Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(7756)

44
45
Low Cost
manusa icon
Sec7

Provides a Model Context Protocol (MCP) interface for AI agents and other clients to manage container runtimes like Podman and Docker.

Setup Requirements

  • ⚠️Requires Podman or Docker CLI installed and in PATH.
  • ⚠️Requires Node.js/npm or Python/pip for easy installation to download the server binary.
Verified SafeView Analysis
The server primarily acts as a wrapper around the Podman/Docker CLI, executing commands via `exec.Command` in Go. While direct argument passing prevents typical shell injection for string arguments, it relies on the robustness of the underlying container runtime's CLI. The `npx` and Python installations download pre-compiled binaries from GitHub releases, introducing a supply chain risk if the release infrastructure were compromised. No direct 'eval' or obvious hardcoded secrets were found.
Updated: 2025-12-13GitHub
44
7
High Cost
cooneycw icon
Sec9

This repository provides a comprehensive collection of Claude Code best practices and an MCP server for AI-powered, multi-model code review, offering detailed analysis and session management capabilities.

Setup Requirements

  • ⚠️Requires Python 3.11+
  • ⚠️Requires Gemini and/or OpenAI API keys (typically paid services) for LLM access.
  • ⚠️Conda is recommended for environment setup.
  • ⚠️GitHub CLI ('gh') is required for GitHub Issue Management commands.
Verified SafeView Analysis
The server demonstrates strong security awareness. It includes robust SSRF (Server-Side Request Forgery) protection for its `fetch_url` tool, blocking private IPs, auto-approving trusted domains, and requiring user confirmation for unknown domains. API keys are handled securely via environment variables and a custom `_SecretStr` class prevents their accidental logging. The code also includes a `scan_for_secrets` function as a proactive measure before sending code to LLMs. There are no obvious `eval` or obfuscation patterns that would pose immediate risks. Users should still exercise caution when approving new domains for fetching and review any skills before installation as they can execute arbitrary code.
Updated: 2025-12-14GitHub
44
41
Medium Cost
buildkite icon
Sec9

An MCP server exposing Buildkite CI/CD data (pipelines, builds, jobs, tests) to AI tooling and editors.

Setup Requirements

  • ⚠️Requires a Buildkite API token (BUILDKITE_API_TOKEN environment variable) for authentication, which must be obtained from Buildkite.
  • ⚠️For enhanced security, running in a Docker container is recommended.
  • ⚠️Optional 1Password CLI integration (BUILDKITE_API_TOKEN_FROM_1PASSWORD) requires 1Password CLI to be installed and configured.
Verified SafeView Analysis
The server demonstrates good security practices: - API tokens are managed via environment variables (BUILDKITE_API_TOKEN) or a 1Password integration (BUILDKITE_API_TOKEN_FROM_1PASSWORD), avoiding hardcoded secrets. - Input validation is present for critical parameters, such as regex patterns in log searches and URL formats for pipelines/artifacts, mitigating injection risks. - The README recommends running in a container built from a secure base image (Chainguard static) and as an unprivileged user, promoting secure deployment. - Uses OpenTelemetry for tracing, which involves outbound network calls, but this is a standard and auditable practice. No 'eval' or obvious obfuscation techniques were found. The use of well-maintained Buildkite Go clients also contributes to overall security.
Updated: 2025-12-11GitHub
44
35
High Cost
itsalfredakku icon

youtrack-mcp

by itsalfredakku

Sec9

Integrates AI assistants with JetBrains YouTrack for advanced project management, issue tracking, knowledge base, and time tracking, enabling AI to interact with YouTrack data and workflows.

Setup Requirements

  • ⚠️Requires `YOUTRACK_URL` and `YOUTRACK_TOKEN` environment variables to be set for basic operation.
  • ⚠️The capabilities of the AI are strictly limited by the permissions granted to the YouTrack permanent token used for authentication. Grant only necessary permissions.
  • ⚠️If `PROJECT_ID` is configured in the environment, the server will strictly enforce access to only that project, ignoring `projectId` parameters provided by the AI in tool calls. This prevents cross-project access.
Verified SafeView Analysis
The server uses environment variables for YouTrack URL and token, and implements OAuth2 with PKCE, storing tokens securely in `~/.youtrack-mcp-auth.json`. A critical security feature is strict project scoping: if `PROJECT_ID` is set in the environment, the server *enforces* this project for all tool calls, overriding any `projectId` provided by the AI, thus preventing unauthorized cross-project access. Input parameters are validated extensively using `ParameterValidator`. Content sanitization is applied for descriptions and comments. The `commands` tool exposes YouTrack's powerful command-line API to the AI via its `/commands` endpoint, which requires careful management of the YouTrack permanent token's permissions to prevent unintended actions within YouTrack itself. The `remote.ts` component exposes an SSE endpoint, but sessions are managed. No `eval` or direct system command execution from AI input was identified.
Updated: 2025-11-22GitHub
44
2
Low Cost
es6kr icon
Sec4

Manages Claude Code conversation history and sessions through CLI tools and a web-based GUI.

Setup Requirements

  • ⚠️Requires Python 3.10+
  • ⚠️Requires Claude Code (for full MCP integration and to generate session data)
Review RequiredView Analysis
The Flask web GUI runs with `debug=True` when started, including when launched via the MCP `start_gui` tool. Running Flask in debug mode in a production or even semi-exposed environment is a critical security vulnerability, as it can allow arbitrary code execution. Additionally, the server processes user-provided `project_name` and `session_id` arguments directly in constructing file paths. Malicious input (e.g., `../`) within these arguments could lead to path traversal, allowing file operations (read, delete, rename, move) outside the intended `~/.claude/projects` directory. The web GUI binds to `0.0.0.0`, potentially exposing the debug-enabled server to a local network.
Updated: 2025-12-11GitHub
43
30
Low Cost
stainless-api icon

mcp-front

by stainless-api

Sec9

Provides a multi-user, OAuth-authenticated gateway for AI agents (like Claude.ai) to securely access internal Model Context Protocol (MCP) servers, databases, and APIs without direct exposure.

Setup Requirements

  • ⚠️Requires Docker for running backend MCP servers in local development and many production configurations.
  • ⚠️Requires Google OAuth credentials (Client ID, Client Secret) for organization-wide deployment with OAuth.
  • ⚠️Mandatory environment variables include `JWT_SECRET` and `ENCRYPTION_KEY`, which must be cryptographically secure strings of sufficient length (e.g., 32+ bytes).
Verified SafeView Analysis
The project demonstrates a very high level of security consciousness. It mandates OAuth 2.0 with PKCE, enforces Google Workspace domain validation, encrypts session cookies using AES-256-GCM, and applies per-service audience claims (RFC 8707) to prevent token reuse. Secrets are strictly managed via environment variables and validated for sufficient entropy (e.g., JWT_SECRET must be 32+ bytes). Network traffic forwarding actively strips sensitive hop-by-hop and internal authentication headers. Inline command execution is carefully controlled to prevent injection. Extensive integration tests cover authentication bypass, malformed inputs, and secure session handling. The project explicitly defines its security boundary (proxy for authentication, backend for authorization/input validation) and warns that it's alpha software, but the implemented security features are robust.
Updated: 2025-12-01GitHub
43
30
Medium Cost
itential icon

itential-mcp

by itential

Sec6

A Model Context Protocol (MCP) server that connects LLMs to the Itential Platform, enabling AI assistants to manage network automations, orchestrate workflows, monitor platform health, and perform advanced network operations.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Requires access to an Itential Platform Instance for full functionality.
  • ⚠️Default platform credentials ('admin'/'admin') are insecure and must be changed for production deployments. Proper authentication (JWT/OAuth) and TLS configuration are critical.
  • ⚠️Requires 'uv' and 'make' for local development setup.
Verified SafeView Analysis
The server defaults to 'none' for authentication and 'admin'/'admin' for platform credentials, which is insecure for production environments. It also allows disabling TLS verification (`ITENTIAL_MCP_PLATFORM_DISABLE_VERIFY`), posing a MITM risk. However, it provides robust configuration options for JWT/OAuth authentication, TLS certificates, and includes sensitive data redaction for logging, which are good security features if properly configured.
Updated: 2025-12-13GitHub
43
3
Low Cost
isaacpalomero icon

promptbook-mcp

by isaacpalomero

Sec9

A server for organizing, managing, and semantically searching AI prompts extracted from coding assistant sessions.

Setup Requirements

  • ⚠️Requires Python 3.9+ and pip-installable dependencies (mcp, chromadb, sentence-transformers, watchdog).
  • ⚠️Requires a minimum of 2GB RAM for local embedding models.
  • ⚠️Optional: If 'lmstudio' is chosen as the `EMBEDDING_PROVIDER`, an LMStudio server instance must be running locally.
  • ⚠️An MCP-compatible client (e.g., Claude Desktop) needs to be configured to interact with this server.
Verified SafeView Analysis
The server implements strong path validation (`_validate_safe_path`) to prevent directory traversal and the use of absolute paths in user-controlled inputs. JSON parsing is utilized for internal index files, mitigating risks associated with arbitrary code injection. Configuration relies on environment variables, preventing hardcoded secrets. No direct use of `eval` or `os.system` with untrusted input was identified in the provided source code.
Updated: 2025-12-09GitHub
43
64
Low Cost
acryldata icon

mcp-server-datahub

by acryldata

Sec9

The DataHub MCP Server enables AI agents to discover, explore lineage, understand usage, and generate SQL queries for data assets within a DataHub ecosystem.

Setup Requirements

  • ⚠️Requires 'uv' package manager for setup and execution.
  • ⚠️Requires a live DataHub instance with valid authentication credentials (DATAHUB_GMS_URL, DATAHUB_GMS_TOKEN).
  • ⚠️Requires Python >=3.10 and specific Pydantic versions (>=2.0,<2.12).
Verified SafeView Analysis
The server uses `json.loads` for filter strings, which is then passed through a Pydantic-validated `load_filters` function from the DataHub SDK, providing input sanitization and validation. Descriptions are sanitized against HTML/Markdown injection and ReDoS attacks. Authentication relies on environment variables (`DATAHUB_GMS_URL`, `DATAHUB_GMS_TOKEN`). GraphQL queries are executed via the DataHub SDK. No direct `eval` or `exec` on user-controlled input is identified within the core server logic. The `subprocess.run` usage is confined to development/testing scripts and not part of the runtime server operation.
Updated: 2025-11-20GitHub
43
33
Medium Cost
jsdelivr icon
Sec9

Enables AI models to interact with a global network measurement platform through natural language, allowing LLMs to run various network tests and access data from thousands of probes worldwide.

Setup Requirements

  • ⚠️Requires a Cloudflare Workers environment for deployment and operation.
  • ⚠️Requires `GLOBALPING_CLIENT_ID` environment variable for OAuth authentication.
  • ⚠️Requires a Cloudflare KV namespace binding named `OAUTH_KV` for OAuth state management.
Verified SafeView Analysis
The server implements strong security measures, including robust URL and target validation to prevent DNS rebinding attacks, open redirects, and unauthorized internal network scanning. PKCE is used for OAuth, and API tokens are validated via regex. No obvious hardcoded secrets or dangerous functions like 'eval' are present. The Cloudflare Workers environment also adds a layer of sandboxed security.
Updated: 2025-11-29GitHub
43
40
Medium Cost
seuros icon
Sec5

A Ruby on Rails application demonstrating how to integrate and use the ActionMCP gem to expose AI-enabled tools, prompts, and resource templates for language models.

Setup Requirements

  • ⚠️Requires Ruby (version specified in .ruby-version, e.g., 3.4.7 or 4.0.0-preview2).
  • ⚠️Requires PostgreSQL database, or Docker for quick setup.
  • ⚠️Nginx is required to proxy `/mcp` requests to the ActionMCP server, typically managed via Docker Compose.
  • ⚠️JWT token generation is required for authentication, which needs to be configured in client-side settings (e.g., .mcp.json) and potentially within the `.env` file for API keys.
Verified SafeView Analysis
The `rubocop_tool` accepts arbitrary Ruby code from an LLM and executes a linter against it. While RuboCop itself is a linter, processing arbitrary external code without robust sandboxing could introduce a vulnerability for arbitrary code execution if a flaw is discovered in RuboCop's parsing or extension loading. The `ruby_code_analyzer_tool` can expose source code snippets of any Ruby file in the project, which constitutes an information disclosure risk, although this might be intended functionality for a coding agent. Hardcoded development secrets (`SECRET_KEY_BASE`, `ACTION_MCP_JWT_SECRET`) are present in `docker-compose.yml` but are explicitly marked as not for production use. The `StartWorldWar3Tool` is declared as 'destructive' but serves as a mock for demonstration purposes, highlighting the framework's capability to categorize tools by impact.
Updated: 2025-12-12GitHub
43
34
Medium Cost
webscraping-ai icon

webscraping-ai-mcp-server

by webscraping-ai

Sec8

Integrates with WebScraping.AI to provide LLM-powered web data extraction, including question answering, structured data extraction, and HTML/text retrieval, with advanced features like JavaScript rendering and proxy management.

Setup Requirements

  • ⚠️Requires WebScraping.AI API Key (Paid service)
  • ⚠️Requires Node.js (>=18.0.0)
  • ⚠️Specific JSON configuration files required for integration with AI agents like Cursor or Claude Desktop.
Verified SafeView Analysis
The server itself does not execute user-provided code on the host. The 'js_script' parameter is sent to the external WebScraping.AI API for execution within their headless browser environment. The 'ContentSanitizer' is a positive security feature, wrapping scraped content with clear boundaries to protect against prompt injection into connected LLMs. A minor concern is 'JSON.parse(error.message)' for API errors, which could theoretically be a vector if the external API's error messages are crafted maliciously, but its impact is limited to formatting error output, not code execution. Overall, it implements reasonable safeguards for its function.
Updated: 2025-11-24GitHub
PreviousPage 72 of 647Next