Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(7632)

100
2522
Medium Cost
Jpisnice icon
Sec4

Provides AI assistants with comprehensive access to shadcn/ui v4 components, blocks, demos, and metadata across React, Svelte, Vue, and React Native for enhanced development workflows.

Setup Requirements

  • ⚠️Requires GitHub Personal Access Token for reliable performance and to avoid aggressive API rate limits (60 requests/hour without, 5000/hour with).
  • ⚠️Requires Node.js 18+.
  • ⚠️Requires external network access to GitHub repositories to fetch component data and themes.
Review RequiredView Analysis
The server uses `new Function()` in `src/tools/tweakcn/fetch-presets.ts` to parse JavaScript content fetched from a remote GitHub raw URL (`jnsahaj/tweakcn`). While the intent is to parse an exported object, executing code from an external source via `new Function()` is a significant security risk. A compromise of the remote repository could allow arbitrary code execution within the server's environment. Additionally, network calls to GitHub APIs (api.github.com, raw.githubusercontent.com) are central to its operation, necessitating caution regarding data integrity and rate limits. No explicit hardcoded secrets were found, as API keys are managed via environment variables or CLI arguments. Input parameters are validated using Joi schemas.
Updated: 2025-12-10GitHub
100
2583
Medium Cost
Goldziher icon

kreuzberg

by Goldziher

Sec7

High-performance document intelligence to extract text, metadata, and structured information from various formats (PDFs, Office documents, images, etc.), powered by a Rust core for native performance.

Setup Requirements

  • ⚠️Requires installation of external system dependencies like Tesseract (for advanced OCR) and LibreOffice (for Office document conversions) for full functionality.
  • ⚠️Optimal performance for OCR with EasyOCR/PaddleOCR may require GPU setup and compatible drivers/libraries.
  • ⚠️Requires a Python 3.8+ environment (specific versions for bindings) with additional Python dependencies for various features and OCR backends.
Verified SafeView Analysis
The project extensively uses Rust for its core, which enhances memory safety. It incorporates explicit security limits (e.g., `crates/kreuzberg/src/extractors/security.rs`) to mitigate risks like zip bombs or entity expansion when processing untrusted files. However, it relies on multiple external system dependencies (e.g., Tesseract, LibreOffice, Pandoc) for specific functionalities (OCR, Office conversions, markdown parsing). These external tools process untrusted input and can introduce vulnerabilities if not properly secured or sandboxed. The Micro-service Communication Protocol (MCP) and HTTP API (`kreuzberg serve`) are designed for local or controlled network access, but like any server, improper exposure could lead to risks. The `eval` usage found is restricted to safe Python literal evaluation (`ast.literal_eval`) within internal utility functions, not arbitrary user input.
Updated: 2025-12-13GitHub
100
7443
Medium Cost
xpzouying icon

xiaohongshu-mcp

by xpzouying

Sec2

Automate content publishing, searching, and interactions on Xiaohonghu (RedNote) platform via an HTTP API and Model Context Protocol (MCP) integration.

Setup Requirements

  • ⚠️Requires manual QR code scan for initial login and potentially for re-login if cookies expire or are deleted.
  • ⚠️Relies on a headless Chromium/Chrome browser binary which is automatically downloaded (approx. 150MB) on first run, requiring a stable internet connection.
  • ⚠️Windows users may encounter a 'virus' false positive from Windows Defender, requiring manual exclusion of the binary's temporary directory.
Review RequiredView Analysis
CRITICAL: The server exposes endpoints (e.g., /api/v1/publish, /api/v1/publish_video) that accept local file paths for images and videos. This allows an unauthenticated user to read and upload arbitrary files from the host system where the server is running. This is compounded by the CORS middleware setting 'Access-Control-Allow-Origin: *' and the apparent lack of API key or token-based authentication for its HTTP and MCP endpoints. This combination presents a severe remote arbitrary file read/upload and potential code execution vulnerability if exposed publicly. Stack traces may also be logged on panics, disclosing internal paths.
Updated: 2025-12-14GitHub
100
1664
High Cost
agentset-ai icon

agentset

by agentset-ai

Sec9

An open-source platform for building, evaluating, and deploying production-ready RAG (Retrieval Augmented Generation) and agentic AI applications.

Setup Requirements

  • ⚠️Requires API Keys for chosen LLM, Embedding Model, and Vector Database providers (e.g., OpenAI, Pinecone, Cohere) for core RAG functionality.
  • ⚠️Requires PostgreSQL database and Redis instance for data storage and caching.
  • ⚠️Uses Bun runtime for local development and build scripts.
Verified SafeView Analysis
The project demonstrates robust security practices for a modern web application, including: extensive use of environment variables for sensitive configurations (API keys, database credentials, secrets), proper authentication/authorization mechanisms (BetterAuth, custom API keys, session management), and rate limiting. There are no obvious signs of code obfuscation or direct 'eval' usage. The `API_JWT_SECRET = "dev"` in the Supavisor tooling is acceptable for local development/testing and not a production vulnerability.
Updated: 2025-12-12GitHub
100
3630
Medium Cost
CursorTouch icon

Windows-MCP

by CursorTouch

Sec2

Enables AI agents (LLMs) to interact with and automate tasks on the Windows operating system, including UI interaction, file navigation, application control, and QA testing.

Setup Requirements

  • ⚠️Requires Python 3.13+
  • ⚠️Requires UV package manager for installation and execution
  • ⚠️English as the default Windows language is highly preferred for `App-Tool`
  • ⚠️Strongly recommended to run in virtual machines or sandboxed environments due to direct system access and potential for destructive actions.
Review RequiredView Analysis
This MCP server has CRITICAL security risks. It is designed to interact directly with the Windows operating system without sandboxing, and many of its tools can perform irreversible and destructive actions. The `Powershell-Tool` allows arbitrary command execution, providing full system control up to the user's permissions. Tools like `Click-Tool`, `Type-Tool`, `Drag-Tool`, and `Shortcut-Tool` can trigger destructive UI actions, delete files, overwrite data, or modify system configurations. The `State-Tool` can capture screenshots that may contain sensitive information. The project's own `SECURITY.md` issues a 'CRITICAL WARNING' and strongly recommends deployment only in virtual machines or sandboxed environments.
Updated: 2025-12-13GitHub
100
1975
Medium Cost
grafana icon

mcp-grafana

by grafana

Sec8

Provides a Model Context Protocol (MCP) server to allow AI assistants to interact with Grafana instances and its integrated ecosystem for monitoring, observability, and incident management.

Setup Requirements

  • ⚠️Requires Grafana version 9.0 or later for full functionality.
  • ⚠️Specific Grafana RBAC permissions (e.g., `datasources:query`, `dashboards:read`) must be configured for the service account or user accessing the MCP server.
  • ⚠️Grafana OnCall API URL must be correctly configured in Grafana settings for OnCall tools to function.
Verified SafeView Analysis
The server's security heavily relies on proper Grafana RBAC configuration for the service account or user. It explicitly warns about this dependency. No direct 'eval' or obfuscation is present. Request proxying to various datasources means the MCP server needs appropriate permissions for all connected services. Authentication details are handled via environment variables or HTTP headers, which is a good practice.
Updated: 2025-12-12GitHub
100
5072
Medium Cost
wonderwhy-er icon

DesktopCommanderMCP

by wonderwhy-er

Sec6

An AI development tool for searching, updating, managing files, running terminal commands, and analyzing data on a local desktop environment.

Setup Requirements

  • ⚠️Requires Node.js v18+ (though an installer script can handle this on macOS).
  • ⚠️Requires `ripgrep` binary for enhanced search functionality, which may need manual installation if `npm postinstall` fails.
  • ⚠️File system access is restricted by `allowedDirectories` (defaults to the user's home directory), which may need to be explicitly configured for project folders.
  • ⚠️PDF image extraction depends on the `sharp` library, which can sometimes require system build tools to compile during installation.
Verified SafeView Analysis
The server enables execution of arbitrary Node.js code (via `node:local` tool) and general shell commands, and can fetch content from arbitrary URLs. While robust path validation (`allowedDirectories`) and a list of `blockedCommands` are implemented to mitigate risks, a compromised or malicious LLM could still potentially misuse these powerful capabilities for local system compromise or data exfiltration. Telemetry data is collected, but the server states that it is sanitized, configurable, and can be opted out of.
Updated: 2025-12-12GitHub
100
1079
High Cost
PaperDebugger icon

paperdebugger

by PaperDebugger

Sec8

An AI-powered academic writing assistant that helps researchers debug and improve their LaTeX papers with intelligent suggestions and seamless Overleaf integration, using a multi-agent orchestration engine.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid) or PaperDebugger's own API key for LLM functionality.
  • ⚠️Requires Go 1.24+, Node.js LTS, MongoDB 4.4+ (Docker recommended), Git, Buf, Wire, and Make for development setup.
  • ⚠️Advanced features like 'research-mode agents' require an additional, currently closed-source XtraMCP backend.
  • ⚠️Users must manually grant host permissions for their Overleaf domain to enable the extension's functionality.
Verified SafeView Analysis
The project uses standard security practices like JWT-based authentication with refresh tokens, and environment variables for API keys and sensitive configurations. Google and Overleaf OAuth are used for login, which is standard. Client-side handling of OAuth callbacks and host permission requests for browser extensions demonstrates awareness of browser security models. The project integrates deeply with Overleaf by accessing session cookies and CSRF tokens, a necessary but sensitive operation that requires user trust. Advanced features rely on a closed-source XtraMCP backend, which introduces a dependency that cannot be audited by the public, but it is indicated as optional for core functionality.
Updated: 2025-12-14GitHub
100
8308
Medium Cost
D4Vinci icon

Scrapling

by D4Vinci

Sec8

Provides an adaptive web scraping server for AI chatbots/agents, enabling efficient data extraction from dynamic and anti-bot protected websites with pre-filtered content.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Requires installing 'scrapling[ai]' Python package.
  • ⚠️Requires installing browser dependencies and drivers via 'scrapling install' (or using the Docker image).
  • ⚠️Requires manual configuration within the AI chatbot's settings (e.g., Claude Desktop, Claude Code) to register the MCP server endpoint.
Verified SafeView Analysis
The Scrapling MCP Server is built on a robust web scraping library designed to handle untrusted web content. It utilizes well-vetted libraries like `lxml`, `cssselect`, `curl_cffi`, `playwright`, and `camoufox` for parsing and fetching. Explicit measures are taken to prevent common vulnerabilities (e.g., disallowing pickling of Selector objects, using `orjson` for safer JSON handling). The project follows good development practices including extensive type hinting and pre-commit hooks for linting and security (ruff, bandit). While user-provided CSS/XPath selectors and URLs are processed directly, the underlying parsing engines are not known for arbitrary code execution vulnerabilities through these inputs. The primary 'risk' is inherent to web scraping (interacting with external websites) but the implementation appears solid in mitigating common software vulnerabilities.
Updated: 2025-12-09GitHub
100
21145
Low Cost
jlowin icon

fastmcp

by jlowin

Sec9

An ergonomic interface and framework for building, connecting, and managing Model Context Protocol (MCP) servers and clients, offering features like tool-use, resource access, prompt rendering, authentication, and background task management.

Setup Requirements

  • ⚠️Python 3.9+ is likely required due to modern typing features, Pydantic 2.x, and AnyIO.
  • ⚠️The 'uv' command-line tool (from Astral.sh) is required for `UVEnvironment` configurations or `UvStdioTransport`.
  • ⚠️Node.js and 'npx' command-line tools may be required if using `NodeStdioTransport` or `NpxStdioTransport`.
  • ⚠️For authentication features (e.g., `OAuthProxy`), configuration with an external OAuth/OIDC provider (e.g., Google, GitHub, Auth0) is necessary. Client-side OAuth flows typically involve browser interaction.
  • ⚠️Integration with Large Language Models (LLMs) via sampling handlers (e.g., OpenAI) will incur token costs specific to the LLM provider.
Verified SafeView Analysis
The project is a framework designed for building MCP servers and clients. It implements several security best practices, including Content Security Policy (CSP) and X-Frame-Options for OAuth callback pages, `SecretStr` for sensitive environment variables (e.g., API keys), and robust cryptographic primitives for JWT handling (e.g., HKDF, PBKDF2HMAC). The use of `subprocess.run` and `importlib.util.spec_from_file_location` is for intended functionality (stdio transports, dynamic server loading) but implies trust in the source code being loaded. No direct `eval` or intentional obfuscation was found. The overall security depends heavily on how developers utilize the framework and the code they deploy within it, but the framework itself provides strong foundations.
Updated: 2025-12-14GitHub
100
162613
Medium Cost
n8n-io icon

n8n

by n8n-io

Sec8

n8n is a workflow automation platform enabling technical teams to build powerful automations with a mix of no-code and custom code, offering extensive integrations and AI capabilities while maintaining data control.

Setup Requirements

  • ⚠️Requires Node.js >=22.16 and pnpm >=10.22.0 (npm installs are actively blocked). Use 'corepack enable' then 'corepack prepare --activate'.
  • ⚠️Certain advanced or 'Enterprise Edition' ('.ee' files) features require a valid n8n Enterprise License.
  • ⚠️Depending on the AI nodes used (e.g., for LangChain integrations), external API keys (e.g., OpenAI, Anthropic) or local LLM installations (e.g., Ollama) may be required.
  • ⚠️Building from source requires system development tools like Python and C/C++ compilers (e.g., 'build-essential' on Debian/Ubuntu, 'windows-build-tools' on Windows) for some native dependencies.
Verified SafeView Analysis
N8n is designed to execute user-provided JavaScript and Python code within its workflows. To mitigate the inherent risks, it employs dedicated 'task runners' that operate in a sandboxed environment. These runners include strict security measures like module allowlists/blocklists, explicit disabling of code generation from strings (similar to 'eval') in JavaScript, and comprehensive import/attribute access validation in Python. While the platform's core functionality involves running arbitrary code, these robust sandboxing efforts significantly reduce the attack surface. No obvious malicious patterns were detected in the provided source code snippets.
Updated: 2025-12-14GitHub
100
1224
High Cost
withRefresh icon

web-eval-agent

by withRefresh

Sec2

Autonomously evaluates web applications for UX/UI issues using a browser-driving AI agent, providing detailed reports and live browser view from within an IDE.

Setup Requirements

  • ⚠️Requires Operative API Key (may require paid subscription if free tier limits are reached).
  • ⚠️Requires `uv` (a Python package installer/manager) to be installed.
  • ⚠️Requires Playwright and its browser dependencies (e.g., Chromium) to be installed via `npm` and `uvx`.
  • ⚠️Designed for integration into specific IDEs (Cursor/Cline/Windsurf) via JSON configuration.
Review RequiredView Analysis
Multiple critical security vulnerabilities exist: 1. Cross-Origin Resource Sharing (CORS) is explicitly set to `*` for the Flask-SocketIO server (`cors_allowed_origins='*'`), allowing any website to connect to the local server running on `127.0.0.1:5009`. This allows a malicious website visited by the agent to send arbitrary `agent_control` or `browser_input` events, potentially taking full control of the agent's actions (clicks, keypresses, pause/stop). 2. The browser is launched with `BrowserConfig(disable_security=True)` when using `browser-use` library (`browser_utils.py`), and `launch_persistent_context` is launched with `--no-sandbox` argument (`tool_handlers.py`). Disabling browser security and running without a sandbox exposes the host system to significant risks if the agent navigates to a malicious or compromised web application. 3. A hardcoded, weak `SECRET_KEY` ('secret!') is used for Flask sessions in `log_server.py`, making session-based attacks trivial. 4. Suppressing `stdout` and `stderr` in `log_server.py` hinders auditing and makes it harder to detect anomalous behavior.
Updated: 2025-12-06GitHub
PreviousPage 7 of 636Next