Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(7756)

44
8
Medium Cost
isakskogstad icon

Kolada-MCP

by isakskogstad

Sec9

Provides LLMs with direct access to Swedish municipal and regional statistics via the Kolada API, offering 5,000+ Key Performance Indicators for analysis.

Setup Requirements

  • ⚠️Requires Node.js runtime version 18.0.0 or higher.
  • ⚠️Relies on the external Kolada API (api.kolada.se/v3), requiring internet access for data retrieval.
  • ⚠️The remote server URL provided is configured for 'Open Access' (no authentication required) for all LLM clients.
Verified SafeView Analysis
The server demonstrates strong security awareness through its explicit security policy (SECURITY.md), automatic security scanning tools (CodeQL, GitGuardian, TruffleHog, Bearer SAST, Dependabot, npm audit), and adherence to best practices like environment variables for sensitive values and rate limiting. The use of `marked` for rendering the project's own `README.md` to HTML is considered safe as the source is trusted. The HTTP endpoints are explicitly open access, meaning no authentication is required by default for LLMs to connect, which is a design choice for accessibility rather than a vulnerability, but it broadens the attack surface for potential abuse if the upstream Kolada API were not secured.
Updated: 2025-12-09GitHub
44
40
Medium Cost
jlucaso1 icon

whatsapp-mcp-ts

by jlucaso1

Sec8

Connects a personal WhatsApp account to an AI agent, enabling the agent to search messages and contacts, list chats, retrieve message history, and send messages via WhatsApp.

Setup Requirements

  • ⚠️Requires Node.js version 23.10.0 or higher.
  • ⚠️Requires an initial manual WhatsApp QR code scan for authentication, which can be time-sensitive.
  • ⚠️Initial message history synchronization can take significant time depending on your WhatsApp history size.
  • ⚠️Specific configuration JSON is required for the AI client (e.g., Claude Desktop, Cursor) to launch and connect to the MCP server.
Verified SafeView Analysis
The server stores all WhatsApp authentication credentials and message history locally in a SQLite database and authentication cache, which is good for privacy from the server's perspective. It communicates with the AI client via standard input/output (stdio), avoiding direct network exposure to the outside for the MCP protocol itself. No 'eval' or other direct dangerous dynamic code execution patterns were found. The primary security considerations are the security of the local machine storing sensitive WhatsApp data and the trustworthiness of the connected AI agent that will access this data via MCP tools.
Updated: 2025-12-06GitHub
44
2
Low Cost
xiangweizeng icon

mcp-any-rest

by xiangweizeng

Sec2

An MCP (Micro-service Composition Protocol) server that dynamically configures and exposes APIs defined using ZML (ZenTao Markup Language), acting as an API gateway for ZenTao or similar APIs.

Setup Requirements

  • ⚠️Requires `config` directory (or specified via `--config-dir`) containing `config.json`, `modules.json`, and a `presets` subdirectory. These files are central to the server's configuration, including upstream API authentication details and module enablement.
  • ⚠️Requires `zml` directory (relative to config dir, or configurable) for ZML definition files: Dynamic modules are defined in `.zml` files located in this directory.
  • ⚠️Disables SSL certificate validation for all upstream API calls by default: All connections to upstream APIs will bypass SSL certificate checks, which is a significant security risk for production environments.
Review RequiredView Analysis
1. Critical: Web Configuration Server Lacks Authentication/Authorization: The /config endpoints exposed by WebServer in src/config/web.rs (e.g., /config, /config/presets, /config/modules, /config/server) do not appear to implement any authentication or authorization. This means anyone with network access to the server (default 127.0.0.1:8082) can read, modify, and delete all server configurations, including sensitive upstream API credentials, module enablement, and server settings, allowing arbitrary control over the gateway. 2. High: Disables SSL Certificate Validation: `danger_accept_invalid_certs(true)` is explicitly used in `reqwest` clients (`src/services/auth_service/auth_factory.rs`, `src/services/auth_service/unified_auth_service.rs`). This is a severe vulnerability as it allows for trivial man-in-the-middle attacks, compromising the confidentiality and integrity of communication with upstream APIs. This should never be enabled in production. 3. Sensitive Data in Configuration Files: Authentication credentials (tokens, API keys, usernames/passwords) can be stored directly in `config.json` or module configuration files. Without encryption at rest or secure access controls for these files, they are vulnerable to local compromise. 4. Error Message Disclosure: Login failure messages in `LoginAuthStrategyImpl` can expose internal details (`Login failed with status {}: {}`) potentially aiding attackers.
Updated: 2025-11-27GitHub
44
40
Medium Cost
aws-powertools icon

powertools-mcp

by aws-powertools

Sec9

This MCP server enables LLM agents to search and retrieve documentation and code examples for Powertools for AWS Lambda across multiple programming runtimes.

Setup Requirements

  • ⚠️Requires Node.js runtime (version 24+ recommended).
  • ⚠️Project is experimental; APIs and features may change frequently without notice.
  • ⚠️Requires write access to the configured cache path (defaults to system temp directory `/tmp/powertools-mcp`).
Verified SafeView Analysis
The server implements strict URL validation, restricting network requests to the `docs.aws.amazon.com` domain to prevent Server-Side Request Forgery (SSRF) vulnerabilities. All external fetches include a timeout. No `eval` or obvious obfuscation is present. All parameters are validated using Zod schemas. However, it is an experimental project, which might imply evolving security considerations.
Updated: 2025-12-12GitHub
44
7
Medium Cost
KSAklfszf921 icon

KOLADA-MCP

by KSAklfszf921

Sec9

Provides LLMs with access to over 5,000 Key Performance Indicators (KPIs) and statistical data for all Swedish municipalities and regions via the Kolada API.

Setup Requirements

  • ⚠️Requires Node.js runtime (>=18.0.0)
  • ⚠️Requires internet access to `api.kolada.se` for data retrieval
  • ⚠️While default setup is 'Open Access', deployment with `MCP_AUTH_TOKEN` requires manual configuration for authentication
Verified SafeView Analysis
The server demonstrates a strong security posture with automated scanning tools (CodeQL, GitGuardian, TruffleHog, Bearer SAST, Dependabot, npm audit), explicit avoidance of hardcoded secrets, and handling sensitive values via environment variables. It implements robust API client-side security measures like rate limiting, exponential backoff retries, and request timeouts. The provided `MCP_AUTH_TOKEN` in `render.yaml` suggests optional deployment-level authentication can be configured, though the public endpoints (`/mcp`, `/sse`) currently allow open access. No `eval` or obvious obfuscation was found in the provided source code.
Updated: 2025-12-09GitHub
44
46
Medium Cost
gradion-ai icon

ipybox

by gradion-ai

Sec5

Python code execution sandbox with programmatic MCP tool calling for agent integration.

Setup Requirements

  • ⚠️Requires Anthropic's `sandbox-runtime` for kernel isolation (npm install -g @anthropic-ai/sandbox-runtime@0.0.19). Specific system dependencies vary by OS (e.g., `ripgrep` on macOS, `bubblewrap`, `socat` on Linux).
  • ⚠️`sandbox-runtime` is fully supported on macOS; Docker containerization is recommended for Linux/Windows to achieve similar sandboxing.
  • ⚠️Python 3.11+ is required.
Verified SafeView Analysis
The server's core function is to execute arbitrary Python code generated by LLMs, which is an inherent security risk. It attempts to mitigate this by integrating Anthropic's `sandbox-runtime` for kernel isolation, restricting filesystem and network access (blocked internet access by default, local network to tool server allowed). However, `sandbox-runtime` currently has platform limitations (fully functional on macOS only, Linux support is a work in progress). Running the server without explicitly enabling sandboxing (`--sandbox`) or within a Docker container (which adds another layer of isolation) exposes the host system to the executed code. Environment variables for API keys are handled via placeholders like `${VAR_NAME}` for tool configurations, preventing hardcoding in the source but requiring secure management of these variables in the execution environment. Careful consideration of deployment environment (e.g., Docker) and sandbox configuration is critical for security.
Updated: 2025-12-13GitHub
44
37
High Cost
VictoriaMetrics-Community icon

mcp-victorialogs

by VictoriaMetrics-Community

Sec8

Provides a Model Context Protocol (MCP) server for VictoriaLogs, enabling AI clients to interact with VictoriaLogs APIs for querying logs, exploring data, and accessing documentation.

Setup Requirements

  • ⚠️Requires a running VictoriaLogs instance to connect to.
  • ⚠️Go 1.24 or higher is required if building from source.
  • ⚠️Critical environment variables (VL_INSTANCE_ENTRYPOINT, VL_INSTANCE_BEARER_TOKEN) must be correctly configured.
Verified SafeView Analysis
The server's security largely depends on the secure configuration of the VictoriaLogs instance it connects to. It requires `VL_INSTANCE_ENTRYPOINT` and `VL_INSTANCE_BEARER_TOKEN`, which must be managed securely to prevent unauthorized access to log data. Health and metrics endpoints are unauthenticated by default, which is common for monitoring but exposes basic service information. Input validation is implemented using Go's type assertions and regex patterns, reducing injection risks. The server does not use `eval` on user input or apparent obfuscation.
Updated: 2025-12-08GitHub
44
24
Medium Cost
linw1995 icon

nvim-mcp

by linw1995

Sec3

A Model Context Protocol (MCP) server for seamless integration with Neovim, enabling AI assistants to interact with the editor via connections and structured resources.

Setup Requirements

  • ⚠️Requires Neovim (version 0.11.3+ as per build system) to be installed and in PATH for client connections.
  • ⚠️LSP servers (e.g., gopls, ts_ls, luals, zls, as seen in tests) must be configured within Neovim for full LSP integration features to function.
  • ⚠️The official Neovim plugin ('linw1995/nvim-mcp') is recommended for automatic setup, requiring a plugin manager like `lazy.nvim`.
Review RequiredView Analysis
The server provides an `exec_lua` tool that allows execution of arbitrary Lua code within the connected Neovim instance. If an attacker can gain control of the input to this tool, they could compromise the Neovim environment, potentially leading to file system access, shell command execution (if Neovim is configured to allow it), or other system compromises. While the intended use is with trusted AI assistants, exposure to untrusted clients or a compromised AI client would pose a significant security risk. No obvious hardcoded secrets were found.
Updated: 2025-12-03GitHub
44
43
Medium Cost
VeriTeknik icon

pluggedin-mcp

by VeriTeknik

Sec9

Provides a unified Model Context Protocol (MCP) hub for AI agents, aggregating external tools, knowledge (RAG), and memory (clipboard) across various MCP servers and clients, with built-in document management and notifications.

Setup Requirements

  • ⚠️Requires a Plugged.in API Key for most dynamic functionality (account registration at plugged.in required, though basic discovery works without it).
  • ⚠️Requires Node.js 18.0.0 or higher runtime environment.
  • ⚠️Requires a compatible Model Context Protocol (MCP) client (e.g., Claude Desktop, Cline, Cursor) to interact with or needs to be run in Streamable HTTP mode for web-based access.
Verified SafeView Analysis
The server employs extensive security measures including robust input validation and sanitization (e.g., URL validation for SSRF, command argument sanitization), rate limiting for tool and API calls, and secure API key handling with timing-safe comparisons. It uses `execFile` for safer command execution when interacting with STDIO servers and sanitizes error messages to prevent information disclosure. CORS is set to a broad `*` for public discovery but sensitive operations require explicit API key authentication. Overall, a strong focus on security is evident in its design and implementation.
Updated: 2025-12-10GitHub
44
30
Medium Cost
Artmann icon
Sec9

Enables AI assistants and agents to search various package registries (NPM, Cargo, NuGet, PyPI, Go) and retrieve up-to-date package information.

Setup Requirements

  • ⚠️Requires Node.js 18+ or Bun runtime to execute.
  • ⚠️Requires an active internet connection to access package registries.
  • ⚠️The default `npx` command might use `npm` to install and run if `bun` is not globally available.
Verified SafeView Analysis
The server uses `zod` for input validation, which helps prevent malformed inputs. Network requests to external package registries are performed with a 10-second timeout, mitigating potential hangs. No hardcoded secrets or 'eval' statements were found. The tool interacts with well-known public APIs of package registries, which are generally trusted. Communication with the MCP client is via standard I/O.
Updated: 2025-12-02GitHub
44
38
Medium Cost
tuannvm icon
Sec9

Bridges LLM models with Apache Kafka, enabling AI agents to perform Kafka operations like producing/consuming messages, managing topics, monitoring consumer groups, and assessing cluster health via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Go 1.24+ to build and run.
  • ⚠️Requires access to an existing Apache Kafka cluster for full functionality.
  • ⚠️OAuth 2.1 authentication (for HTTP transport) requires extensive environment variable configuration, including OIDC_ISSUER, OIDC_AUDIENCE, and potentially client secrets and JWT_SECRET, depending on the OAuth mode and provider.
Verified SafeView Analysis
The server demonstrates strong security practices: sensitive configurations (SASL, OAuth secrets) are managed via environment variables (no hardcoding). It supports OAuth 2.1 for HTTP transport with multiple providers (Okta, Google, Azure AD, HMAC) and TLS for Kafka connections. The 'TLSInsecureSkipVerify' option is present but explicitly documented for development/testing only. Comprehensive input validation is implicitly handled by the MCP framework and explicitly in handlers. Continuous integration includes vulnerability scanning (Trivy, govulncheck) and dependency updates with security alerts (Renovate). No 'eval' or malicious patterns were identified.
Updated: 2025-11-29GitHub
44
23
High Cost
winyunq icon
Sec7

AI-assisted UMG UI development and animation in Unreal Engine, enabling version-controlled programmatic UI manipulation.

Setup Requirements

  • ⚠️Requires Unreal Engine 5.6 or newer with the UmgMcp plugin installed.
  • ⚠️Requires 'uv' (Python package manager) installed for environment management.
  • ⚠️The `settings.json` file requires an absolute path to the `Resources/Python` folder, which is critical for server launch.
  • ⚠️The `antigravity_wrapper.py` script is required on Windows to sanitize output (strip carriage returns) for strict JSON-RPC stream compliance.
  • ⚠️The `get_creatable_widget_types` tool provides a philosophical guide rather than a definitive list, requiring the AI to rely on its internal knowledge or trial-and-error for valid widget types.
Verified SafeView Analysis
The system establishes a local TCP connection (127.0.0.1) between Python and an Unreal Engine plugin. This reduces the remote attack surface significantly. The Unreal plugin provides extensive control over UMG assets, animations, blueprints, and level actors. JSON inputs for UI/asset manipulation are parsed and mapped to C++ UPROPERTYs, which helps prevent direct code injection but allows powerful modifications of editor state and assets. A compromised local Python server or malicious modifications to `prompts.json` or `settings.json` could lead to unauthorized asset creation/modification, corruption, or resource exhaustion within an Unreal project. The policy of creating assets if they don't exist (e.g., `set_target_umg_asset`) is powerful and could be misused if not properly controlled.
Updated: 2025-12-09GitHub
PreviousPage 70 of 647Next