without sandboxing or use Docker, implying higher security risk if not properly contained.
  • ⚠️Secrets like API keys (e.g., `GITHUB_API_KEY`, `BRAVE_API_KEY`) must be provided via environment variables or a `.env` file.
Verified SafeView Analysis
The server is explicitly designed to execute untrusted Python code. It provides strong mitigation through Anthropic's `sandbox-runtime` for kernel isolation (filesystem and network control) and mandates application-level approval for all MCP tool calls. However, `sandbox-runtime` currently has platform limitations (primarily macOS support), and running `ipybox` without sandboxing (an available option, though warned against) carries significant security risks, as it would execute arbitrary code directly on the host machine. Docker containerization is suggested for Linux/Windows to mitigate this.
Updated: 2026-01-19GitHub
45
48
Medium Cost
WhenMoon-afk icon

claude-memory-mcp

by WhenMoon-afk

Sec9

Provides local, persistent, and searchable memory for AI assistants like Claude Desktop, enabling them to store and recall information efficiently.

Setup Requirements

  • ⚠️Requires Node.js 18+ to be installed on the host machine.
  • ⚠️Initial startup may be slow (30+ seconds) if using the `npx github:` method for the first time, as it downloads and installs dependencies.
  • ⚠️For Windows, using the `npx github:whenmoon-afk/claude-memory-mcp` command might require wrapping it in `cmd /c` or providing the full path to `npx.cmd` in some environments, as documented in the README.
Verified SafeView Analysis
The server is designed for local-first operation, primarily interacting with a SQLite database. SQL interactions use prepared statements, mitigating SQL injection risks. There are no instances of `eval` or explicit code obfuscation. Cloud synchronization (via `cloud.ts`) is an opt-in feature, handling API keys through environment variables or a dedicated config file, and communicating with a specified external API endpoint. The external API endpoint itself (Convex.site) should be trusted by the user for cloud sync to be used. Overall, the security practices appear solid for its intended use.
Updated: 2026-01-18GitHub
45
46
High Cost
VictoriaMetrics-Community icon

mcp-victorialogs

by VictoriaMetrics-Community

Sec8

The Model Context Protocol (MCP) server for VictoriaLogs provides an interface for AI clients to interact with VictoriaLogs APIs and documentation, enabling querying logs, exploring data, viewing instance parameters, and accessing log statistics.

Setup Requirements

  • ⚠️Requires an existing VictoriaLogs instance (single-node or cluster) to connect to.
  • ⚠️Go 1.24+ is required if building from source.
  • ⚠️Proper configuration of `VL_INSTANCE_ENTRYPOINT` and `VL_INSTANCE_BEARER_TOKEN` environment variables is critical for functionality and security.
Verified SafeView Analysis
The server is written in Go, which reduces common security vulnerabilities found in less type-safe or dynamic languages. It uses environment variables for sensitive configuration like `VL_INSTANCE_BEARER_TOKEN`, which is good practice. HTTP requests to the VictoriaLogs instance are constructed using `net/url.Query().Add()`, which properly URL-encodes parameters, mitigating injection risks. Custom HTTP headers are handled after explicit `Authorization` headers, preventing accidental overrides of the primary authentication token. The main security consideration lies in the configuration of the upstream VictoriaLogs instance; if not properly secured with access controls (e.g., via vmauth), broad or resource-intensive queries issued through this MCP server could pose risks to the backend. The MCP server itself appears to follow good security practices within its scope.
Updated: 2026-01-14GitHub
45
76
High Cost
kopfrechner icon

gitlab-mr-mcp

by kopfrechner

Sec8

Enables AI agents to programmatically interact with GitLab merge requests and issues via the Model Context Protocol.

Setup Requirements

  • ⚠️Requires Node.js runtime
  • ⚠️Requires a GitLab Access Token with 'api' or 'read_api' scopes for full functionality
  • ⚠️Requires the GitLab instance host to be configured
Verified SafeView Analysis
The server uses environment variables for sensitive GitLab API tokens, which is good practice. No 'eval' or direct command injection through 'exec' (which is imported but not used with user input) is present. The primary security consideration is the scope and permissions of the GitLab access token provided to the server, as it grants programmatic access to GitLab resources. Ensure the token has only the necessary permissions.
Updated: 2026-01-07GitHub
45
37
Medium Cost
mapbox icon
Sec9

Provides AI assistants with direct programmatic access to Mapbox developer APIs, enabling efficient interaction with Mapbox services for application development and resource management.

Setup Requirements

  • ⚠️Requires a Mapbox Access Token (`MAPBOX_ACCESS_TOKEN` environment variable) with appropriate scopes for different operations (e.g., `styles:read`, `styles:write`, `tokens:read`).
  • ⚠️Requires Node.js and npm/npx installed to build and run the server locally.
  • ⚠️The server makes external API calls to Mapbox services, which may incur costs and require network access.
Verified SafeView Analysis
The server correctly handles Mapbox Access Tokens by expecting them via environment variables or authentication context, not hardcoding them. It includes robust input validation using Zod schemas for all tools and performs checks for valid JWT token format. API interactions include error handling for network issues and specific Mapbox API error messages, including scope/permission errors. It does not use 'eval' or similar dangerous functions. The use of external UI resources and static images is managed, but like any external dependency, should be monitored.
Updated: 2026-01-15GitHub
45
5
Medium Cost
mitchchristow icon

unity-mcp

by mitchchristow

Sec8

Enables an AI assistant to directly control and interact with the Unity Editor for game development tasks.

Setup Requirements

  • ⚠️Requires Node.js 18+ installed.
  • ⚠️Requires the Unity Editor to be running with the `org.christowm.unity.mcp` package installed and its internal HTTP/WebSocket servers active on ports 17890/17891.
  • ⚠️Antigravity IDE requires global MCP configuration using absolute paths to the `gateway/index.js` file, not project-specific or relative paths.
Verified SafeView Analysis
The Node.js gateway acts as a local proxy between the IDE and the Unity Editor. It connects to the Unity Editor's RPC server and WebSocket server, both hardcoded to localhost (127.0.0.1:17890 for HTTP RPC, 127.0.0.1:17891 for WebSocket events). This local-only network interaction significantly reduces external attack surface. No 'eval' or direct execution of arbitrary code from user input is observed in the provided gateway code. Tool inputs are defined via schemas, and parameters are mapped to specific Unity RPC methods, limiting arbitrary command injection on the Node.js side. The primary security considerations would be the robustness and input sanitization of the Unity Editor's internal MCP server implementation (not provided in this source code).
Updated: 2025-12-07GitHub
45
27
Medium Cost
the-momentum icon

python-ai-kit

by the-momentum

Sec9

A Model Context Protocol (MCP) server built with FastMCP for integrating AI assistants with external data sources and tools, providing a structured way for agents to access custom functionalities.

Setup Requirements

  • ⚠️Requires API key for LLM provider (e.g., OpenAI, Anthropic) if the MCP tools or integrated agents use LLMs.
  • ⚠️Requires Python 3.12+.
  • ⚠️Uses `uv` for dependency management.
Verified SafeView Analysis
The project demonstrates strong security practices, including the use of Pydantic SecretStr for sensitive configurations and Fernet encryption scripts for API keys. It employs HMAC for secure token generation in SQLAdmin. No 'eval' or obvious hardcoded secrets were found in the provided source. The primary security consideration for the MCP server is proper deployment and access control if exposed to public networks, as its core function is to expose tools.
Updated: 2025-12-11GitHub
45
51
Low Cost
hostinger icon

api-mcp-server

by hostinger

Sec8

The Model Context Protocol (MCP) server enables AI models to interact with Hostinger API services for hosting, domain management, billing, email marketing, and VPS management.

Setup Requirements

  • ⚠️Requires Node.js version 24 or higher.
  • ⚠️Requires `API_TOKEN` environment variable for authentication with Hostinger API.
  • ⚠️File-based deployment tools (e.g., WordPress import, plugin/theme deploy, JS/Static app deploy) require local file system access, meaning the server must run in an environment where it can access these specified local files.
Verified SafeView Analysis
The server correctly uses environment variables for API authentication (API_TOKEN) and avoids hardcoding sensitive information. It utilizes standard libraries like Axios for HTTP requests and tus-js-client for file uploads, which generally follow secure practices. Custom tools handle local file paths for deployment operations; while file system access is a potential attack vector, the current implementation focuses on reading files for upload rather than executing arbitrary commands based on user-provided paths, and includes basic file existence and format validation. There are no obvious `eval` or direct arbitrary command execution patterns in the runtime server logic.
Updated: 2026-01-13GitHub
PreviousPage 69 of 760Next