Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

43
24
Medium Cost
themesberg icon

flowbite-mcp

by themesberg

Sec9

Enables AI assistants to create UI components using the Flowbite library and generate custom Tailwind CSS themes.

Setup Requirements

  • ⚠️Requires a Figma personal access token (`FIGMA_ACCESS_TOKEN`) to use the 'Figma to code' tool.
  • ⚠️Different client configurations are needed for `stdio` (default for CLI) vs. `http` (for server deployments) transport modes.
  • ⚠️Running locally requires `npm install` and `npm run build` or `npx` for a simpler startup.
Verified SafeView Analysis
The server primarily handles API calls to Figma (with an environment variable token) and internal data processing for theme generation. User-provided URLs for Figma are sanitized using `encodeURIComponent` before being used in API requests. File paths for data loading are constructed from internal application paths, limiting exposure. No direct 'eval' or obvious malicious patterns were found. Logging of requests and responses is implemented. The Docker setup mounts data as read-only, enhancing security.
Updated: 2026-01-04GitHub
43
32
Medium Cost
kelvin6365 icon

plane-mcp-server

by kelvin6365

Sec9

Enables LLMs to interact with Plane.so to manage projects and issues through its API, facilitating project management workflows.

Setup Requirements

  • ⚠️Requires a Plane.so API Key and Workspace (obtained from a Plane.so account)
  • ⚠️Requires Node.js 22.x or higher
Verified SafeView Analysis
The server securely loads API keys and workspace slugs from environment variables, preventing hardcoding. It explicitly checks for the presence of required environment variables (`PLANE_API_KEY`, `PLANE_WORKSPACE_SLUG`). Input schemas are defined for tools, and additional runtime checks are performed on critical arguments like `project_id`. The `create-issue` and `update-issue` tools include robust logic to handle potentially malformed `assignees` input from LLMs, reducing the risk of invalid data being sent to the Plane API. All external API calls are made using `fetch` with proper error handling. No `eval` or other dynamic code execution is observed.
Updated: 2025-12-06GitHub
43
44
Medium Cost
jango-blockchained icon

advanced-homeassistant-mcp

by jango-blockchained

Sec9

A powerful, secure, and extensible Model Context Protocol (MCP) server that enables AI assistants like Claude, GPT, and Cursor to seamlessly interact with Home Assistant. Control your lights, climate, automations, and more through natural language commands.

Setup Requirements

  • ⚠️Requires a running Home Assistant instance with a long-lived access token.
  • ⚠️Bun runtime (v1.0.26+) is recommended for optimal performance.
  • ⚠️Speech features (wake word, speech-to-text, AI parsing) may require Docker and external AI API keys (e.g., Anthropic API Key for advanced NLP).
Verified SafeView Analysis
The server implements comprehensive security measures including rate limiting, input sanitization (using `sanitize-html` and custom logic), JWT authentication, and security headers (using `helmet`). Critical secrets like `HASS_TOKEN`, `ANTHROPIC_API_KEY`, and `JWT_SECRET` are correctly managed via environment variables. CORS is broadly enabled (`Access-Control-Allow-Origin: *`) in some HTTP contexts, which is often necessary for client-facing APIs like MCP, but should be noted. No direct `eval` calls, code obfuscation, or obvious malicious patterns were found; JSON parsing is used for standard JSON-RPC/WebSocket communication.
Updated: 2026-01-19GitHub
43
49
Medium Cost
rulego icon

rulego-server

by rulego

Sec6

A lightweight, high-performance, and modular automation workflow platform for orchestration, iPaaS, API/AI orchestration, data processing, and IoT rule engine scenarios.

Setup Requirements

  • ⚠️Requires Go (v1.23+) for server compilation and Node.js/npm for UI compilation.
  • ⚠️Default `require_auth = false` in `config.conf` must be set to `true` and `jwt_secret_key`/user credentials configured for production security.
  • ⚠️Multiple compilation tags (`with_extend`, `with_ai`, `with_ci`, `with_iot`, `with_etl`, `use_fasthttp`) are available, requiring specific builds to enable certain functionalities and components.
Review RequiredView Analysis
The server allows execution of commands via `cmd_white_list` and loading of Lua libraries (`load_lua_libs = true`), which introduce potential code execution risks if not managed carefully. The default configuration `require_auth = false` is a critical security vulnerability, as it bypasses user authentication, allowing anyone to manage workflows and expose internal data/APIs. The example `jwt_secret_key` and `api_key` in `config.conf` should never be used in production.
Updated: 2026-01-09GitHub
42
7
Medium Cost
mdrideout icon

viberag

by mdrideout

Sec9

Local codebase semantic search (RAG) for AI coding assistants via MCP server.

Setup Requirements

  • ⚠️Requires Node.js 20 or later; Node.js 24+ may have compatibility issues with native tree-sitter bindings (Node.js 22 LTS is recommended).
  • ⚠️Cloud embedding providers (Gemini, Mistral, OpenAI) require API keys, which may incur costs (free tier available for Gemini, others are paid).
  • ⚠️The local embedding model (Qwen3-Embedding-0.6B Q8) requires a ~700MB download and can use ~1.5GB RAM for operation.
Verified SafeView Analysis
The server uses local IPC (Unix sockets/named pipes) for client communication, limiting network exposure. API keys for cloud embedding providers are loaded from a local configuration file (.viberag/config.json) which is designed to be `.gitignore`-ed, preventing accidental exposure in source control. No direct usage of 'eval' or other highly dynamic code execution methods was found for processing external input. File system operations are scoped to the project root, and `.gitignore` is honored for exclusions. The system relies on external cloud services for embedding if configured, which introduces a dependency on the security of those providers.
Updated: 2026-01-18GitHub
42
12
Medium Cost
opentargets icon

otar-mcp

by opentargets

Sec9

The MCP server enables AI assistants to interact with the Open Targets Platform GraphQL API for comprehensive target-disease associations and drug discovery data.

Setup Requirements

  • ⚠️Requires Python 3.10 - 3.13.
  • ⚠️Relies on the `uv` package manager for quick installation and advanced deployment.
  • ⚠️Functions by making external API calls to the Open Targets Platform GraphQL API (api.platform.opentargets.org), requiring external network access.
Verified SafeView Analysis
The server explicitly uses `jq.compile()` for optional server-side JSON filtering. While `jq` filters are executed from a string, the `jq` library is a well-vetted JSON processing tool, not a Python `eval()` equivalent for arbitrary code execution. Risks are primarily confined to malformed filters causing processing errors or inefficiency rather than system compromise. The server implements adaptive rate limiting to prevent abuse and masks error details to prevent information leakage, both strong security practices. It also does not collect, store, or process any personal data.
Updated: 2026-01-11GitHub
42
1
Low Cost
foscomputerservices icon

homebrew-tap

by foscomputerservices

Sec8

Provides a local Multi-Client Protocol (MCP) server for a searchable knowledge base of development learnings, intended for integration with Claude clients.

Setup Requirements

  • ⚠️Requires Python 3.12 to be installed (managed by Homebrew).
  • ⚠️Requires manual initialization via `hindsight-init` after installation.
  • ⚠️Requires manual configuration in your Claude client (Code or Desktop) after initialization.
Verified SafeView Analysis
The Homebrew formula itself uses standard practices and does not contain obvious security flaws such as 'eval' or hardcoded secrets. It creates a Python virtual environment and installs 'mcp' and 'python-dateutil' from PyPI without specific version pinning, relying on PyPI's integrity. The actual server logic ('server.py') is not provided in this scope, so the security of the server implementation itself cannot be fully assessed. Assumes the 'hindsight-mcp' project's code is trustworthy.
Updated: 2025-12-04GitHub
42
72
Medium Cost
MatanYemini icon

bitbucket-mcp

by MatanYemini

Sec8

AI assistant integration with Bitbucket for repository, pull request, and pipeline management, enabling AI to interact with code and development workflows.

Setup Requirements

  • ⚠️Requires Node.js 18 or higher.
  • ⚠️Requires a Bitbucket App Password with specific permissions (minimum: Repositories: Read, Pull requests: Read/Write, Pipelines: Read) or an access token.
  • ⚠️BITBUCKET_USERNAME typically requires your Bitbucket email address, not your display name.
Verified SafeView Analysis
The `README.md` states 'no DELETE operations are used', which is contradicted by the source code including `deletePullRequestComment` and `deletePullRequestTask`. However, these 'dangerous' tools are explicitly gated by the `BITBUCKET_ENABLE_DANGEROUS` environment variable, which is disabled by default, ensuring that destructive actions are opt-in. Authentication credentials (token or username/password) are sourced from environment variables, preventing hardcoded secrets. While `logger.info` calls log tool arguments (e.g., PR titles, descriptions) which could contain sensitive metadata, direct logging of authentication credentials is avoided. The project utilizes CodeQL for security scanning as indicated by the badge.
Updated: 2026-01-05GitHub
42
1
Low Cost
MicroMichaelIE icon

mcp-copilotcli-history

by MicroMichaelIE

Sec9

Search and analyze GitHub Copilot conversation history to find past interactions, tool usage, and session statistics.

Setup Requirements

  • ⚠️Requires Python 3.13 or newer
  • ⚠️Relies on GitHub Copilot's local session history (~/.copilot/session-state/) being present
  • ⚠️Requires an MCP-enabled client (e.g., Claude Desktop, VS Code, Zed) for interaction
Verified SafeView Analysis
The server's primary function is to access local user data (~/.copilot/session-state/). It properly handles file I/O, JSON parsing, and regex compilation within try-except blocks. It does not appear to expose network services or process arbitrary remote input, mitigating common web vulnerabilities. The `SESSION_STATE_DIR` environment variable allows for explicit control over the session data path, enhancing security in sandboxed environments.
Updated: 2025-12-05GitHub
42
5
Low Cost
danielealbano icon
Sec8

Interacting with Azure DevOps Boards and Work Items via a Model Context Protocol (MCP) server.

Setup Requirements

  • ⚠️Requires Azure CLI to be installed and authenticated (`az login`) for all Azure DevOps interactions.
  • ⚠️HTTP Server mode binds to all network interfaces (`0.0.0.0`) by default, which may require firewall configuration to restrict access.
Verified SafeView Analysis
The server relies on standard Azure CLI authentication (`az login`), which is generally secure as it avoids hardcoding credentials within the application. HTTP server mode binds to `0.0.0.0` (all network interfaces) by default, meaning it can be externally accessible if not firewalled. The project explicitly recommends `stdio` mode for enhanced security.
Updated: 2025-12-07GitHub
42
28
High Cost
KhaiHuynhVN icon
Sec9

Facilitates advanced, persistent user-AI agent interaction by providing a modern UI for text input, file/folder attachment, and multi-image management, designed to integrate with Model Context Protocol (MCP) systems.

Setup Requirements

  • ⚠️Requires Python 3.8+ (although pyproject.toml specifies >=3.13, the README states 3.8+).
  • ⚠️Manual configuration of Claude Desktop/Cursor IDE's 'mcpServers' config file is required, including replacing an absolute path.
  • ⚠️Custom AI Agent Rules (prompts) from 'rule_for_ai_EN.txt' or 'rule_for_ai_VI.txt' MUST be copied and pasted into the AI's custom instructions for proper function.
Verified SafeView Analysis
The server employs good security practices, including suppressing all stderr output to prevent sensitive information leakage during MCP stdio transport. File operations are primarily local, restricted to a 'user_images' directory for image storage (with auto-cleanup logic), and an 'ai_interaction_bridge' for inter-process communication. Path validation is implemented for user-selected workspace files. There are no indications of hardcoded secrets or network calls to unknown external services for data exfiltration. The primary security consideration arises from the inherent nature of an AI agent interacting with a local file system, which this tool attempts to mitigate through validation and local-only operations.
Updated: 2026-01-19GitHub
42
30
Medium Cost
itential icon

itential-mcp

by itential

Sec7

Connects LLMs to the Itential Platform, enabling AI agents to manage network automation workflows, device configurations, orchestrate processes, and monitor platform health and operations.

Setup Requirements

  • ⚠️Requires access to a running Itential Platform instance.
  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Default platform credentials (`admin:admin`) must be overridden for secure production deployments.
  • ⚠️If exposed via HTTP/SSE, proper TLS configuration (`--certificate-file`, `--private-key-file`) is recommended for secure communication.
Verified SafeView Analysis
The server uses `jsonutils.loads` which wraps `json.loads` with error handling, reducing direct code injection risks from JSON inputs. However, default platform credentials (`admin:admin`) are hardcoded in `defaults.py`, posing a significant risk if not overridden. Dynamic tool discovery from a configurable `tools_path` means malicious Python modules placed in these locations could be executed if an attacker gains filesystem access. Robust authentication (JWT, OAuth 2.0) and TLS options are available, but explicit warnings are present for disabling TLS verification, highlighting potential misconfigurations. Overall, the system offers secure options but requires careful setup beyond defaults to avoid critical vulnerabilities.
Updated: 2026-01-16GitHub
PreviousPage 77 of 760Next