Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

100
1989
High Cost
cyberagiinc icon

DevDocs

by cyberagiinc

Sec8

DevDocs is a web crawling and content extraction platform designed to accelerate software development by converting documentation into LLM-ready formats for intelligent data querying and fine-tuning.

Setup Requirements

  • ⚠️Requires Docker installed and running on your system.
  • ⚠️Relies on the `Crawl4AI` service, provided as a Docker image.
  • ⚠️Requires careful environment variable configuration, especially `NEXT_PUBLIC_BACKEND_URL` and `CRAWL4AI_API_TOKEN`, for non-default or production deployments.
Verified SafeView Analysis
The server includes robust path traversal prevention for file content access. However, a default demo API key for Crawl4AI is hardcoded, which should be replaced in production environments. The use of `execPromise` to run shell scripts from an API endpoint (`/api/debug`) is present, but it's specifically for a contained debug script (`debug_crawl4ai.sh`), which reduces immediate risk within a self-hosted development context. The MCP server is executed with write access to `/app/storage/markdown`, making its integrity critical.
Updated: 2025-12-11GitHub
100
13337
High Cost
triggerdotdev icon

trigger.dev

by triggerdotdev

Sec9

A platform for building and executing reliable, scalable background tasks and complex workflows, supporting various runtimes (Node.js, Python, Bun), including advanced AI agent orchestration, event-driven processing, and real-time data handling.

Setup Requirements

  • ⚠️Requires OpenAI/Anthropic API Keys (Paid) for AI features.
  • ⚠️Requires Docker/Kubernetes, pnpm, and uv (Python environment manager) for local development and self-hosting.
  • ⚠️Requires PostgreSQL and Redis for local data storage and messaging infrastructure.
  • ⚠️Slack app setup (token, channel ID) is necessary for approval workflows.
Verified SafeView Analysis
Strong focus on environment variables for secrets, robust authentication/authorization with JWTs/API Keys/MFA. Critical AI-generated SQL/code execution is mitigated by explicit approval steps (Slack) or sandboxing (@e2b/code-interpreter). Uses child processes for system commands and browser automation (lightpanda, playwright), which require secure build/runtime environments. File uploads have size limits and would require further content validation in production. Proper network segmentation and access control are crucial for deployment.
Updated: 2026-01-19GitHub
100
5420
Medium Cost
Goldziher icon

kreuzberg

by Goldziher

Sec8

Extracts text, tables, images, and metadata from a wide range of document formats (PDF, Office, images, HTML, etc.), with support for multiple OCR backends and an extensible plugin system. Can be run as a Micro-Agent Communication Protocol (MCP) server.

Setup Requirements

  • ⚠️Requires Python 3.10+ (for Python bindings)
  • ⚠️Requires optional ONNX Runtime (for embeddings support)
  • ⚠️Requires optional Tesseract OCR (for OCR functionality)
  • ⚠️Requires optional LibreOffice installation (for older Office document formats like .doc, .xls, .ppt)
  • ⚠️Requires proper native FFI library setup (platform-specific environment variables like LD_LIBRARY_PATH/DYLD_LIBRARY_PATH or PATH)
  • ⚠️Cloudflare Workers target has a ~500KB document size limit and does not support Office documents (due to lack of LibreOffice).
Verified SafeView Analysis
The server processes untrusted external input (documents) and relies on FFI bindings to a Rust core, as well as external tools like LibreOffice and Tesseract. The codebase demonstrates strong awareness of security concerns, including explicit validators for common vulnerabilities like zip bombs, XML entity expansion, and string growth limits. Input validation is performed before crossing FFI boundaries. However, as with any system handling arbitrary external data and exposing APIs (HTTP/MCP), full security depends on proper deployment, network hardening, and potentially additional access control layers by the user. Debug logging in some test files, while not production code, is noted.
Updated: 2026-01-19GitHub
100
8103
High Cost
xpzouying icon

xiaohongshu-mcp

by xpzouying

Sec7

Automate content creation, publishing, and interaction (search, detail, comment, like, favorite) on the Xiaohongshu platform via Model Context Protocol (MCP) and HTTP APIs, primarily for AI agent integration.

Setup Requirements

  • ⚠️Requires manual browser-based login and QR code scanning on first use.
  • ⚠️Automatically downloads a ~150MB headless browser on first run, requiring a stable internet connection.
  • ⚠️Cannot log in the same Xiaohongshu account on multiple web platforms simultaneously.
  • ⚠️For Docker deployments, local image/video paths (e.g., `./images`) must be mapped to `/app/images` inside the container for publishing operations.
Verified SafeView Analysis
The service uses `go-rod` for browser automation, which inherently involves rendering external web content and poses risks related to browser vulnerabilities (e.g., zero-days) if exploited. It explicitly mentions being for 'learning purposes only' and prohibiting 'illegal activities'. CORS is set to `*`, which is a common setup for local development/integration but less secure for public-facing deployments. File system operations for cookies and downloaded images are standard for this type of tool but require host system security. Panic recovery is implemented for MCP tool handlers. The image downloader attempts basic file type detection but could still be a vector for malicious content if not carefully managed by the user. The `xsec_token` is passed as a string, its security depends on the underlying Xiaohongshu platform and how it's handled in the `xiaohongshu` package (which is truncated).
Updated: 2026-01-17GitHub
100
1795
High Cost
agentset-ai icon

agentset

by agentset-ai

Sec9

Agentset is an open-source platform providing end-to-end tooling for building, evaluating, and deploying production-ready Retrieval-Augmented Generation (RAG) and agentic AI applications, including ingestion, vector indexing, evaluation, chat playground, hosting, and a developer-friendly API.

Setup Requirements

  • ⚠️Requires 'bun' package manager.
  • ⚠️Requires a PostgreSQL database (Prisma).
  • ⚠️Requires external services like Redis (Upstash), Resend (for emails), Stripe (for billing), and Trigger.dev (for background jobs).
  • ⚠️Requires configuration of specific LLM, embedding, and vector store providers, each potentially needing their own API keys and credentials (e.g., OpenAI, Pinecone, Azure, Cohere, Google, Zeroentropy, Turbopuffer, S3).
Verified SafeView Analysis
The project uses `@t3-oss/env-nextjs` for environment variable validation, promoting secure handling of secrets. Authentication is handled by `better-auth`, and API handlers include rate limiting. Vercel API interactions rely on environment variables. No obvious 'eval' or obfuscation found in the truncated code. General practices appear robust, but full code review would be needed for absolute certainty.
Updated: 2026-01-19GitHub
100
3968
Medium Cost
CursorTouch icon

Windows-MCP

by CursorTouch

Sec1

This MCP server enables AI agents to directly interact with the Windows operating system, performing tasks such as file navigation, application control, UI interaction, and QA testing.

Setup Requirements

  • ⚠️Requires Python 3.13+.
  • ⚠️Requires the 'uv' package manager (from Astral) for easy installation and execution.
  • ⚠️Prefers Windows with 'English' as the default language, otherwise the 'App-Tool' might need to be disabled.
Review RequiredView Analysis
The `Powershell-Tool` directly executes arbitrary PowerShell commands via `subprocess.run(command, shell=True)`. This is a critical security vulnerability, as it allows any compromised AI agent using this server to execute arbitrary code on the host machine with the user's privileges. Additionally, anonymized telemetry data is sent to PostHog by default, with a hardcoded API key, raising privacy concerns. The extensive UI automation capabilities, while core to its function, also present a significant risk if exploited maliciously.
Updated: 2026-01-19GitHub
100
2131
Medium Cost
grafana icon

mcp-grafana

by grafana

Sec9

Provides a Model Context Protocol (MCP) server for Grafana, enabling AI agents to interact with Grafana features such as dashboards, datasources, alerting, incidents, and more through a structured tool-based interface.

Setup Requirements

  • ⚠️Requires Grafana version 9.0 or later for full functionality, particularly for datasource-related API endpoints.
  • ⚠️Authentication requires a Grafana service account token (preferred, using GRAFANA_SERVICE_ACCOUNT_TOKEN env var) or username/password; access will be limited without proper credentials.
  • ⚠️The 'get_panel_image' tool requires the Grafana Image Renderer service to be installed and configured separately.
Verified SafeView Analysis
The server demonstrates good security practices for an integration component. It reads authentication credentials (API keys, basic auth, access tokens) from environment variables, preventing hardcoding. Network communication with Grafana and its datasources is handled with TLS configuration options. Response bodies are read with limits to prevent memory exhaustion, and non-200 HTTP statuses are handled with error messages. No obvious 'eval' or obfuscation patterns were found. The 'disable-write' flag and RBAC guidance are crucial for secure deployments.
Updated: 2026-01-19GitHub
100
5278
Medium Cost
wonderwhy-er icon

DesktopCommanderMCP

by wonderwhy-er

Sec6

This server empowers AI agents to search, update, manage files, and execute terminal commands on a local or containerized desktop environment. It provides enhanced filesystem operations, process control, and data analysis capabilities with support for various file types like text, Excel, and PDF.

Setup Requirements

  • ⚠️Requires Node.js v18+ to run (installer can assist on macOS).
  • ⚠️Requires ripgrep for search functionality (auto-verified post-install, manual install instructions provided if missing).
  • ⚠️Requires Chrome or Chromium browser for PDF generation (will attempt to install via Puppeteer if not found, which can be a large download).
  • ⚠️Filesystem access is restricted by `allowedDirectories` configuration (defaults to user's home directory), which may need adjustment for specific project paths.
  • ⚠️When running in Docker without proper volume mounts, files and session data will be ephemeral (explicitly warned to the user).
  • ⚠️Large output from commands, file reads, or image encodings can lead to high token costs if not managed by the AI agent using pagination and truncation features.
Verified SafeView Analysis
The server's core functionality involves executing arbitrary shell commands (`start_process`) and Node.js code (`node:local`) on the host system, and performing extensive filesystem operations (`read_file`, `write_file`, etc.). While there are important built-in mitigations like command blocking (`blockedCommands` config) and path validation (`allowedDirectories` config defaulting to user's home directory), the inherent power of the tools means a compromised AI agent could potentially execute malicious commands or access/modify files outside intended scope if `allowedDirectories` is set permissively. The `node:local` tool, in particular, executes user-provided Node.js code via temporary files, which is safer than `eval` but still allows arbitrary code execution. Users are warned when setting `allowedDirectories` to an empty array, which grants full filesystem access. Network requests are used for fetching remote files and telemetry, with error sanitization for privacy.
Updated: 2026-01-19GitHub
100
1283
High Cost
PaperDebugger icon

paperdebugger

by PaperDebugger

Sec8

AI-powered academic writing assistant for debugging and improving research papers with intelligent suggestions and Overleaf integration, supporting multi-step reasoning and reviewer-style critique.

Setup Requirements

  • ⚠️Requires Go 1.24+ and Node.js (LTS).
  • ⚠️Requires a running MongoDB instance (Docker recommended for local setup).
  • ⚠️Requires various API keys for AI models (e.g., OpenAI API Key), OpenReview, CrossRef, and arXiv, which may incur costs and require external accounts.
  • ⚠️The full multi-agent orchestration features (`XtraMCP`) are currently closed-source and not available for self-hosting, limiting the feature set of a self-hosted instance to core chat and editing functionality.
Verified SafeView Analysis
The server uses JWT-based authentication with OAuth support (Google, Overleaf), which is a standard and generally secure practice. Development and staging scripts (`hack/*.sh`) use placeholder dummy values for API keys and credentials (`sk-dummy-`, `dummy-`), indicating that actual secrets are not hardcoded in the repository, but require users to replace them. The Chrome extension explicitly requests host permissions for Overleaf domains and allows users to add custom domains, ensuring transparency. No obvious malicious patterns, code obfuscation, or direct `eval` usage were found in the provided source.
Updated: 2026-01-19GitHub
100
8812
Low Cost
D4Vinci icon

Scrapling

by D4Vinci

Sec7

Provides adaptive web scraping capabilities to AI chatbots and agents, allowing them to fetch, parse, and extract targeted data from websites, including dynamic content and anti-bot protected sites.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Requires `scrapling install` to download browser dependencies (Playwright) and system dependencies, which can be a manual step or require specific tooling.
  • ⚠️Manual configuration of the MCP server (e.g., in Claude Desktop/Code's JSON config or via CLI) is needed for AI integration.
Verified SafeView Analysis
The MCP server is designed to fetch content from arbitrary URLs and process user-defined CSS/XPath selectors, which are inherent functions of a web scraping tool. While the underlying parsing (lxml, cssselect) and fetching (curl_cffi, Playwright) libraries are generally robust against direct code injection, exposing such an API, especially to an AI agent, introduces potential risks such as Server-Side Request Forgery (SSRF) if the server has internal network access and is not properly firewalled. Resource exhaustion could also occur with extremely complex selectors or very large pages. There are no clear indications of hardcoded secrets, `eval` of untrusted input, or other direct code vulnerabilities in the provided snippets. The primary security considerations are operational: proper deployment environment, network segmentation, and strong access controls/input validation at the AI agent level controlling the server.
Updated: 2026-01-19GitHub
100
22084
Low Cost
jlowin icon

fastmcp

by jlowin

Sec8

FastMCP is an ergonomic interface for the Model Context Protocol (MCP), providing a comprehensive framework for building and interacting with AI agents, tools, resources, and prompts across various transports and authentication methods.

Setup Requirements

  • ⚠️Requires Python 3.8+.
  • ⚠️Full background task execution features require 'docket' to be installed and potentially configured (e.g., with Redis).
  • ⚠️LLM API keys (e.g., OPENAI_API_KEY, ANTHROPIC_API_KEY) are required for using specific sampling handlers.
  • ⚠️Complex OAuth/OIDC authentication setups require careful configuration of client IDs, secrets, and redirect URIs.
Verified SafeView Analysis
The library implements robust security practices, including HTML escaping for XSS prevention, X-Frame-Options for clickjacking, and secure OAuth/OIDC flows. Sensitive data (e.g., tokens) are handled using Pydantic's SecretStr. The primary security risks stem from how developers use the framework, specifically exposing untrusted input to features like `StdioTransport` (arbitrary command execution) or file system resources without proper application-level validation and authorization. Developers must ensure that paths for local scripts/files are not user-controlled and that `StdioTransport` commands are predefined and safe.
Updated: 2026-01-19GitHub
100
169950
Medium Cost
n8n-io icon

n8n

by n8n-io

Sec9

AI-powered workflow automation platform, enabling users to build and run workflows using various integrations, with a focus on AI models and tools for task execution and conversational agents.

Setup Requirements

  • ⚠️Requires n8n Enterprise License for certain advanced features, such as syslog logging and potentially other AI capabilities.
  • ⚠️Requires Node.js version 22.16 or newer and pnpm version 10.2 or newer for development and local execution.
  • ⚠️Docker is extensively used for both development and production deployments, necessitating Docker installation.
  • ⚠️Integration with AI models (e.g., Anthropic, OpenAI, Google Gemini) typically requires API keys, which often correspond to paid services.
Verified SafeView Analysis
The server demonstrates strong security practices, particularly in sandboxing user-provided JavaScript and Python code using `node:vm` and AST analysis respectively. It explicitly blocks `npm install` in favor of `pnpm` to mitigate supply chain risks. Network communications support TLS/SSL, and sensitive data (like database passwords) can be loaded securely via `_FILE` environment variables. The codebase shows an awareness of various security concerns in dynamic execution environments.
Updated: 2026-01-19GitHub
PreviousPage 7 of 760Next