Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(7756)

43
33
Medium Cost
aliyun icon
Sec7

The server provides AI assistants with tools to interact with Alibaba Cloud DevOps (Yunxiao) for project management, code operations (repositories, branches, merge requests), CI/CD pipelines, artifact management, application delivery, and test management, assisting development teams in automating tasks and optimizing workflows.

Setup Requirements

  • ⚠️Requires Node.js version 18.0.0 or higher.
  • ⚠️Requires an Alibaba Cloud DevOps Personal Access Token (PAT) with extensive read/write permissions across various DevOps modules (organization, project, code, pipeline, artifact, application delivery, test management). Misconfiguration of these permissions could lead to errors or security vulnerabilities.
  • ⚠️The PAT needs to be long-lived as per the documentation's recommendation.
Verified SafeView Analysis
The server uses Zod for input validation, which helps prevent malformed requests. It relies on a `YUNXIAO_ACCESS_TOKEN` for authentication, loaded from environment variables or query parameters in SSE mode, which is good practice to avoid hardcoded secrets. However, the token requires 'read and write permissions to all APIs under organization management, project collaboration, code management, pipeline management, artifact repository management, application delivery and testing management'. This grants extensive access, making token compromise a critical risk. There are no obvious 'eval' or direct shell execution patterns found in the provided truncated code, relying on `fetch` for API calls.
Updated: 2025-12-12GitHub
43
34
Medium Cost
PaddleHQ icon
Sec9

Enables AI agents and LLMs to manage Paddle Billing entities like products, prices, subscriptions, customers, and transactions through a Model Context Protocol (MCP) server.

Setup Requirements

  • ⚠️Requires Paddle API Key (a Paddle account is necessary, production use may incur costs).
  • ⚠️Requires a Node.js environment and pnpm for installation and execution.
  • ⚠️Requires configuration in an MCP-compatible client (e.g., Cursor, VS Code) to connect and utilize the server.
Verified SafeView Analysis
The server uses environment variables for API keys (PADDLE_API_KEY), which is a good practice to avoid hardcoding secrets. Input parameters are strictly validated using Zod schemas, mitigating risks from malformed inputs. Tool execution is limited to a predefined set of functions, preventing arbitrary code execution. The filtering mechanism for tools ('all', 'read-only', 'non-destructive', 'specific') allows for fine-grained control over accessible functionalities, enhancing security. No direct 'eval' or obvious malicious patterns were found in the provided source code.
Updated: 2025-12-01GitHub
43
34
Medium Cost
wheattoast11 icon
Sec9

A multi-agent AI research server specializing in deep, evidence-based investigations, semantic knowledge retrieval, and comprehensive synthesis, supporting multimodal input and session time-travel.

Setup Requirements

  • ⚠️Requires an OpenRouter API Key (Paid) for all LLM interactions.
  • ⚠️Requires Node.js v18 or higher to run.
  • ⚠️Utilizes PGlite for persistent database storage, requiring a local directory with write permissions.
  • ⚠️Generates embeddings using @huggingface/transformers, which downloads a local model (e.g., 'Xenova/all-MiniLM-L6-v2') on first use, potentially consuming significant memory and disk space.
Verified SafeView Analysis
The system demonstrates strong security awareness: API keys and sensitive settings are handled via environment variables. Network hardening includes rate limiting, request size limits, HTTPS enforcement, and JWT/API key authentication. SQL queries are restricted to SELECT statements and dangerous keywords are filtered. The 'calc' tool uses 'new Function()' with strict input validation to prevent arbitrary code execution. Recursive tool calls are controlled by MAX_TOOL_DEPTH to prevent infinite loops. Default CORS of '*' could be a concern for public deployments but is common for APIs expected to be used in controlled environments or via SDKs.
Updated: 2025-12-14GitHub
43
36
Medium Cost
blacktop icon

mcp-tts

by blacktop

Sec9

Provides a Model Context Protocol (MCP) server for Text-to-Speech (TTS) services, integrating macOS built-in 'say', ElevenLabs, Google Gemini TTS, and OpenAI TTS APIs.

Setup Requirements

  • ⚠️Requires API keys for cloud-based TTS services (OpenAI, ElevenLabs, Google/Gemini), which are paid services.
  • ⚠️The `say_tts` tool is only available on macOS.
  • ⚠️Requires Go runtime environment for building and running from source.
Verified SafeView Analysis
The server demonstrates strong security practices as detailed in its `SECURITY_REVIEW.md` and source code. It uses `exec.CommandContext` for the `say_tts` tool, which safely separates commands from arguments, and includes explicit input validation/sanitization for voice parameters to prevent command injection. API keys are loaded from environment variables and masked in logs (`safeLog()`). Resource exhaustion is mitigated with a maximum concurrent request limit (1000) and memory leaks are addressed. A robust, atomic file-based mutex (`cmd/lock.go`) coordinates speech across multiple instances, including stale lock detection and cleanup, further enhancing stability and preventing unintended resource contention. HTTPS is enforced for external API calls, and error handling is designed to avoid information disclosure. While input validation warns about dangerous characters in generic text, it's explicitly allowed to enable full TTS functionality, which is a controlled risk.
Updated: 2025-12-11GitHub
42
1
Low Cost
foscomputerservices icon

homebrew-tap

by foscomputerservices

Sec8

Provides a local Multi-Client Protocol (MCP) server for a searchable knowledge base of development learnings, intended for integration with Claude clients.

Setup Requirements

  • ⚠️Requires Python 3.12 to be installed (managed by Homebrew).
  • ⚠️Requires manual initialization via `hindsight-init` after installation.
  • ⚠️Requires manual configuration in your Claude client (Code or Desktop) after initialization.
Verified SafeView Analysis
The Homebrew formula itself uses standard practices and does not contain obvious security flaws such as 'eval' or hardcoded secrets. It creates a Python virtual environment and installs 'mcp' and 'python-dateutil' from PyPI without specific version pinning, relying on PyPI's integrity. The actual server logic ('server.py') is not provided in this scope, so the security of the server implementation itself cannot be fully assessed. Assumes the 'hindsight-mcp' project's code is trustworthy.
Updated: 2025-12-04GitHub
42
1
Low Cost
MicroMichaelIE icon

mcp-copilotcli-history

by MicroMichaelIE

Sec9

Search and analyze GitHub Copilot conversation history to find past interactions, tool usage, and session statistics.

Setup Requirements

  • ⚠️Requires Python 3.13 or newer
  • ⚠️Relies on GitHub Copilot's local session history (~/.copilot/session-state/) being present
  • ⚠️Requires an MCP-enabled client (e.g., Claude Desktop, VS Code, Zed) for interaction
Verified SafeView Analysis
The server's primary function is to access local user data (~/.copilot/session-state/). It properly handles file I/O, JSON parsing, and regex compilation within try-except blocks. It does not appear to expose network services or process arbitrary remote input, mitigating common web vulnerabilities. The `SESSION_STATE_DIR` environment variable allows for explicit control over the session data path, enhancing security in sandboxed environments.
Updated: 2025-12-05GitHub
42
5
Low Cost
danielealbano icon
Sec8

Interacting with Azure DevOps Boards and Work Items via a Model Context Protocol (MCP) server.

Setup Requirements

  • ⚠️Requires Azure CLI to be installed and authenticated (`az login`) for all Azure DevOps interactions.
  • ⚠️HTTP Server mode binds to all network interfaces (`0.0.0.0`) by default, which may require firewall configuration to restrict access.
Verified SafeView Analysis
The server relies on standard Azure CLI authentication (`az login`), which is generally secure as it avoids hardcoding credentials within the application. HTTP server mode binds to `0.0.0.0` (all network interfaces) by default, meaning it can be externally accessible if not firewalled. The project explicitly recommends `stdio` mode for enhanced security.
Updated: 2025-12-07GitHub
42
28
High Cost
KhaiHuynhVN icon
Sec1

An advanced Model Context Protocol (MCP) server that provides an interactive UI for AI agents, enabling multi-language text input, workspace-aware file/folder attachment, and drag-and-drop multi-image support.

Setup Requirements

  • ⚠️Requires Python 3.8+ (specified Python 3.13 in pyproject.toml, but 3.8+ in README.md).
  • ⚠️Requires manual modification of Claude Desktop's `claude_desktop_config.json` with an absolute path to `mcp_server.py`, a common source of user error.
  • ⚠️REQUIRES copying specific AI Agent Rules (from `rule_for_ai_EN.txt` or `rule_for_ai_VI.txt`) into Claude's custom instructions for proper tag processing and agent behavior.
Review RequiredView Analysis
CRITICAL RISK: The `mcp_server.py` completely disables ALL stderr output, logging, and exception tracebacks (`sys.stderr = _devnull`, `logging.disable(logging.CRITICAL)`, custom silent `sys.excepthook` and `threading.excepthook`). This means any errors, including potential security vulnerabilities, unexpected behavior, or malicious payloads, will fail silently without any diagnostic output or error logging. This severely hampers detection, debugging, and incident response capabilities, making it impossible to monitor the server for abnormal activity. While path validation is present for file attachments, the total suppression of error reporting is a fundamental security flaw. Image files are copied to a `user_images` directory within the project root, and filenames are randomized, which is a reasonable approach for preventing path traversal within that specific directory.
Updated: 2025-12-15GitHub
42
27
Medium Cost
phughesmcr icon

deno-mcp-template

by phughesmcr

Sec8

A comprehensive template for building Model Context Protocol (MCP) servers using Deno, providing examples for prompts, resources, and tools.

Setup Requirements

  • ⚠️Requires Deno runtime to be installed.
  • ⚠️The default `deno run -A` command grants all permissions, which is too broad for production environments and needs to be narrowed down.
  • ⚠️The `KvEventStore` used for session resumability is not production-ready and should be replaced for any production deployment requiring robust state management.
  • ⚠️For DNS rebinding protection or specific CORS control, `ALLOWED_ORIGINS` and `ALLOWED_HOSTS` must be explicitly configured, as the default behavior can be permissive.
  • ⚠️Compiling to a Desktop Extension (DXT) requires `dxt` to be installed globally (`npm install -g @anthropic-ai/dxt`).
Verified SafeView Analysis
The server implements good security practices including CORS, rate limiting, security headers, request timeouts, and DNS rebinding protection. Input validation is performed using Zod and custom validators. However, the default Deno execution with `-A` (all permissions) is too broad for production and requires fine-tuning. The `KvEventStore` for session resumability is explicitly marked as 'not suitable for production use' in the README, indicating a potential weakness for persistent/scalable state management or security if not replaced. CORS protection is configurable but will allow all origins if no allowed origins are specified, which can be a security risk if not explicitly set.
Updated: 2025-11-25GitHub
42
7
Medium Cost
AuraFriday icon
Sec3

Enables AI agents to control Autodesk Fusion 360 for CAD/CAM/CAE operations and execute arbitrary Python code with full system access.

Setup Requirements

  • ⚠️Requires Autodesk Fusion 360 software installed and running.
  • ⚠️Requires the external Aura Friday MCP-Link Server to be downloaded and running locally.
Review RequiredView Analysis
The add-in uses `exec()` with full access to `globals()` to execute arbitrary Python code provided by AI agents. This grants complete, unrestricted system access, including file system, network, and system commands. While the developers are transparent about this ('Python execution has FULL system access. Only run code you trust.'), this design poses a critical security risk if an untrusted or compromised AI agent is used, potentially leading to permanent data loss, file corruption, or unauthorized actions. Additionally, for local HTTPS connections, SSL certificate hostname checking and verification are disabled, which could be a risk if not strictly confined to localhost.
Updated: 2025-11-28GitHub
42
22
Medium Cost
DollhouseMCP icon

mcp-server

by DollhouseMCP

Sec9

An MCP server for managing and customizing AI behavior through modular elements (personas, skills, templates, agents, memories) with built-in version control, robust security, and a community-driven ecosystem.

Setup Requirements

  • ⚠️Requires GitHub account and authentication (OAuth or PAT)
  • ⚠️Requires Node.js (v18.0.0 or higher)
  • ⚠️Optional but recommended: Docker for certain deployments or testing
Verified SafeView Analysis
The project demonstrates exceptional security practices across its codebase. Key measures include: - **Comprehensive Input Validation & Sanitization**: Extensive use of `sanitizeInput`, `UnicodeValidator`, `DOMPurify` to prevent XSS, command injection, and Unicode attacks. - **Secure YAML Parsing**: Utilizes `SecureYamlParser` (which wraps `js-yaml` with `FAILSAFE_SCHEMA`) and performs content validation to prevent YAML injection and YAML bomb attacks. - **Path Traversal Protection**: `PathValidator` and other checks are consistently applied to all file system operations. - **ReDoS Prevention**: `SafeRegex` is employed to analyze and mitigate ReDoS vulnerabilities in regex patterns applied to user input. - **Atomic File Operations**: `FileLockManager` ensures data integrity and prevents race conditions during file I/O. - **Memory Content Security**: `Memory` elements implement `TRUST_LEVELS`, sandbox untrusted content, and `BackgroundValidator` performs asynchronous security scanning of memory entries, with detected patterns encrypted. - **Sensitive Data Handling**: GitHub tokens are encrypted at rest using `crypto` and environment variables are heavily relied upon to avoid hardcoded secrets. - **Audit Logging**: `SecurityMonitor` provides comprehensive audit trails for all security-relevant events, aiding in detection and response. - **Resource Limits**: Implements limits on element sizes, parameter counts, and API request rates to prevent denial-of-service (DoS) attacks. Areas for continuous vigilance exist (as with any complex system), but the foundational security architecture is robust and well-implemented.
Updated: 2025-12-11GitHub
42
29
Low Cost
firstorderai icon

authenticator_mcp

by firstorderai

Sec9

Enables AI agents to securely retrieve 2FA codes, passwords, and account lists from a local desktop Authenticator App for automated login processes.

Setup Requirements

  • ⚠️Requires a separate 'Authenticator App · 2FA' desktop application to be installed and running locally.
  • ⚠️Requires generating and securely providing an access token from the desktop Authenticator App.
  • ⚠️Requires Node.js runtime to execute.
Verified SafeView Analysis
The server's design inherently limits network exposure by communicating credentials solely with a local desktop Authenticator App via localhost (127.0.0.1). It utilizes `zod` for input validation and requires an access token, which can be provided securely via environment variables or CLI arguments. There is no usage of `eval` or similar dangerous functions, and no hardcoded secrets other than the expected localhost endpoint. The `process.stdout.write` override is an unusual but intentional measure to ensure only MCP protocol JSON messages are output.
Updated: 2025-12-02GitHub
PreviousPage 76 of 647Next