Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

44
39
Medium Cost
kocierik icon

mcp-nomad

by kocierik

Sec9

This MCP server provides an interface to manage HashiCorp Nomad clusters, enabling operations like job, deployment, namespace, node, allocation, variable, volume, and ACL management through a Model Context Protocol client.

Setup Requirements

  • ⚠️Requires a running HashiCorp Nomad server.
  • ⚠️Nomad ACL Token (`NOMAD_TOKEN`) is required if ACLs are enabled on the Nomad cluster.
  • ⚠️Building from source requires a Go development environment; using pre-built binaries or npm packages might require Node.js.
Verified SafeView Analysis
The server correctly retrieves Nomad authentication tokens from environment variables, preventing hardcoded secrets. It implements origin validation for HTTP transports to mitigate cross-site request forgery (CSRF) risks. Nomad API interactions are handled by constructing URLs and JSON bodies, which generally prevents command injection. HCL job specification parsing is delegated to the Nomad API itself, reducing direct parsing vulnerabilities. No obvious use of 'eval' or other highly dangerous patterns were found in the provided server code. The npm package's `index.js` uses `childProcess.execFileSync` to run the compiled Go binary with arguments from static configuration, not directly user-provided input, thus limiting command injection risks in the wrapper.
Updated: 2025-12-08GitHub
44
38
Low Cost
drshade icon
Sec8

Provides a fully-featured Haskell library for building Model Context Protocol (MCP) servers to enable AI agent interaction.

Setup Requirements

  • ⚠️Requires a Haskell development environment (GHC, Cabal) to build and run applications using the library.
  • ⚠️Implementing advanced features requires familiarity with Haskell's type system and potentially Template Haskell.
  • ⚠️Understanding the Model Context Protocol (MCP) specification is necessary for effective server implementation.
Verified SafeView Analysis
The library implements the MCP protocol and provides abstractions for server development. Template Haskell is used for automatic handler derivation, which generates code at compile time based on defined data types, not direct runtime evaluation of untrusted input. However, metaprogramming (Template Haskell) always requires careful review. The HTTP transport enables CORS by default. No obvious hardcoded secrets or malicious patterns were found in the truncated code. The overall security posture will heavily depend on how specific handlers are implemented by the end-user of the library. The project acknowledges its AI-assisted development and plans for future refactoring for robustness.
Updated: 2026-01-19GitHub
44
16
Low Cost
datopian icon
Sec7

A remote Model Context Protocol (MCP) server deployed on Cloudflare Workers, providing AI agent tools to interact with PortalJS datasets for search, retrieval, and data preview.

Setup Requirements

  • ⚠️Requires a Cloudflare account for deployment.
  • ⚠️Requires the `wrangler` CLI to be installed for local development and deployment.
  • ⚠️The server is designed without authentication, making it publicly accessible by default. Users must implement their own authentication/authorization if sensitive operations are added or if access needs to be restricted.
Verified SafeView Analysis
The server is explicitly designed to run 'Without Auth', meaning it is publicly accessible to any client. While the tool implementations themselves perform basic input sanitization (URL encoding for queries and IDs, numeric limits for 'limit' parameters) before making external API calls to PortalJS, this lack of inherent authentication means it should not be used for sensitive data or operations without adding external authentication layers (e.g., Cloudflare Access, API Gateway keys). The use of Cloudflare Durable Objects helps isolate state per organization, which is a good practice.
Updated: 2025-11-28GitHub
44
35
Low Cost

spring-rest-to-mcp

by addozhang

Sec9

Transforms existing Spring Web REST APIs into Spring AI Model Context Protocol (MCP) server tools using OpenRewrite recipes.

Setup Requirements

  • ⚠️Requires Java 17 or higher for the recipe itself.
  • ⚠️The OpenRewrite conversion command must be executed twice for a complete transformation (first for POM updates, second for code conversion).
  • ⚠️The target Spring Web REST API project must use Spring Boot 3.2+ and Maven.
Verified SafeView Analysis
The project is an OpenRewrite recipe collection, performing build-time code transformations. It does not introduce runtime security vulnerabilities or execute arbitrary untrusted code. The output, a transformed Spring Boot application acting as an MCP server, will have standard server-side security considerations that need to be managed like any other deployed server application.
Updated: 2025-11-17GitHub
44
20
High Cost
sbroenne icon

mcp-server-excel

by sbroenne

Sec7

Automate Microsoft Excel operations through natural language commands for AI assistants or via a command-line interface, including Power Query, DAX measures, VBA macros, PivotTables, Charts, Ranges, and Worksheets.

Setup Requirements

  • ⚠️Requires Windows OS (Windows 10+) and Microsoft Excel (2016+) installed. Not suitable for headless CI/CD.
  • ⚠️Requires .NET 10 Runtime or SDK to be installed.
  • ⚠️For VBA commands, 'Trust access to the VBA project object model' must be manually enabled in Excel's Trust Center settings.
  • ⚠️All Excel files must be closed before use, as the server requires exclusive access due to Excel COM limitations.
Verified SafeView Analysis
The server leverages Excel's native COM API, which is generally safer than direct file manipulation, and includes input validation, file size limits, and robust code analysis rules. However, it requires manually enabling 'Trust access to the VBA project object model' in Excel for VBA operations, which is a significant user security decision. Additionally, Power Query M-code formatting uses an external API (powerqueryformatter.com), introducing an external network dependency that, while offering graceful fallback, entails sending potentially sensitive M-code over the network. Anonymous telemetry is collected via Azure Application Insights with sensitive data redaction.
Updated: 2026-01-19GitHub
44
45
Medium Cost
ZephyrDeng icon

pprof-analyzer-mcp

by ZephyrDeng

Sec5

Analyze Go pprof performance profiles (CPU, heap, goroutine, allocs, mutex, block), identify performance bottlenecks, detect memory leaks, compare profiles, and visualize data via flame graphs.

Setup Requirements

  • ⚠️The `generate_flamegraph` tool requires Graphviz (`dot` command) to be installed and available in the system's PATH.
  • ⚠️The `open_interactive_pprof` tool is macOS-only and requires the `go` command to be in the system's PATH. It does not capture errors from the launched `pprof` process, and temporary files from remote URIs are not automatically cleaned up until the session is manually disconnected or the server exits.
  • ⚠️If running with Docker, the `pprof-analyzer-mcp` Docker image must be built locally before attempting to run the container via an MCP client.
Review RequiredView Analysis
The server can download and process profile files from arbitrary HTTP/HTTPS URIs, posing a Server-Side Request Forgery (SSRF) risk. It allows user-controlled `output_svg_path` for `generate_flamegraph`, which could potentially lead to arbitrary file overwrites or creation in unintended locations if not properly handled by the underlying `go tool pprof` command. The `open_interactive_pprof` tool has explicit limitations regarding uncaptured background process errors and temporary file cleanup for remote URIs, which could lead to resource exhaustion (e.g., disk space). Launching `go tool pprof` as a web UI with a user-specified HTTP address could expose a debugging interface if the server is publicly accessible.
Updated: 2026-01-17GitHub
44
35
Medium Cost
tomtom-international icon

tomtom-mcp

by tomtom-international

Sec9

Provides seamless access to TomTom's geospatial services for AI workflows and development environments, including search, routing, traffic, and static/dynamic maps.

Setup Requirements

  • ⚠️Requires Node.js 22.x (strict requirement for dynamic map tool, other tools may work with older/newer versions).
  • ⚠️Requires a paid TomTom API Key for access to location services.
  • ⚠️Native OS-level dependencies are required for the dynamic map tool (@maplibre/maplibre-gl-native and canvas), which can be complex to install on various operating systems.
Verified SafeView Analysis
Implements robust API key handling using environment variables and AsyncLocalStorage for per-request isolation in HTTP mode. Input validation is performed using Zod schemas to mitigate common API input-related vulnerabilities. Comprehensive error handling and uncaught exception/unhandled rejection logging are in place to prevent silent failures. Dynamic dependencies are loaded with error handling.
Updated: 2026-01-19GitHub
44
16
Medium Cost
freema icon
Sec7

Automates Firefox browser via WebDriver BiDi (through Selenium WebDriver) to interact with web pages, capture snapshots, monitor network/console, and perform user interactions.

Setup Requirements

  • ⚠️Requires a local Firefox browser installation (auto-detected or specified via --firefox-path)
  • ⚠️Requires Node.js version 20.19.0 or higher
Verified SafeView Analysis
The server's core functionality involves browser automation, which inherently grants control over a local browser instance. The `evaluate_script` tool, which would allow arbitrary JavaScript execution, is explicitly disabled in the MCP server's public interface. However, the `upload_file_by_uid` tool accepts a `filePath` argument, allowing the server to interact with the local filesystem to upload specified files. This is a common and expected feature for automation tools but poses a risk if the server is exposed to untrusted inputs, as it could be leveraged to upload arbitrary files from the host machine's accessible paths. It is recommended to run this server in a trusted environment (e.g., locally by the user or in a controlled Docker container).
Updated: 2025-12-10GitHub
44
2
Low Cost
CriticalLine icon

lean-mathlib-docs-mcp

by CriticalLine

Sec8

Provides a Minimal MCP Server for LLMs to search Lean Mathlib 4 documentation, including declarations, modules, and instances.

Setup Requirements

  • ⚠️Requires Python 3.11 or higher and specific Python packages (`requests`, `mcp-server`).
  • ⚠️Manual configuration of `mcp.json` is needed, with potential path adjustments for the Python executable and the server script (`src/lean_docs_server.py`). The provided `mcp.json` example contains a path mismatch (`lean_docs_mcp_server.py` vs `lean_docs_server.py`).
  • ⚠️The first run will download the entire Mathlib 4 documentation dataset locally.
Verified SafeView Analysis
The server downloads a data file ('declaration-data.bmp') from a trusted Lean Mathlib 4 URL via `requests.get`. This file is then loaded as JSON, which is the primary external interaction. There are no explicit uses of `eval`, `subprocess`, hardcoded secrets, or direct shell commands. The risk is minimal, assuming the remote data source remains trustworthy and the '.bmp' file is indeed JSON data, as expected by `json.load`.
Updated: 2025-11-27GitHub
44
41
Low Cost
DeepTrail icon

deepsecure

by DeepTrail

Sec7

Provides a zero-trust security control plane for AI agents, enabling cryptographic identity, authenticated ephemeral credentials, fine-grained policy enforcement, secret injection, and secure delegation for AI agent-to-agent interactions.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose to run the backend Control Plane and Gateway services.
  • ⚠️Client-side SDK usage and local development require Python 3.9+ and pip.
  • ⚠️Secure storage of agent private keys relies on an OS keyring (macOS Keychain, Windows Credential Store, or Linux keyring), which may require specific system setup or permissions.
  • ⚠️Critical environment variables (e.g., `SECRET_KEY`, `BACKEND_API_TOKEN`, `GATEWAY_INTERNAL_API_TOKEN`, `POSTGRES_PASSWORD`, `GATEWAY_ENCRYPTION_KEY`, `MACAROON_SECRET_KEY`) have insecure default values and MUST be replaced with strong, unique secrets for any production or secure deployment.
Verified SafeView Analysis
The project uses strong cryptographic primitives (Ed25519, Shamir's Secret Sharing) and a robust dual-service architecture with JWT-based authentication. Client-side agent private keys are securely stored in the OS keyring. However, it ships with numerous insecure default values for critical environment variables (e.g., `SECRET_KEY`, `BACKEND_API_TOKEN`, `GATEWAY_INTERNAL_API_TOKEN`, PostgreSQL password, `GATEWAY_ENCRYPTION_KEY`) directly in `docker-compose.yml` and `app/core/config.py`. While the documentation advises changing these for production, their default presence poses a significant risk if not addressed by deployers.
Updated: 2026-01-18GitHub
44
37
High Cost
zoldyrk icon

RedNote-MCP

by zoldyrk

Sec7

Access and interact with Xiaohongshu (RedNote) content through Model Context Protocol (MCP) by automating browser interactions.

Setup Requirements

  • ⚠️Requires Playwright browser binaries to be installed (npx playwright install).
  • ⚠️Initial setup requires an interactive manual login process via a browser window to save cookies.
  • ⚠️Login sessions (cookies) may expire, requiring re-login.
Verified SafeView Analysis
The server uses Playwright for browser automation, which involves opening a browser and interacting with external websites (xiaohongshu.com). This carries an inherent risk as it executes JavaScript from a third-party site. User login cookies, containing sensitive authentication information, are saved locally in `~/.mcp/rednote/cookies.json`. While this avoids hardcoding secrets, the local storage of these cookies means they could be compromised if the user's system is breached. No 'eval', obfuscation, or other obvious malicious patterns were found in the provided source code.
Updated: 2025-12-15GitHub
44
2
Medium Cost
dehuy69 icon

kiotviet-mcp

by dehuy69

Sec9

An MCP server that enables AI agents to securely interact with the KiotViet Public API by proxying requests, providing a stateless interface for product, customer, order, and invoice management.

Setup Requirements

  • ⚠️Requires `CLIENT_ID` and `CLIENT_SECRET` from KiotViet OAuth2, which are managed by the upstream 'Culi Backend' or needed for local testing via `auths.env`.
  • ⚠️The 'retailer' name (KiotViet store name) must be known and provided with each tool call.
  • ⚠️The server functions as a proxy; token management (obtaining and refreshing `access_token`) is externalized to the calling AI agent's backend (e.g., Culi).
Verified SafeView Analysis
The server explicitly states and implements a stateless architecture, meaning no sensitive tokens or session information are stored on the MCP server itself. `access_token` and `retailer` are passed with each request, reducing risk. `CLIENT_ID` and `CLIENT_SECRET` are expected to be managed by the upstream Culi backend and stored in environment variables (or similar secure method) for testing scripts, not hardcoded. No `eval` or dynamic code execution from untrusted input was identified. API communication uses HTTPS, and the `httpx` client handles standard secure practices.
Updated: 2025-11-26GitHub
PreviousPage 73 of 760Next