Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

42
1
Medium Cost
Aiden12581 icon

SpringAIAlibaba

by Aiden12581

Sec9

This repository provides a collection of Spring AI examples demonstrating various integrations with Alibaba Cloud's DashScope platform, covering chat, streaming, prompt engineering, structured output, memory, text-to-image, text-to-speech, embeddings, RAG, and tool calling.

Setup Requirements

  • ⚠️Requires Alibaba Cloud DashScope API Key (a paid service) configured as an environment variable `aliQwen-api` or a Spring property `spring.ai.dashscope.api-key`.
  • ⚠️Requires a running Redis instance for chat memory (SAA-08Persistent) and vector store (SAA-11Embed2vector, SAA-12RAG4AiOps).
  • ⚠️The SAA-02Ollama module requires a local Ollama instance running with the appropriate model.
  • ⚠️The SAA-18TodayMenu module requires a Bailian platform App ID configured via `spring.ai.dashscope.agent.options.app-id`.
Verified SafeView Analysis
The code uses environment variables or Spring's @Value annotation for API keys and other sensitive configurations (e.g., aliQwen-api, Redis host/port, Bailian App ID), which is good practice and avoids hardcoded secrets. No 'eval' or other direct code injection vulnerabilities were found. Standard web application security considerations apply.
Updated: 2025-11-28GitHub
42
13
Low Cost
poly-mcp icon
Sec9

A secure, production-ready IoT/Edge server designed to expose industrial protocols (MQTT, Modbus) via a unified HTTP API, enabling AI agents to monitor and control industrial infrastructure through the PolyMCP framework.

Setup Requirements

  • ⚠️Requires explicit setting of several critical environment variables (JWT_SECRET_KEY, ENCRYPTION_KEY, AUDIT_HMAC_KEY, MQTT_COMMAND_HMAC_KEY) for production (IOT_ENV=production). Ephemeral keys are used in development with warnings.
  • ⚠️Mandatory use of Pydantic v2 APIs; Pydantic v1 is not supported.
  • ⚠️Full functionality in production requires external dependencies like an MQTT broker, InfluxDB 2.0+, Redis, and Modbus devices (though some are optional depending on the exact use case).
Verified SafeView Analysis
The project demonstrates a high level of security awareness. It employs a security-first design with comprehensive measures: - **Input Validation & Sanitization:** Extensive use of `bleach` and custom validation (`validate_sensor_id`, `sanitize_dict`, etc.) prevents common injection attacks. - **Authentication & Authorization:** API key (`X-API-Key`) and JWT bearer token authentication, coupled with IP allowlisting (CIDR) and request/command rate limiting. - **Data Protection:** Fernet encryption for sensitive configuration data (passwords, tokens), and HMAC signatures for MQTT commands and audit log chaining (tamper-evident). - **Secrets Management:** Environment variables are strictly enforced for critical secrets in production mode, with ephemeral secrets generated in development only as a warning. - **Network Security:** MQTT supports TLS/SSL with client certificates. Modbus includes allowed address configuration per device. - **Audit Trail:** A robust audit logging system uses HMAC chaining to ensure log integrity. - **Dependency Security:** Relies on well-vetted libraries like `cryptography`, `pyjwt`, `passlib`, and `bleach`. - **Code Quality:** No obvious 'eval', obfuscation, or other immediately malicious patterns found. Error handling is generally good. The score is very high due to the comprehensive and thoughtful implementation of security, including defensive programming, strong cryptographic primitives, and secure defaults. Minor deductions account for the inherent complexity of integrating multiple protocols and external systems, which always carries some residual risk if not configured perfectly by the user.
Updated: 2026-01-09GitHub
42
40
Medium Cost
seuros icon
Sec7

This server demonstrates integrating the ActionMCP gem into a Ruby on Rails application to expose AI-callable tools, prompts, and resource templates for language models.

Setup Requirements

  • ⚠️Requires Ruby (specific version in .ruby-version)
  • ⚠️Requires PostgreSQL (Docker recommended for easy setup via `make up`)
  • ⚠️Requires Node.js/npm for the `npx @modelcontextprotocol/inspector` client for interactive testing
Verified SafeView Analysis
The application implements JWT-based authentication, which is a good practice. However, `docker-compose.yml` contains hardcoded development secrets (`SECRET_KEY_BASE`, `ACTION_MCP_JWT_SECRET`) which, while clearly marked for development, should ideally be managed via more secure means even for local environments (e.g., Rails credentials, Docker secrets). Tools like `RubocopTool` and `RubyCodeAnalyzerTool` process user-provided code/paths for static analysis; while not arbitrary execution, such operations always carry a risk of parser-level vulnerabilities or unintended information disclosure if input is not rigorously validated or if the environment is not secured. The `StartWorldWar3Tool` is explicitly marked as 'destructive' (mock functionality), highlighting a need for stringent authorization for any real-world destructive tools.
Updated: 2026-01-09GitHub
42
35
Medium Cost
Dishant27 icon
Sec8

This server acts as a Model Context Protocol (MCP) tool to enable LLMs to interact with the LinkedIn API for professional network data retrieval and interaction.

Setup Requirements

  • ⚠️Access to many LinkedIn APIs (e.g., People Search, Profile API, Messaging) is highly restricted by LinkedIn and often requires specific partner programs or explicit user authorization (OAuth 2.0 Authorization Code flow), which the current client_credentials authentication method does not support. This means many advertised functionalities (like sending messages, searching general profiles, or getting user connections) are likely non-functional for standard developer accounts.
  • ⚠️Requires Node.js 16+ to run the server.
  • ⚠️When configuring with an LLM like Claude Desktop, an absolute path to the compiled `index.js` file is required in the `claude_desktop_config.json`.
Verified SafeView Analysis
The server correctly loads credentials from environment variables, preventing hardcoded secrets. It implements OAuth 2.0 (client credentials and refresh token) using standard libraries (axios). There is no use of 'eval' or code obfuscation. Error handling is present for authentication and API requests. The core security mechanisms for handling credentials and making requests are implemented with good practices. The primary limitation will be LinkedIn's API access restrictions, which are a functional constraint rather than a code security flaw.
Updated: 2026-01-19GitHub
42
56
High Cost
mikepenz icon

adbfriend

by mikepenz

Sec8

Enables AI agents to manage Android devices, sync files, configure for tests, and perform package operations via ADB for development and testing.

Setup Requirements

  • ⚠️Requires `adb` binary to be installed and accessible in the system PATH.
  • ⚠️The `ANDROID_HOME` environment variable may need to be set to locate the Android SDK if `adb` is not in the system PATH.
  • ⚠️File system operations are restricted to `allowed_paths` on the Android device (default: `/sdcard/Download/`) and `host_allowed_paths` on the host system (default: `~/adbfriend`). These paths must be configured by the user if access to other directories is required.
Verified SafeView Analysis
The server executes ADB shell commands, which inherently carry a risk if user input is not properly sanitized. However, the project employs `escapeForSync()` and `escapeForMD5()` functions to mitigate shell injection risks. Crucially, file system operations (read, write, delete, move, copy-to-host, install-apk) are restricted to user-defined `allowed_paths` on the Android device and `host_allowed_paths` on the host system, significantly reducing the attack surface for arbitrary file access. Destructive operations are explicitly marked as such via MCP annotations. No 'eval' or obvious obfuscation was found.
Updated: 2026-01-08GitHub
42
6
Medium Cost
DePasqualeOrg icon

mcp-swift-sdk

by DePasqualeOrg

Sec8

Implement and integrate Model Context Protocol (MCP) servers and clients in Swift, enabling AI agents and applications to discover and interact with tools, resources, and conversational prompts over HTTP.

Setup Requirements

  • ⚠️Requires Swift 6.0+ and macOS 14+ (or compatible Linux/other platform for basic features).
  • ⚠️Reliance on Swift Package Manager (SPM) for building and running.
  • ⚠️SSE streaming functionality is not fully supported on Linux clients due to `URLSession.AsyncBytes` limitations.
  • ⚠️No built-in OAuth support; authentication needs to be implemented via external framework middleware.
Verified SafeView Analysis
The `HTTPServerTransport` implements DNS rebinding protection, which is crucial for local server deployments. Input validation via JSON Schema is applied to tool parameters using Swift macros. However, a complete OAuth implementation is not yet provided within the SDK itself, implying reliance on the integrating web framework's middleware for authentication. The 'Experimental' task features are explicitly noted as potentially unvetted. Overall, the project demonstrates good security awareness for common web server risks.
Updated: 2026-01-18GitHub
42
25
Low Cost
github-samples icon

turn-based-game-mcp

by github-samples

Sec9

Demonstrates the Model Context Protocol (MCP) by providing a turn-based games platform with an AI opponent that interacts with a Next.js frontend.

Setup Requirements

  • ⚠️The 'shared' workspace must be built before 'web' or 'mcp-server' (`npm run build --workspace=shared`).
  • ⚠️Requires two separate development servers to run concurrently: the Next.js frontend (`npm run dev --workspace=web`) and the MCP server (`npm run dev --workspace=mcp-server`).
  • ⚠️Full utilization of the AI opponent via MCP requires an understanding of the Model Context Protocol and an MCP-compatible client (e.g., VS Code Copilot).
Verified SafeView Analysis
The project implements explicit data sanitization for MCP API endpoints (`/api/games/rock-paper-scissors/mcp`) to prevent the AI from accessing current, uncommitted player moves, which is a strong security measure against cheating. API communication defaults to `http://localhost:3000` which is safe for local development, and allows configuration via `process.env.WEB_API_BASE`. Input validation is performed for game moves. No hardcoded sensitive secrets or 'eval' statements were found. The architecture provides good separation of concerns.
Updated: 2026-01-13GitHub
42
15
High Cost
southleft icon

company-docs-mcp

by southleft

Sec8

Transforms organizational documentation into an AI-powered knowledge base for semantic search, Q&A via chat interface, Claude Desktop, and Slack integration.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid for embeddings and chat completions).
  • ⚠️Requires Supabase account and database setup for content and vector storage.
  • ⚠️The Slack bot's AI prompt is aggressively configured to generate 'extremely long, comprehensive responses' (minimum 3000 words), which can lead to very high OpenAI token usage and costs per query.
Verified SafeView Analysis
The server correctly implements Slack request signature verification. Secrets management is well-documented, advising against committing sensitive data and promoting Cloudflare Worker secrets. CORS is broadly set to '*' which could be a risk if exposed publicly without additional authentication. The use of Supabase Service Role Key is noted in ingestion scripts and could be a risk if not securely managed.
Updated: 2025-11-23GitHub
42
1
Low Cost
kukapay icon

backtrader-mcp

by kukapay

Sec2

An AI-accessible MCP server for Backtrader, enabling agents to run, analyze, and optimize trading strategies through natural language prompts.

Setup Requirements

  • ⚠️Requires Python 3.10+
  • ⚠️Requires 'uv' for dependency management (recommended)
  • ⚠️Requires MCP CLI installation (`uv run mcp install main.py`)
Review RequiredView Analysis
The `run_backtest` tool uses `exec(strategy_code, {}, local_ns)` to execute user-provided Python code directly. This is a critical security vulnerability as it allows arbitrary code execution. An attacker could inject malicious Python code (e.g., `import os; os.system('rm -rf /')`) leading to severe system compromise, data theft, or denial of service if the server is exposed to untrusted input. While the `exec` call uses empty globals, core built-ins and module imports are still accessible.
Updated: 2025-11-27GitHub
42
1
High Cost
TiKcoc icon

orkel

by TiKcoc

Sec9

Generating AI-powered creative content including images, 3D models, and procedural environments using generative AI frameworks like Stable Diffusion, TripoSR, and Infinigen.

Setup Requirements

  • ⚠️Requires AMD GPU with ROCm support for optimal performance and compatibility (explicitly mentioned for SDNext and TripoSR).
  • ⚠️Significant disk space (hundreds of GBs) and RAM required for AI models and dependencies.
  • ⚠️Specific Python versions might be preferred or required (e.g., Python 3.11 for Infinigen setup option).
Verified SafeView Analysis
Setup scripts use standard package management (pip, docker pull from official registries) and do not contain obvious 'eval', obfuscation, or hardcoded secrets. The primary security consideration would be the integrity and safety of the upstream `infinigen`, `sdnext`, and `TripoSR` project dependencies themselves, which are not detailed in this source.
Updated: 2025-11-28GitHub
42
23
High Cost
botingw icon
Sec4

Provides a RAG and Knowledge Graph powered backend for grounding AI coding assistants in the LangGraph ecosystem, improving code generation accuracy and reducing hallucinations.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid Service) for embeddings and LLM interactions.
  • ⚠️Requires a Supabase Project (PostgreSQL with pgvector) URL and Service Role Key.
  • ⚠️Requires a Neo4j Graph Database instance (AuraDB or local desktop) URI, User, and Password.
  • ⚠️Requires Docker (recommended) or Python 3.12+ with `uv` for local development setup.
  • ⚠️Specific `NEO4J_URI` configuration is required based on whether Neo4j is running on the host (for Docker) or locally (for local development).
  • ⚠️Database SSL certificate validation (`rejectUnauthorized: false`) is disabled by default in production mode, which is a security risk.
Review RequiredView Analysis
Critical: Admin authentication uses direct plaintext password comparison (from environment variable) with no rate limiting, vulnerable to brute-force attacks. Database SSL (`rejectUnauthorized: false`) is insecure in production, risking Man-in-the-Middle (MITM) attacks. High Risk: Python tools (`llm_api.py` for LLM interaction, `web_scraper.py` for web scraping) expose potential local file exfiltration (via image encoding or generic file read prompts) and arbitrary URL fetching if AI agents are maliciously prompted. Minor: Content Security Policy (CSP) and Cross-Origin Embedder Policy are disabled in development mode for the Express API, requiring hardening for production. Logging of environment variable keys at startup in `llm_api.py` is a minor information leak.
Updated: 2025-11-29GitHub
42
19
High Cost
divar-ir icon

zoekt-mcp

by divar-ir

Sec8

Provides code search and content fetching capabilities using Zoekt, designed for integration with AI assistants and LLMs.

Setup Requirements

  • ⚠️Requires a running Zoekt search server instance.
  • ⚠️Requires Python 3.13+.
  • ⚠️Requires ZOEKT_API_URL environment variable to be set.
Verified SafeView Analysis
The server's primary function is to proxy and format requests to a user-configured Zoekt instance. Its security largely depends on the trustworthiness and proper configuration of the external Zoekt instance. No direct code execution vulnerabilities (e.g., eval) or hardcoded secrets were found in the provided source.
Updated: 2025-11-25GitHub
PreviousPage 79 of 760Next