Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

44
32
Low Cost
kintone icon

mcp-server

by kintone

Sec9

Provides a local Model Context Protocol (MCP) server for Kintone, enabling AI assistants to interact with Kintone applications via a set of exposed tools.

Setup Requirements

  • ⚠️Requires Node.js (>= 22) or Docker installed.
  • ⚠️Requires Kintone API credentials (base URL and either username/password OR API token) to be provided via environment variables or command-line arguments.
  • ⚠️File download functionality requires the KINTONE_ATTACHMENTS_DIR environment variable to be explicitly set.
Verified SafeView Analysis
The server follows good security practices for handling sensitive credentials (environment variables or command-line arguments) and uses a well-established Kintone REST API client. File download operations are directed to a user-configurable directory (KINTONE_ATTACHMENTS_DIR) and include measures to prevent file overwrites. No direct 'eval' or arbitrary code execution from user input is evident. Potential risks are primarily operational, such as misconfiguring sensitive directories or the security of the hosting environment.
Updated: 2026-01-19GitHub
44
38
Low Cost
nisalgunawardhana icon

How-To-Create-MCP-Server

by nisalgunawardhana

Sec9

This project demonstrates how to set up a basic Model Context Protocol (MCP) server in .NET for interaction with AI tools like Copilot Chat.

Setup Requirements

  • ⚠️Requires .NET SDK 8.
  • ⚠️Requires VS Code with C# Dev Kit extension for optimal development experience.
  • ⚠️Manual creation and specific configuration of `mcp.json` file is required in the project root's `.vscode` directory.
  • ⚠️Integration with Copilot Chat is central to its functionality, requiring the tool to be added within Copilot Chat settings.
Verified SafeView Analysis
The provided code for the MCP server is minimal and does not contain obvious security vulnerabilities like 'eval', obfuscation, or hardcoded secrets. It utilizes standard .NET hosting and Model Context Protocol libraries. The `WithToolsFromAssembly()` method allows loading tools dynamically from the assembly, meaning any custom, user-added tools could introduce risks if not carefully developed. The server primarily uses stdio transport, reducing direct network exposure for the sample.
Updated: 2026-01-11GitHub
44
2
Low Cost
mohrstade icon
Sec9

Provides a semantic layer for BigQuery's Austin Bikeshare public dataset, simplifying data querying and analysis through a defined interface for tools like Claude Desktop.

Setup Requirements

  • ⚠️Requires Python 3.13 or newer.
  • ⚠️Requires the `uv` package installer for the recommended setup as per the README.
  • ⚠️Requires Google Cloud Platform (GCP) authentication (e.g., `gcloud auth application-default login`) to connect to BigQuery, even for public datasets.
Verified SafeView Analysis
Connects to a public BigQuery dataset (`bigquery-public-data`). Uses standard and reputable data libraries (Ibis, boring-semantic-layer). No obvious hardcoded sensitive credentials, 'eval' usage, or malicious patterns were found in the provided source code. Relies on standard GCP authentication mechanisms for BigQuery access, which are assumed to be configured externally.
Updated: 2025-11-26GitHub
44
67
Medium Cost
quarkusio icon
Sec8

A workshop demonstrating how to build AI-infused applications and agentic systems with Quarkus and LangChain4j, specifically focusing on a car management system that uses AI agents for tasks like cleaning, maintenance, and disposition decisions, including communication with remote agents via the Model Context Protocol (MCP) and Agent-to-Agent (A2A) protocol.

Setup Requirements

  • ⚠️Requires JDK 21.0 or later
  • ⚠️Requires an OpenAI API key (paid, free trial credits can be quickly exhausted)
  • ⚠️Requires Podman or Docker (for PostgreSQL Dev Service)
  • ⚠️Requires running two Quarkus applications simultaneously on different ports (8080 and 8888) for A2A communication in advanced steps
Verified SafeView Analysis
The system implements `InputGuardrails` to detect prompt injection using a separate AI service, which enhances security. API keys are handled via environment variables. Network interactions include calls to external weather APIs (`api.open-meteo.com`) and internal A2A communication, which are standard for distributed systems but require careful configuration and trust boundaries. The inherent risk of LLM interpreting prompts for tool execution is present, though mitigated by guardrails and structured tool definitions.
Updated: 2026-01-19GitHub
44
38
Medium Cost
jasonjgardner icon

blockbench-mcp-plugin

by jasonjgardner

Sec2

Integrates the Model Context Protocol (MCP) into Blockbench, allowing AI models to programmatically interact with the 3D modeling software through exposed tools, resources, and prompts.

Setup Requirements

  • ⚠️Requires Blockbench desktop application to be running.
  • ⚠️The MCP plugin must be installed within Blockbench (via 'Load Plugin from URL').
  • ⚠️Requires explicit user permission for network access when the plugin is loaded in Blockbench.
  • ⚠️The server runs as a plugin inside Blockbench; it does not have a standalone 'run' command.
Review RequiredView Analysis
The server includes a 'risky_eval' tool that allows execution of arbitrary JavaScript code directly within the Blockbench plugin's context. While it attempts to filter out `console.` commands and comments, these protections are trivial to bypass with crafted input (e.g., using string concatenation). This presents a severe security risk, as an attacker or compromised AI agent could execute any code with the plugin's permissions, potentially leading to system access or data manipulation outside of Blockbench if the host machine has permissive settings or if the plugin's context has elevated privileges. Network risks are inherent as it runs an HTTP server, making this 'eval' capability particularly dangerous if exposed to untrusted networks.
Updated: 2026-01-17GitHub
44
2
Low Cost
mitsou55 icon
Sec1

This repository describes a curated collection of open-source tools impacting the tech landscape, with a focus on AI and Kubernetes.

Setup Requirements

  • ⚠️Requires downloading and running an arbitrary, unaudited executable (.zip file) from the repository, which is a significant security risk.
  • ⚠️Operating System: Windows 10+, macOS Monterey+, or modern Linux distribution.
  • ⚠️Memory: Minimum of 4 GB RAM.
Review RequiredView Analysis
The provided 'SOURCE CODE' is only a README file. The README instructs users to download and run an arbitrary .zip file (Defined-That-Hub-Git-Projects-v3.0.zip) directly from the repository's main branch. This file is described as an 'installer' that users should 'Double-click... to run it.' Without access to the actual source code of the supposed 'MCP Server' or the contents of this opaque .zip file, a security audit is impossible. Downloading and executing arbitrary binaries from untrusted or unverified sources, even from a GitHub repository, is a critical security risk as it can contain malware, viruses, or other malicious payloads. Therefore, based solely on the provided information, it is highly unsafe to run, as there is no server source code to audit, only an instruction to download and execute an opaque binary.
Updated: 2026-01-19GitHub
44
2
High Cost
pgElephant icon

NeuronDB

by pgElephant

Sec3

The NeuronMCP server acts as a Model Context Protocol (MCP) gateway, enabling MCP-compatible clients (like Claude Desktop) to interact with the NeuronDB PostgreSQL extension for vector search, machine learning, RAG pipelines, and agent runtime capabilities.

Setup Requirements

  • ⚠️Requires a running PostgreSQL instance (version 16 or later) with the NeuronDB extension installed.
  • ⚠️Many ML and embedding tools, especially for larger models, may incur significant costs from external LLM providers (e.g., OpenAI, Hugging Face APIs).
  • ⚠️Requires Docker and Docker Compose for the recommended deployment, which adds setup complexity for users unfamiliar with containerization.
Review RequiredView Analysis
The C-based PostgreSQL extension code (`NeuronDB/src/search/sparse_search.c`, `hybrid_search.c`, `semantic_keyword_search.c`, `multi_vector_search.c`, `faceted_vector_search.c`, `temporal_vector_search.c`, `diverse_vector_search.c`) constructs SQL queries by directly concatenating user-provided table and column names (`tbl_str`, `col_str`, `facet_str`, `ts_str`) into the query string using `%s` in `appendStringInfo`. This is a classic SQL injection vulnerability, as malicious input in these parameters could alter the SQL query. For instance, a user could supply a table name like `mytable; DROP TABLE important_data;` leading to data loss or unauthorized access. While the Node.js/TypeScript layer of NeuronMCP generally uses parameterized queries and `escapeIdentifier` for dynamic SQL, the underlying C extension functions contain this critical flaw. The `PluginManager` allows loading external plugins, which could be a risk if not sourced from trusted origins.
Updated: 2025-11-30GitHub
44
24
Low Cost
gsong icon

ccmcp

by gsong

Sec8

A CLI tool that intelligently discovers, validates, and selects MCP (Model Context Protocol) server configurations for Claude Code, providing both a TUI and text-based interface.

Setup Requirements

  • ⚠️Requires Node.js 20+ runtime environment.
  • ⚠️Requires 'claude' command to be installed and available in the system's PATH.
  • ⚠️Full interactive TUI experience requires a terminal with TTY support (falls back to text prompts otherwise).
Verified SafeView Analysis
The tool appears to follow good security practices for a CLI application. It uses Zod for comprehensive schema validation of MCP configuration files, which is a strong defense against malformed or malicious config data. Command-line arguments for launching the external 'claude' executable are properly escaped using the 'shell-quote' library to prevent command injection. Cache files are stored in standard OS-specific cache directories and hashed keys are used. The primary security considerations would stem from the trustworthiness of the 'claude' binary itself and the content of the MCP configuration files, which are external to the ccmcp tool's core logic.
Updated: 2026-01-19GitHub
44
23
Medium Cost
zacharypodbela icon

django-rest-framework-mcp

by zacharypodbela

Sec8

Enables developers to quickly build Model Context Protocol (MCP) servers for existing Django REST Framework APIs, allowing AI agents and LLM clients to leverage these endpoints as tools.

Setup Requirements

  • ⚠️Requires Python 3.8+.
  • ⚠️Requires Django 4.0+ and djangorestframework 3.14.0+.
  • ⚠️MCP requests bypass parts of the standard DRF request lifecycle (e.g., `dispatch`, `initialize_request`, `finalize_response`, `handle_exception`), which developers must be aware of for custom logic.
  • ⚠️STDIO transport for MCP clients is not directly supported and requires an `mcp-remote` bridge for local testing with tools like Claude Desktop.
Verified SafeView Analysis
The MCP endpoint (`/mcp/`) uses `@csrf_exempt`, bypassing Django's CSRF protection; this is standard for API endpoints primarily consumed by non-browser clients, but should be noted. The overall security relies heavily on the underlying Django REST Framework's authentication, permission, and throttling configurations. The documentation explicitly warns that DRF's built-in throttling is not a robust security measure against sophisticated attacks like brute-forcing or Denial of Service (DoS). The demo `settings.py` includes a `SECRET_KEY` marked as 'insecure' by Django, which is acceptable for development/demo purposes but must be replaced in a production environment.
Updated: 2025-11-25GitHub
44
30
High Cost
antvis icon
Sec9

A Model Context Protocol (MCP) server that provides AntV documentation context and code examples for AI development and quality assurance workflows.

Setup Requirements

  • ⚠️Requires Node.js >= v18.0.0
  • ⚠️Requires an MCP Client (e.g., Cursor, VSCode MCP Extension) to connect and utilize its functionality
  • ⚠️Relies on external Context7.com and DeepWiki.com services for documentation retrieval; functionality will be impaired if these services are unavailable
Verified SafeView Analysis
The server interacts with external services (context7.com and mcp.deepwiki.com) to fetch documentation. These are legitimate documentation sources, and the access is controlled by specific endpoints. Robust input validation is implemented using Zod schemas for all tool inputs. No 'eval' or other direct arbitrary code execution vectors were found. No hardcoded secrets were identified.
Updated: 2025-12-11GitHub
44
41
Low Cost
deploystackio icon

deploystack

by deploystackio

Sec9

Centralized management and optimization of Model Context Protocol (MCP) servers and AI agent tools, including credential management and governance.

Setup Requirements

  • ⚠️Requires Node.js (v18+) and npm (v8+).
  • ⚠️Requires Docker for production deployment or full local development setup.
  • ⚠️Requires PostgreSQL database.
  • ⚠️Mandatory `DEPLOYSTACK_ENCRYPTION_SECRET` environment variable which must be changed from its default placeholder in production.
  • ⚠️Mandatory `DEPLOYSTACK_SATELLITE_NAME` and `DEPLOYSTACK_REGISTRATION_TOKEN` for the Satellite service to register with the Backend.
Verified SafeView Analysis
The server demonstrates strong security practices. It explicitly uses OAuth2/JWT for authentication, implements environment variable filtering (BLOCKED_ENV_VARS) to prevent injection, and leverages `nsjail` for sandboxing stdio subprocesses in production, significantly mitigating risks from arbitrary MCP tool execution. Secret masking is applied to URLs and headers in logs. It correctly flags placeholder secrets (e.g., DEPLOYSTACK_ENCRYPTION_SECRET) as mandatory changes for production. Persistence of API keys is handled with awareness of Docker volume permissions.
Updated: 2026-01-17GitHub
44
131
Medium Cost
call518 icon
Sec8

The MCP server provides professional operations, monitoring, and management capabilities for PostgreSQL databases using natural language queries.

Setup Requirements

  • ⚠️Requires Python 3.12 or newer.
  • ⚠️Requires a PostgreSQL database connection (host, port, user, password, database) configured via environment variables.
  • ⚠️Optional PostgreSQL extensions (`pg_stat_statements`, `pg_stat_monitor`) and specific `postgresql.conf` settings (`track_functions = pl`, `track_io_timing = on`) are needed for full functionality, which may require manual installation or configuration on the target PostgreSQL instance.
Verified SafeView Analysis
The server is explicitly designed for read-only operations, significantly reducing the attack surface. It utilizes environment variables for database credentials, avoiding hardcoded secrets in the code. SQL queries are generally parameterized or carefully constructed to mitigate injection risks, with input validation applied to parameters like 'limit'. Authentication for 'streamable-http' mode is optional but strongly recommended, and the code issues warnings if disabled. A comprehensive SECURITY.md policy is in place.
Updated: 2025-12-16GitHub
PreviousPage 71 of 760Next