Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(7756)

42
1
Low Cost
AIConfigPlaza icon

acp

by AIConfigPlaza

Sec8

A CLI and web platform for managing and sharing AI programming tool configurations (Agents, Prompts, Model Context Protocol Services, and complete Solutions).

Setup Requirements

  • ⚠️Requires GitHub OAuth App setup for `VITE_GITHUB_CLIENT_ID` (frontend) and `GitHub:ClientId`, `GitHub:ClientSecret` (backend).
  • ⚠️Backend server requires environment variables for `ConnectionStrings:DefaultConnection`, `Jwt:Key`, `Jwt:Issuer`, `Jwt:Audience`, `GitHub:ClientId`, `GitHub:ClientSecret` to function correctly.
  • ⚠️Node.js >= 18.x and npm >= 9.x or yarn >= 1.22.x are required for the frontend and CLI components.
Verified SafeView Analysis
The CLI is designed to write configuration files to local directories specified by the user (`targetDir`). While this is fundamental to its functionality, users should be aware of the configurations they are pulling to avoid unintended file modifications. The backend uses environment variables for sensitive data like database connection strings, JWT keys, and GitHub OAuth secrets, which is a good practice. Frontend uses GitHub OAuth for authentication, and tokens are stored securely in local storage. No direct 'eval' or obvious malicious patterns were found in the provided code snippets. The `sanitizeFileName` function helps prevent path traversal in filenames written by the CLI.
Updated: 2025-12-13GitHub
42
1
Medium Cost
foscomputerservices icon

hindsight-mcp

by foscomputerservices

Sec9

An MCP server that maintains a searchable knowledge base of development learnings, common errors, coding patterns, and best practices to assist developers.

Setup Requirements

  • ⚠️Requires Python 3.11+.
  • ⚠️Manual client configuration for Claude Desktop/Code is required if not using the Homebrew `hindsight-init` script.
  • ⚠️The knowledge base is stored locally in an SQLite database, which may not suit users requiring cloud synchronization or shared team knowledge.
Verified SafeView Analysis
The server uses parameterized SQL queries, which prevents SQL injection vulnerabilities. No dynamic code execution (e.g., 'eval') is present in the provided source. Data is stored locally in an SQLite database, mitigating external network data exposure risks. File system operations are confined to the user's ~/.hindsight/ directory. Overall, good security practices are evident.
Updated: 2025-12-04GitHub
42
5
High Cost
religa icon

multi_mcp

by religa

Sec7

The Multi-MCP server orchestrates multiple AI models for automated code review, security analysis (OWASP Top 10), architectural comparisons, and multi-agent debate workflows within a developer's environment or CI/CD.

Setup Requirements

  • ⚠️Requires Python 3.11+
  • ⚠️Requires API key for at least one LLM provider (OpenAI, Anthropic, Google, or OpenRouter)
  • ⚠️Requires 'uv' for dependency management
  • ⚠️Requires 'jq' for automatic Claude Code configuration (recommended)
  • ⚠️Requires installation of specific CLI tools (e.g., Gemini CLI, Codex CLI) if using CLI models
  • ⚠️Integration tests make real API calls and incur costs
Verified SafeView Analysis
The server employs internal safeguards such as path sanitization to prevent traversal attacks and uses robust JSON parsing to handle varied LLM outputs. It executes CLI tools via `subprocess.create_subprocess_exec` for safer process control, avoiding direct shell injection. However, a critical aspect lies in its configuration: users can enable powerful CLI AI models (e.g., Codex CLI, Gemini CLI) with flags like `--dangerously-bypass-approvals-and-sandbox` or `--full-auto` which can bypass inherent sandboxing. This delegates a significant portion of security responsibility to the user's configuration choices and the security of the underlying CLI tools. There is also an inherent risk of LLM-generated malicious content, common in AI agent systems, which the server does not specifically guard against beyond the LLM's own safety features.
Updated: 2025-12-15GitHub
42
28
Medium Cost
CheckPointSW icon

mcp-servers

by CheckPointSW

Sec8

Provides seamless integration with Check Point's Threat Emulation and Anti-Virus cloud services for comprehensive malware analysis, file scanning, and threat detection through a simple, standardized interface.

Setup Requirements

  • ⚠️Requires a valid Check Point Threat Emulation API Key (implies a paid cloud service subscription).
  • ⚠️Requires Node.js v20.0.0 or higher.
  • ⚠️File analysis tools require locally accessible, uncompressed file paths (not URLs or compressed archives).
Verified SafeView Analysis
The server relies on environment variables for API key authentication, which is a standard and secure practice. It performs network requests to Check Point cloud services, an expected part of its functionality. The `mcp-utils` dependency's `ui-dialog.ts` uses `child_process.execAsync` to open a browser for interactive prompts, but this function strictly validates URLs to only allow `http/https` protocols and `localhost` hostnames, significantly mitigating potential risks of arbitrary command execution or external resource loading. No direct 'eval' or hardcoded sensitive credentials are found within the server's core logic.
Updated: 2025-12-15GitHub
42
25
Medium Cost
Tommertom icon

awesome-ionic-mcp

by Tommertom

Sec2

The server provides an AI assistant with access to Ionic Framework components, Capacitor plugins, developer resources, and CLI command execution to accelerate mobile app development.

Setup Requirements

  • ⚠️A GitHub personal access token (GITHUB_TOKEN) is highly recommended to avoid GitHub API rate limits during data loading.
  • ⚠️The server may spawn and close a Puppeteer browser window visible to the user when fetching web-based documentation.
  • ⚠️The `ionic_serve` tool is a long-running command and requires manual execution in a separate terminal.
Review RequiredView Analysis
The server uses `execa` to run Ionic and Capacitor CLI commands. While it attempts to validate commands and arguments with a `dangerousChars` regex to prevent shell injection, there's a critical vulnerability in the `validateCommand` function. It implicitly allows `npx` to execute *any* package name that starts with 'cap' (e.g., `npx cap-malicious-package`), even if it's not `@capacitor/cli`, if not explicitly whitelisted. This could lead to arbitrary code execution if an attacker can control the package name passed to a CLI tool that uses `npx`. Additionally, Puppeteer is launched with `--no-sandbox` and `--disable-setuid-sandbox` flags, which disables Chromium's security sandbox, posing a risk if a browser vulnerability is exploited.
Updated: 2025-11-24GitHub
42
56
Medium Cost
dermatologist icon

pyomop

by dermatologist

Sec3

Facilitate interaction with OMOP Common Data Model databases for researchers and developers, including data loading, querying, and LLM-based natural language interaction via an MCP server.

Setup Requirements

  • ⚠️Requires 'mcp' package for MCP server functionality (pip install mcp)
  • ⚠️LLM features (e.g., CdmLLMQuery) require optional dependencies (pip install pyomop[llm]) and an API key for the chosen LLM (e.g., GOOGLE_GENAI_API_KEY).
  • ⚠️Requires Python 3.11 or newer.
Verified SafeView Analysis
The MCP server exposes a `run_sql` tool that allows arbitrary SQL statement execution on the connected database. While this is an intended feature for agent interaction, it poses a significant security risk if the server is exposed to untrusted clients or if the MCP client (e.g., LLM agent) is compromised. Unrestricted database access through this interface can lead to data exfiltration, modification, or denial of service. Additionally, file path arguments for `create_cdm` and `_create_eunomia` (e.g., `db_path`) could potentially lead to local file system manipulation if not handled carefully in the deployment environment. The use of environment variables for database credentials is good practice, but hardcoding them in scripts or configurations would be a major vulnerability.
Updated: 2025-12-15GitHub
42
15
Medium Cost
yoavf icon
Sec9

Allows AI agents to search, list, and read your previous local coding sessions from multiple CLI coding agents.

Setup Requirements

  • ⚠️Requires Go 1.25 or later to build from source.
  • ⚠️Requires an MCP-compatible AI client (e.g., Claude Code, OpenAI Codex, Gemini CLI) to use as a server.
  • ⚠️Manual PATH configuration may be required after installation via `install.sh`.
Verified SafeView Analysis
The server runs locally and primarily reads user-generated session files from well-defined paths within the user's home directory (`~/.claude`, `~/.codex`, etc.). This is its core functionality and expected behavior. The installation script uses `curl | bash`, which always carries inherent risk, though it mitigates this by performing checksum verification of downloaded binaries from GitHub Releases. The `openBrowser` function, which executes external commands, is restricted by `validateAPIURL` to only open trusted domains (`https://aisessions.dev`, `http://localhost:*`, `http://127.0.0.1:*`), preventing arbitrary command execution via malicious URLs. User authentication tokens are stored in `~/.aisessions/config.json` with secure `0600` file permissions. No hardcoded secrets were found. No `eval` or similar direct code execution vulnerabilities are apparent in the Go source code. The CLI upload feature includes a 'Data Responsibility Notice' and requires user confirmation before uploading sensitive data.
Updated: 2025-12-13GitHub
42
25
Medium Cost
GitGuardian icon

ggmcp

by GitGuardian

Sec9

The GitGuardian Developer MCP Server provides AI agents with tools to detect and remediate secret incidents in code, manage honeytokens for security monitoring, and handle incident management within a developer workflow.

Setup Requirements

  • ⚠️Requires `uv` for package installation and dependency management.
  • ⚠️OAuth authentication for stdio transport involves an initial browser interaction.
  • ⚠️For Claude Desktop, the `uvx` command requires an absolute path.
  • ⚠️Self-hosted GitGuardian instances require explicit configuration of `GITGUARDIAN_URL`.
  • ⚠️Honeytoken support for self-hosted instances requires specific user roles and module activation.
Verified SafeView Analysis
The server explicitly prioritizes security by designing for 'read-only' permissions for AI agents and uses robust authentication (OAuth 2.0 PKCE, PAT). Sensitive data in VCR test cassettes is automatically redacted. It handles `subprocess.run` (for git commands) with specified `cwd`, `check=True`, and `timeout`, reducing command injection risks. The clear separation and validation of OAuth vs. HTTP/SSE authentication modes prevent common misconfigurations. Sentry integration is optional, allowing users to control external data sharing. No 'eval' or other inherently dangerous functions are used without strong justification.
Updated: 2025-12-11GitHub
42
20
High Cost
Zhang-986 icon

Stardew-Sage

by Zhang-986

Sec2

An AI-powered assistant for Stardew Valley, providing conversational AI, RAG-powered search, multimodal image analysis, daily game insights, and personalized recommendations.

Setup Requirements

  • ⚠️Requires a paid ZhipuAI (or OpenAI compatible) API Key for AI operations.
  • ⚠️Requires MySQL 8.0+ database, with schema and data imported from `database.sql`.
  • ⚠️Requires RedisStack (Redis with RediSearch module) for vector store functionality, standard Redis is insufficient.
  • ⚠️Java 17+ and Node.js 8.9+ (with npm) are required for backend and frontend components respectively.
Review RequiredView Analysis
Critical security vulnerabilities detected: - **SQL Injection**: The `DatabaseMapper` directly injects `tableName` into SQL queries (e.g., `SELECT * FROM ${tableName}`) in `getTableInfo` and `getSampleData` methods, which are exposed via `RagLoadController`. While `getTableInfo` performs a whitelist check, `getSampleData` called by `getRAGDataInfo` does not, creating a severe SQL injection risk. This allows arbitrary table data access or potential database manipulation. - **Hardcoded Sensitive Credentials**: AI API keys (`spring.ai.openai.api-key`), Redis credentials (`spring.data.redis.password`, `host`), MySQL database credentials (`spring.datasource.password`, `username`, `url`), and even Druid monitoring credentials (`login-password`) are hardcoded directly in `application.yml` and `application-druid.yml` within the source code. This is a major security flaw, exposing sensitive access tokens and database access information. - **Wide-Open CORS Policy**: The `CorsConfig` allows `*` for `allowedOrigins`, `allowedMethods`, and `allowedHeaders`, making the API vulnerable to cross-origin attacks in a production environment. - **Hardcoded RSA Keys**: `jsencrypt.js` in the frontend hardcodes public and private RSA keys, which could be a risk if used for sensitive server-side operations or if client-side code is easily tampered with to bypass protections. While likely used for client-side password encryption, it's generally best practice to avoid hardcoding keys.
Updated: 2025-12-14GitHub
42
36
Medium Cost
angrysky56 icon

mcp-logic

by angrysky56

Sec8

An MCP server for automated first-order logic reasoning, including theorem proving, model finding, counterexample finding, and categorical reasoning.

Setup Requirements

  • ⚠️Requires local installation and build of LADR (Prover9/Mace4) which involves git, cmake, and build-essential tools. The setup script attempts to automate this.
  • ⚠️The server requires the `--prover-path` argument to specify the absolute path to the Prover9/Mace4 binaries. This path is auto-generated in the `claude-app-config.json` during setup but needs manual update if the repository is moved.
  • ⚠️Different setup scripts are provided for Linux/macOS and Windows, indicating OS-specific installation steps.
Verified SafeView Analysis
The server uses `subprocess.run` to execute external binaries (Prover9/Mace4). While the input to these binaries is crafted from user input, it's passed as a list of arguments and not via `shell=True`, which mitigates common command injection risks. Temporary files are used for input, which are then cleaned up. The setup script downloads and builds the LADR library (Prover9/Mace4) from a third-party GitHub repository, which assumes the integrity of that external project. No hardcoded secrets or direct network calls from the core logic are evident.
Updated: 2025-12-12GitHub
42
1
Low Cost
DICloak-Inc icon
Sec5

Enables natural language interaction with Dicloak Local API functions through GPT/MCP clients for environment, group, proxy, member, and social media automation.

Setup Requirements

  • ⚠️Requires DICLOAK_API_KEY and DICLOAK_BASE_URL, which must be obtained from a Dicloak account.
  • ⚠️The DICLOAK_BASE_URL requires '/openapi' to be manually appended after copying from the Dicloak settings.
  • ⚠️Requires Node.js and npm/npx to be installed locally to run the bridge.
Review RequiredView Analysis
The provided source code is a README only, so direct code analysis for 'eval', obfuscation, or other malicious patterns is not possible. Running `npx dicloak-local-api-mcp-bridge` involves downloading and executing a third-party Node.js package, which introduces inherent supply chain risks. Sensitive credentials (`DICLOAK_API_KEY`, `DICLOAK_BASE_URL`) are passed as environment variables to this external process.
Updated: 2025-11-28GitHub
42
1
Medium Cost
Ahmeth4n icon

renef-mcp

by Ahmeth4n

Sec7

Provides a dynamic instrumentation toolkit for Android ARM64 applications, focused on native code analysis, runtime manipulation via Lua scripting, and security research.

Setup Requirements

  • ⚠️Requires ADB (Android Debug Bridge) to be installed and configured on the host machine.
  • ⚠️Requires an Android ARM64 device for targeting, potentially with root access for full functionality, and the 'renef_server' and 'libagent.so' binaries to be deployed to `/data/local/tmp/` on the device.
  • ⚠️The `renef` CLI binary (for the host OS) must be executable and accessible from the host environment.
Verified SafeView Analysis
This tool is inherently designed for dynamic instrumentation, process injection, and arbitrary code execution (Lua) on a target Android ARM64 device, which is a powerful capability. While the Python glue code utilizes secure subprocess execution methods (e.g., `asyncio.create_subprocess_exec` with argument lists to prevent shell injection) and does not contain obvious malicious patterns or hardcoded secrets within its own logic, the core function involves forwarding user-supplied commands and Lua scripts for execution on a connected device. If the MCP server itself is compromised, an attacker could leverage it for arbitrary code execution on the Android device. The overall security depends on trusting the underlying 'renef' binary, ADB, and the secure operation of the Android device.
Updated: 2025-12-13GitHub
PreviousPage 79 of 647Next