Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(7756)

44
25
High Cost
kumo-ai icon

kumo-rfm-mcp

by kumo-ai

Sec8

This server empowers AI assistants with KumoRFM intelligence by providing tools to build, manage, and visualize relational graphs, convert natural language to PQL queries, and execute/evaluate/explain predictions from the KumoRFM (Relational Foundation Model) for tasks like missing value imputation and temporal forecasting.

Setup Requirements

  • ⚠️Requires a KumoRFM API key (`KUMO_API_KEY`) for most operations, which can be generated for free.
  • ⚠️Requires Python 3.10 or above.
  • ⚠️For MCP Bundle installation, `npm` and `@anthropic-ai/dxt` are required.
Verified SafeView Analysis
The server uses `os.getenv` for API keys, which is a secure practice. It utilizes `subprocess.check_call` for virtual environment setup in the bundled version, which is generally safe in its controlled context. Data reading operations (`pd.read_csv`, `pd.read_parquet`) handle user-provided paths, which inherently carries some risk, but basic file existence checks are in place. No `eval` or `exec` on user input, and no hardcoded secrets were found. The tool annotations provide good transparency about read/write operations.
Updated: 2025-12-02GitHub
44
39
Medium Cost
kocierik icon

mcp-nomad

by kocierik

Sec9

This MCP server provides an interface to manage HashiCorp Nomad clusters, enabling operations like job, deployment, namespace, node, allocation, variable, volume, and ACL management through a Model Context Protocol client.

Setup Requirements

  • ⚠️Requires a running HashiCorp Nomad server.
  • ⚠️Nomad ACL Token (`NOMAD_TOKEN`) is required if ACLs are enabled on the Nomad cluster.
  • ⚠️Building from source requires a Go development environment; using pre-built binaries or npm packages might require Node.js.
Verified SafeView Analysis
The server correctly retrieves Nomad authentication tokens from environment variables, preventing hardcoded secrets. It implements origin validation for HTTP transports to mitigate cross-site request forgery (CSRF) risks. Nomad API interactions are handled by constructing URLs and JSON bodies, which generally prevents command injection. HCL job specification parsing is delegated to the Nomad API itself, reducing direct parsing vulnerabilities. No obvious use of 'eval' or other highly dangerous patterns were found in the provided server code. The npm package's `index.js` uses `childProcess.execFileSync` to run the compiled Go binary with arguments from static configuration, not directly user-provided input, thus limiting command injection risks in the wrapper.
Updated: 2025-12-08GitHub
44
16
Low Cost
datopian icon
Sec7

A remote Model Context Protocol (MCP) server deployed on Cloudflare Workers, providing AI agent tools to interact with PortalJS datasets for search, retrieval, and data preview.

Setup Requirements

  • ⚠️Requires a Cloudflare account for deployment.
  • ⚠️Requires the `wrangler` CLI to be installed for local development and deployment.
  • ⚠️The server is designed without authentication, making it publicly accessible by default. Users must implement their own authentication/authorization if sensitive operations are added or if access needs to be restricted.
Verified SafeView Analysis
The server is explicitly designed to run 'Without Auth', meaning it is publicly accessible to any client. While the tool implementations themselves perform basic input sanitization (URL encoding for queries and IDs, numeric limits for 'limit' parameters) before making external API calls to PortalJS, this lack of inherent authentication means it should not be used for sensitive data or operations without adding external authentication layers (e.g., Cloudflare Access, API Gateway keys). The use of Cloudflare Durable Objects helps isolate state per organization, which is a good practice.
Updated: 2025-11-28GitHub
44
35
Low Cost

spring-rest-to-mcp

by addozhang

Sec9

Transforms existing Spring Web REST APIs into Spring AI Model Context Protocol (MCP) server tools using OpenRewrite recipes.

Setup Requirements

  • ⚠️Requires Java 17 or higher for the recipe itself.
  • ⚠️The OpenRewrite conversion command must be executed twice for a complete transformation (first for POM updates, second for code conversion).
  • ⚠️The target Spring Web REST API project must use Spring Boot 3.2+ and Maven.
Verified SafeView Analysis
The project is an OpenRewrite recipe collection, performing build-time code transformations. It does not introduce runtime security vulnerabilities or execute arbitrary untrusted code. The output, a transformed Spring Boot application acting as an MCP server, will have standard server-side security considerations that need to be managed like any other deployed server application.
Updated: 2025-11-17GitHub
44
32
Medium Cost
Muvon icon

octomind

by Muvon

Sec3

Octomind is a session-first AI development assistant with built-in Model Context Protocol (MCP) tools and multi-provider AI support, enabling interactive AI conversations, code analysis, file system management, and web research.

Setup Requirements

  • ⚠️Requires `BRAVE_API_KEY` for web search tools.
  • ⚠️Requires API keys for chosen AI providers (e.g., `OPENROUTER_API_KEY`, `OPENAI_API_KEY`, `ANTHROPIC_API_KEY`, `GOOGLE_APPLICATION_CREDENTIALS`, `AWS_ACCESS_KEY_ID`, `CLOUDFLARE_API_TOKEN`, `DEEPSEEK_API_KEY`).
  • ⚠️Requires `ripgrep` (rg) and `ast-grep` (sg) executables to be installed and available in PATH for filesystem and code analysis tools.
Review RequiredView Analysis
The server offers powerful AI capabilities, including direct shell command execution (`shell()` tool), extensive file system modifications (`text_editor()` tools like `create`, `str_replace`, `insert`, `line_replace`, `batch_edit`), and semantic code refactoring (`ast_grep()` tool). These features grant the AI significant control over the local environment. While the implementation isolates spawned child processes and uses environment variables for API keys (good practices), the inherent design allows the AI to execute arbitrary commands and make substantial changes. If a malicious prompt is introduced or the AI misinterprets instructions, this could lead to unintended or destructive actions. Therefore, it is *not inherently safe* to run without careful monitoring and a trusted AI model. The WebSocket server (defaulting to `127.0.0.1:8080`) should not be exposed to the public internet.
Updated: 2025-11-29GitHub
44
16
Medium Cost
freema icon
Sec7

Automates Firefox browser via WebDriver BiDi (through Selenium WebDriver) to interact with web pages, capture snapshots, monitor network/console, and perform user interactions.

Setup Requirements

  • ⚠️Requires a local Firefox browser installation (auto-detected or specified via --firefox-path)
  • ⚠️Requires Node.js version 20.19.0 or higher
Verified SafeView Analysis
The server's core functionality involves browser automation, which inherently grants control over a local browser instance. The `evaluate_script` tool, which would allow arbitrary JavaScript execution, is explicitly disabled in the MCP server's public interface. However, the `upload_file_by_uid` tool accepts a `filePath` argument, allowing the server to interact with the local filesystem to upload specified files. This is a common and expected feature for automation tools but poses a risk if the server is exposed to untrusted inputs, as it could be leveraged to upload arbitrary files from the host machine's accessible paths. It is recommended to run this server in a trusted environment (e.g., locally by the user or in a controlled Docker container).
Updated: 2025-12-10GitHub
44
9
Low Cost
pamosima icon
Sec9

The ThousandEyes MCP server provides secure, API-based access to Cisco ThousandEyes v7 functionality for network monitoring, performance analysis, and troubleshooting.

Setup Requirements

  • ⚠️Requires a valid ThousandEyes API v7 Bearer token (ThousandEyes is a paid service).
  • ⚠️Docker Engine and Docker Compose are required for common deployment methods.
  • ⚠️Requires Python 3.12 or newer.
Verified SafeView Analysis
Credentials (ThousandEyes API Bearer Token) are loaded exclusively from environment variables and are masked in logs to prevent exposure. All operations are read-only, significantly reducing the attack surface by preventing accidental or malicious changes. The container is configured to run as a non-root user with 'no-new-privileges' enabled. HTTPS is used for all API communication, and the underlying `requests` library defaults to SSL verification. No 'eval' or other obfuscation patterns were found in the source code.
Updated: 2025-11-28GitHub
44
2
Low Cost
CriticalLine icon

lean-mathlib-docs-mcp

by CriticalLine

Sec8

Provides a Minimal MCP Server for LLMs to search Lean Mathlib 4 documentation, including declarations, modules, and instances.

Setup Requirements

  • ⚠️Requires Python 3.11 or higher and specific Python packages (`requests`, `mcp-server`).
  • ⚠️Manual configuration of `mcp.json` is needed, with potential path adjustments for the Python executable and the server script (`src/lean_docs_server.py`). The provided `mcp.json` example contains a path mismatch (`lean_docs_mcp_server.py` vs `lean_docs_server.py`).
  • ⚠️The first run will download the entire Mathlib 4 documentation dataset locally.
Verified SafeView Analysis
The server downloads a data file ('declaration-data.bmp') from a trusted Lean Mathlib 4 URL via `requests.get`. This file is then loaded as JSON, which is the primary external interaction. There are no explicit uses of `eval`, `subprocess`, hardcoded secrets, or direct shell commands. The risk is minimal, assuming the remote data source remains trustworthy and the '.bmp' file is indeed JSON data, as expected by `json.load`.
Updated: 2025-11-27GitHub
44
31
Medium Cost
raine icon
Sec7

An MCP server that allows an AI agent (Claude Code) to consult more powerful external AI models for code analysis, debugging, and review, providing relevant files and git diffs as context.

Setup Requirements

  • ⚠️Requires API keys for chosen LLM providers (e.g., OPENAI_API_KEY, GEMINI_API_KEY, DEEPSEEK_API_KEY) for API mode.
  • ⚠️CLI modes for Gemini or OpenAI require the respective `gemini` or `codex` CLI tools to be installed and authenticated locally.
  • ⚠️Node.js version >=18.0.0 is required.
Verified SafeView Analysis
The server uses `child_process.spawn` for CLI modes (Gemini, Codex) and `child_process.execSync` for git diff generation. While `spawn` uses `shell: false` and arguments are constructed internally to mitigate direct shell injection, there's an inherent trust in the security of the invoked `gemini` and `codex` CLI tools. Prompt injection risks, where a malicious user prompt could exploit vulnerabilities in the underlying LLMs or CLIs, remain a consideration, though this is a general LLM interaction concern.
Updated: 2025-12-12GitHub
44
37
High Cost
zoldyrk icon

RedNote-MCP

by zoldyrk

Sec7

Access and interact with Xiaohongshu (RedNote) content through Model Context Protocol (MCP) by automating browser interactions.

Setup Requirements

  • ⚠️Requires Playwright browser binaries to be installed (npx playwright install).
  • ⚠️Initial setup requires an interactive manual login process via a browser window to save cookies.
  • ⚠️Login sessions (cookies) may expire, requiring re-login.
Verified SafeView Analysis
The server uses Playwright for browser automation, which involves opening a browser and interacting with external websites (xiaohongshu.com). This carries an inherent risk as it executes JavaScript from a third-party site. User login cookies, containing sensitive authentication information, are saved locally in `~/.mcp/rednote/cookies.json`. While this avoids hardcoding secrets, the local storage of these cookies means they could be compromised if the user's system is breached. No 'eval', obfuscation, or other obvious malicious patterns were found in the provided source code.
Updated: 2025-12-15GitHub
44
7
Medium Cost
KSAklfszf921 icon

kolada-mcp-server

by KSAklfszf921

Sec9

Connects LLMs to open data from Kolada API, providing access to 5,000+ Key Performance Indicators (KPIs) for Swedish municipalities and regions for analytical queries.

Setup Requirements

  • ⚠️Requires Node.js 18.0.0 or higher.
  • ⚠️The MCP server runs with 'Open Access' (no authentication) by default on its endpoints, meaning any client can access the data exposed by the tools.
  • ⚠️Data freshness for catalogs (KPIs, municipalities) relies on a 24-hour cache, meaning new data from the Kolada API might not be immediately reflected until the cache expires.
Verified SafeView Analysis
The project demonstrates robust security practices, including continuous automated scanning (CodeQL, GitGuardian, TruffleHog, Bearer SAST, Dependabot, npm audit) as detailed in SECURITY.md. Sensitive configurations are managed through environment variables, and rate limiting/retry logic is implemented for external API interactions. The HTTP server's primary MCP endpoints (`/mcp`, `/sse`, `/rpc`) are noted as 'Open Access (No authentication)' in the source code. While suitable for public Kolada data, this means local deployments are generally accessible without an MCP-specific authentication layer. The `render.yaml` file includes an `MCP_AUTH_TOKEN` environment variable, suggesting that securing the MCP server itself with an authentication token is possible in a deployment context, though not enforced by the provided code for the default public endpoints.
Updated: 2025-12-09GitHub
44
2
Medium Cost
dehuy69 icon

kiotviet-mcp

by dehuy69

Sec9

An MCP server that enables AI agents to securely interact with the KiotViet Public API by proxying requests, providing a stateless interface for product, customer, order, and invoice management.

Setup Requirements

  • ⚠️Requires `CLIENT_ID` and `CLIENT_SECRET` from KiotViet OAuth2, which are managed by the upstream 'Culi Backend' or needed for local testing via `auths.env`.
  • ⚠️The 'retailer' name (KiotViet store name) must be known and provided with each tool call.
  • ⚠️The server functions as a proxy; token management (obtaining and refreshing `access_token`) is externalized to the calling AI agent's backend (e.g., Culi).
Verified SafeView Analysis
The server explicitly states and implements a stateless architecture, meaning no sensitive tokens or session information are stored on the MCP server itself. `access_token` and `retailer` are passed with each request, reducing risk. `CLIENT_ID` and `CLIENT_SECRET` are expected to be managed by the upstream Culi backend and stored in environment variables (or similar secure method) for testing scripts, not hardcoded. No `eval` or dynamic code execution from untrusted input was identified. API communication uses HTTPS, and the `httpx` client handles standard secure practices.
Updated: 2025-11-26GitHub
PreviousPage 71 of 647Next