Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

44
41
Low Cost
blacktop icon

mcp-tts

by blacktop

Sec9

Provides Text-to-Speech (TTS) capabilities to MCP (Model Context Protocol) clients using various AI and system-level TTS engines.

Setup Requirements

  • ⚠️Requires API keys for OpenAI, ElevenLabs, and/or Google TTS (these are paid services, usage costs apply).
  • ⚠️The `say_tts` functionality is only available on macOS systems.
Verified SafeView Analysis
The server implements comprehensive input validation and sanitization, particularly for arguments passed to the macOS `say_tts` tool, effectively preventing command injection. API keys are handled securely by being read from environment variables and masked in logs. Resource limits and robust cancellation mechanisms are in place to prevent Denial of Service (DoS) attacks and memory leaks. The project includes dedicated security testing scripts which confirm injection prevention.
Updated: 2026-01-12GitHub
44
2
Low Cost
es6kr icon
Sec4

Manages Claude Code conversation history and sessions through CLI tools and a web-based GUI.

Setup Requirements

  • ⚠️Requires Python 3.10+
  • ⚠️Requires Claude Code (for full MCP integration and to generate session data)
Review RequiredView Analysis
The Flask web GUI runs with `debug=True` when started, including when launched via the MCP `start_gui` tool. Running Flask in debug mode in a production or even semi-exposed environment is a critical security vulnerability, as it can allow arbitrary code execution. Additionally, the server processes user-provided `project_name` and `session_id` arguments directly in constructing file paths. Malicious input (e.g., `../`) within these arguments could lead to path traversal, allowing file operations (read, delete, rename, move) outside the intended `~/.claude/projects` directory. The web GUI binds to `0.0.0.0`, potentially exposing the debug-enabled server to a local network.
Updated: 2025-12-11GitHub
43
43
High Cost
IlyaGusev icon

academia_mcp

by IlyaGusev

Sec4

An MCP server providing tools for searching, fetching, analyzing, and reporting on scientific papers and datasets, often powered by LLMs.

Setup Requirements

  • ⚠️Requires Python 3.12+
  • ⚠️Full functionality (LLM, search, image processing) requires API keys (e.g., OPENROUTER_API_KEY, TAVILY_API_KEY, EXA_API_KEY, BRAVE_API_KEY, OPENAI_API_KEY), many of which are for paid services.
  • ⚠️LaTeX/PDF compilation and reading tools require a local LaTeX distribution (pdflatex, latexmk) installed and on PATH.
  • ⚠️Many tools depend on `WORKSPACE_DIR` environment variable being set for file operations, which needs to be a writable directory.
  • ⚠️Optional authentication stores tokens in a local JSON file in plaintext, requiring secure file system permissions and HTTPS in production.
Review RequiredView Analysis
The `compile_latex` tool allows compilation of LaTeX code from files within the `WORKSPACE_DIR`. If an attacker can control the content of these LaTeX files, they could potentially execute arbitrary system commands via LaTeX's `\write18` feature or similar mechanisms, leading to remote code execution. The `visit_webpage` tool can fetch content from arbitrary URLs, which could pose a Server-Side Request Forgery (SSRF) risk if not used carefully, though this is an intended feature. PDF parsing/downloading also introduces risks if processing malicious PDF files. The optional token-based authentication stores tokens in plaintext in `tokens.json` (mode 600), which requires careful protection of the file itself and use over HTTPS.
Updated: 2026-01-19GitHub
43
34
Low Cost
stainless-api icon

mcp-front

by stainless-api

Sec8

mcp-front acts as an authentication gateway for Model Context Protocol (MCP) servers, enabling Claude.ai to securely access internal APIs, databases, and tools with multi-user authentication and per-user isolation.

Setup Requirements

  • ⚠️Project is explicitly a 'work in progress' and 'not production ready'; expect breaking changes.
  • ⚠️Requires Google Cloud Console setup for OAuth credentials (Client ID, Client Secret, Redirect URI) for production deployments.
  • ⚠️Docker socket access is required for 'stdio' transport, granting significant privileges to the mcp-front container on the host.
Verified SafeView Analysis
The project demonstrates strong security practices for an alpha stage: OAuth 2.0 with PKCE, AES-256-GCM encryption for session cookies and secrets, HMAC-SHA256 for token signing, Google Workspace domain validation, and robust header sanitization for requests forwarded to backend MCP servers. It enforces 32-byte minimums for JWT and encryption keys. Std-io MCP servers run in isolated Docker containers per user, and an explicit configuration syntax (`{"$env": "VAR"}`) prevents shell injection. However, the README explicitly states it's 'not production ready' and clarifies that 'mcp-front handles authentication, MCP servers handle authorization and input validation,' shifting responsibility for backend data integrity to the configured MCP servers. Granting Docker socket access for 'stdio' transport also presents a significant privilege escalation risk if not managed carefully.
Updated: 2026-01-19GitHub
43
3
Low Cost
isaacpalomero icon

promptbook-mcp

by isaacpalomero

Sec9

A server for organizing, managing, and semantically searching AI prompts extracted from coding assistant sessions.

Setup Requirements

  • ⚠️Requires Python 3.9+ and pip-installable dependencies (mcp, chromadb, sentence-transformers, watchdog).
  • ⚠️Requires a minimum of 2GB RAM for local embedding models.
  • ⚠️Optional: If 'lmstudio' is chosen as the `EMBEDDING_PROVIDER`, an LMStudio server instance must be running locally.
  • ⚠️An MCP-compatible client (e.g., Claude Desktop) needs to be configured to interact with this server.
Verified SafeView Analysis
The server implements strong path validation (`_validate_safe_path`) to prevent directory traversal and the use of absolute paths in user-controlled inputs. JSON parsing is utilized for internal index files, mitigating risks associated with arbitrary code injection. Configuration relies on environment variables, preventing hardcoded secrets. No direct use of `eval` or `os.system` with untrusted input was identified in the provided source code.
Updated: 2025-12-09GitHub
43
13
Medium Cost
hemanth icon

mcp-web-client

by hemanth

Sec8

A web-based client for the Model Context Protocol (MCP), enabling users to connect to multiple MCP servers, browse tools/resources/prompts, and interact via an AI-powered chat interface.

Setup Requirements

  • ⚠️Requires API keys for OpenAI, Anthropic, or Google Gemini LLM providers (paid services).
  • ⚠️Requires GitHub account client ID and secret for user authentication.
  • ⚠️Requires Cloudflare D1 database setup (CF_ACCOUNT_ID, D1_DATABASE_ID, CF_API_TOKEN) for persistent server configurations.
  • ⚠️If using the Ollama LLM provider, a local Ollama instance must be running.
Verified SafeView Analysis
The server uses `new Function()` for executing JavaScript orchestration code, which, while scoped, is a dynamic code execution method. It also acts as a proxy for user-defined MCP servers and LLM APIs, meaning the backend will make requests to arbitrary external URLs based on user input. This inherent design choice, while necessary for functionality, introduces potential risks like Server-Side Request Forgery (SSRF) or proxy abuse if deployed without proper network-level isolation or rate limiting. OAuth credentials and client registrations are stored in `localStorage` on the client-side, making them vulnerable to Cross-Site Scripting (XSS) attacks if any exist on the site. However, no direct 'eval' or hardcoded secrets were found.
Updated: 2026-01-18GitHub
43
14
Medium Cost
julymetodiev icon

post-cortex

by julymetodiev

Sec9

Provides long-term, persistent memory and knowledge management for AI assistants, enabling them to store, semantically search, and retrieve conversation context, decisions, and code-related insights.

Setup Requirements

  • ⚠️If using SurrealDB as the storage backend (instead of default RocksDB), a separate SurrealDB instance needs to be set up and configured, along with corresponding entries in `daemon.toml`.
  • ⚠️When first using semantic search features, an embedding model (e.g., MultilingualMiniLM) will be downloaded from HuggingFace, requiring an internet connection and local disk space. This happens automatically on first use and is then cached.
  • ⚠️For integration with Claude Desktop, a specific configuration entry must be manually added to `~/Library/Application Support/Claude/claude_desktop_config.json`.
Verified SafeView Analysis
The server demonstrates a strong security posture. It is designed for local processing with explicit claims of 'no external APIs' for core operations, enhancing privacy. Input validation and type coercion are rigorously applied to tool parameters (see `daemon/validate.rs` and `daemon/coerce.rs`), mitigating injection and misuse vulnerabilities. The use of robust, lock-free concurrency primitives (ArcSwap, DashMap) minimizes common concurrency bugs that could have security implications. No 'eval' or dynamic code execution patterns were identified. While it exposes a network-facing daemon (defaulting to localhost), this is a common pattern for local services. The initial download of embedding models from HuggingFace requires internet access but is from a trusted source and cached locally, with inference then performed entirely offline. No hardcoded secrets were found; external database credentials (for SurrealDB) are user-provided configuration.
Updated: 2026-01-16GitHub
43
34
Medium Cost
hauptsacheNet icon

typo3-mcp-server

by hauptsacheNet

Sec9

Enables AI assistants to safely view, manage, and analyze TYPO3 pages and records through its workspace system.

Setup Requirements

  • ⚠️Requires `ANTHROPIC_API_KEY` environment variable for LLM-specific tests, which will incur API costs.
  • ⚠️Requires TYPO3 v13.4+.
  • ⚠️Requires TYPO3 Workspaces extension (automatically installed as dependency).
  • ⚠️Requires PHP 8.1.0-8.4.99.
Verified SafeView Analysis
All AI-driven content changes are automatically queued in TYPO3 workspaces, requiring explicit publishing to become live. Authentication uses OAuth for backend users. Input validation and SQL injection protection are implemented (e.g., in `SearchTool`). File system access (e.g., `sys_file_reference`) for inline relations is intentionally restricted due to workspace limitations. A default admin password (`Admin123!`) is hardcoded in the `Build/setup-typo3.sh` setup script for bootstrapping local/test environments, which is a weak default but not a production application secret.
Updated: 2026-01-11GitHub
43
27
High Cost
damionrashford icon

RivalSearchMCP

by damionrashford

Sec9

Advanced MCP server for web research, content discovery, and trends analysis, integrating AI for enhanced insights and orchestrating various data gathering tools.

Setup Requirements

  • ⚠️For PubMed searches, the hardcoded 'Email' header in `src/core/scientific/search/providers/pubmed.py` (research@example.com) might be flagged by NCBI for excessive use. Users should consider replacing it with their actual email for better practice and higher limits.
  • ⚠️AI-enhanced research (research_workflow) leverages OpenRouter. While it attempts to find free models, providing an `OPENROUTER_API_KEY` is recommended for reliability and potentially better performance/access to advanced models. Without it, fallback free models are used, which may have varying performance.
Verified SafeView Analysis
The server demonstrates a strong focus on security. It includes explicit `RateLimiter` and `InputValidator` modules. The `InputValidator` defines and checks for `DANGEROUS_PATTERNS` like script injection, iframes, directory traversal, and `eval`/`exec` calls in user queries and URLs, which is a critical protection against common web vulnerabilities. Numeric and boolean parameters are also validated. The `SecurityMiddleware` integrates these components to block suspicious requests. `OPENROUTER_API_KEY` is retrieved from environment variables, preventing hardcoded secrets. While comprehensive, no system is perfectly impenetrable, hence a score of 9.
Updated: 2026-01-18GitHub
43
36
Medium Cost
avivsinai icon

langfuse-mcp

by avivsinai

Sec9

Provides a comprehensive Model Context Protocol (MCP) server for Langfuse, enabling AI agents to debug, analyze, and manage AI traces, observations, sessions, exceptions, and prompts.

Setup Requirements

  • ⚠️Requires Langfuse API Keys (public, secret, host) for authentication to a Langfuse instance.
  • ⚠️Does not support Python 3.14 (requires Python 3.10-3.13 due to Langfuse SDK's Pydantic v1 dependency).
  • ⚠️Relies on 'uvx' for execution, which implies 'uv' (or 'pipx') needs to be pre-installed on the system.
Verified SafeView Analysis
The server handles sensitive Langfuse API keys (Public, Secret), which are expected to be securely provided via environment variables or configuration files, not hardcoded. The `full_json_file` output mode can export sensitive AI trace data to the local filesystem (defaulting to `/tmp/langfuse_mcp_dumps`), which requires user awareness for data handling and storage location. The `SECURITY.md` outlines responsible disclosure. No direct code vulnerabilities like `eval` or arbitrary command injection are apparent; interactions are primarily with the Langfuse API.
Updated: 2026-01-19GitHub
43
33
Medium Cost
jsdelivr icon
Sec9

Enables AI models to interact with a global network measurement platform through natural language, allowing LLMs to run various network tests and access data from thousands of probes worldwide.

Setup Requirements

  • ⚠️Requires a Cloudflare Workers environment for deployment and operation.
  • ⚠️Requires `GLOBALPING_CLIENT_ID` environment variable for OAuth authentication.
  • ⚠️Requires a Cloudflare KV namespace binding named `OAUTH_KV` for OAuth state management.
Verified SafeView Analysis
The server implements strong security measures, including robust URL and target validation to prevent DNS rebinding attacks, open redirects, and unauthorized internal network scanning. PKCE is used for OAuth, and API tokens are validated via regex. No obvious hardcoded secrets or dangerous functions like 'eval' are present. The Cloudflare Workers environment also adds a layer of sandboxed security.
Updated: 2025-11-29GitHub
43
40
Medium Cost
loonghao icon
Sec4

A Model Context Protocol (MCP) server that enables AI assistants to seamlessly access Autodesk ShotGrid (Flow Production Tracking) data.

Setup Requirements

  • ⚠️Requires ShotGrid credentials (`SHOTGRID_URL`, `SHOTGRID_SCRIPT_NAME`, `SHOTGRID_SCRIPT_KEY`) set as environment variables or provided via HTTP headers.
  • ⚠️The `download_file` utility, used for thumbnails, has insecure fallbacks that disable SSL verification, posing a security risk for data integrity.
  • ⚠️For HTTP/ASGI deployments, authentication and HTTPS must be manually configured via middleware; they are not enabled by default.
  • ⚠️Python 3.8+ is required.
  • ⚠️The `sg_text_search` tool requires input text to be at least 3 characters long, otherwise it will raise an error.
Review RequiredView Analysis
The `download_file` utility in `src/shotgrid_mcp_server/utils.py` contains fallback mechanisms that disable SSL certificate verification (`ssl.CERT_NONE`, `ssl._create_unverified_context()`). While presented as a last resort, this introduces a critical vulnerability to Man-in-the-Middle attacks, compromising data integrity for downloaded files (e.g., thumbnails). Additionally, the default HTTP/ASGI server deployments (e.g., `uvicorn shotgrid_mcp_server.asgi:app`) do not include built-in authentication or HTTPS enforcement. Although the documentation correctly advises users to implement these via middleware in production, the lack of an enforced secure-by-default configuration for remote access relies heavily on user vigilance, increasing the risk of insecure deployments. No hardcoded secrets were found in core server logic.
Updated: 2026-01-17GitHub
PreviousPage 74 of 760Next