Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(7632)

100
3683
Medium Cost
sooperset icon

mcp-atlassian

by sooperset

Sec9

Provides an MCP server for integrating with Atlassian Jira and Confluence, enabling an agent to interact with these services for tasks like searching, creating, updating, and managing content and issues.

Setup Requirements

  • ⚠️Requires active Jira and/or Confluence accounts with API access (Cloud or Server/Data Center).
  • ⚠️Authentication requires configuration of API tokens (JIRA_API_TOKEN, CONFLUENCE_API_TOKEN, JIRA_PERSONAL_TOKEN, CONFLUENCE_PERSONAL_TOKEN) or OAuth 2.0 (ATLASSIAN_OAUTH_CLIENT_ID, etc.).
  • ⚠️For 'Real API Tests', dedicated test projects/spaces in Jira/Confluence must be created, and corresponding API tokens generated and configured.
  • ⚠️A Python environment with 'uv' (or `pip install` and then `python -m mcp_atlassian`) is expected for running the server and tests.
Verified SafeView Analysis
The project adheres to good security practices by using environment variables for sensitive credentials and integrating 'keyring' for OAuth token storage. It also includes logging mechanisms with sensitive data masking. The default host binding to '0.0.0.0' is standard for servers but requires proper network isolation (e.g., firewall, proxy) in production environments to prevent unintended exposure. No direct hardcoded secrets, `eval`, or obfuscation found in the truncated code.
Updated: 2025-11-26GitHub
100
1423
Medium Cost
stacklok icon

toolhive

by stacklok

Sec9

ToolHive is a platform for simplifying and securing the management, deployment, and orchestration of Model Context Protocol (MCP) servers in both local and Kubernetes environments.

Setup Requirements

  • ⚠️Requires a Kubernetes cluster (e.g., kind) for operator development and deployment.
  • ⚠️Keycloak deployment and realm setup are required for authenticated Kubernetes deployments.
  • ⚠️Requires a container runtime (Docker, Podman, or Colima) for local MCP server execution.
  • ⚠️Go 1.25+ must be installed for development and building.
  • ⚠️The 'Task' tool (taskfile.dev) is recommended for running automated development tasks.
Verified SafeView Analysis
ToolHive demonstrates a strong focus on security, implementing multiple layers of protection. It uses Cedar for authorization policies and supports OIDC/OAuth2 authentication with RFC 9728, RFC 8414, RFC 7591 (Dynamic Client Registration), and PKCE. Secrets management includes encrypted storage, 1Password integration, and environment variable fallback (TOOLHIVE_SECRET_ prefix), with Kubernetes native secrets for cluster deployments. Network isolation is a default, complemented by permission profiles and an egress proxy. The `.thvignore` mechanism actively prevents sensitive files (like SSH keys, .env files) from being exposed in bind-mounted containers by using tmpfs overlays. The Virtual MCP Server component enforces two distinct authentication boundaries and operates on a zero-trust model, ensuring tokens are scoped to their specific backend APIs and not re-used. No signs of 'eval', obfuscation, or other critical malicious patterns were found; the codebase appears to be designed with security best practices in mind.
Updated: 2025-12-14GitHub
100
3347
Medium Cost
Pimzino icon
Sec8

A Model Context Protocol (MCP) server for structured specification-driven development, providing a real-time web dashboard and a VSCode extension for managing development workflows.

Setup Requirements

  • ⚠️Requires Node.js and npm to run via `npx`.
  • ⚠️A project path argument (`/path/to/your/project`) is mandatory for the MCP server.
  • ⚠️Only one dashboard instance is needed for all projects; it can be run separately.
  • ⚠️Requires `SPEC_WORKFLOW_HOME` environment variable to be set for sandboxed/isolated environments to redirect global state files.
Verified SafeView Analysis
The server includes robust path validation (`PathUtils.validateProjectPath`) to restrict file operations to the project's `.spec-workflow` directory or a designated global directory (`~/.spec-workflow-mcp` or `SPEC_WORKFLOW_HOME`). It implements rate limiting, configurable CORS policies, and audit logging for security. Communication with AI clients is via Model Context Protocol (MCP) over stdio. The dashboard communicates via WebSockets and Fastify HTTP, with configurable binding addresses and explicit external access control. No obvious 'eval' or malicious patterns were found. Overall, security considerations are well-integrated for its intended use case as a local development tool or within controlled environments.
Updated: 2025-12-14GitHub
100
1953
Medium Cost
AmoyLab icon

Unla

by AmoyLab

Sec6

Transforms existing API services and MCP servers into MCP Protocol-compliant endpoints using configuration, acting as a gateway for LLM tool calling.

Setup Requirements

  • ⚠️Requires Docker for quick launch or Go/Node.js environments for building from source.
  • ⚠️Critical environment variables (APISERVER_JWT_SECRET_KEY, SUPER_ADMIN_USERNAME, SUPER_ADMIN_PASSWORD) must be set securely, not left as defaults.
  • ⚠️Users need a strong understanding of the Model Context Protocol and YAML configuration to effectively integrate and manage services.
Review RequiredView Analysis
The system heavily relies on user-defined YAML configurations, which include templates for API endpoints, request bodies, and response bodies parsed by Go's `text/template`. Since `text/template` does not auto-escape like `html/template`, a malicious actor with configuration write access could potentially inject arbitrary template logic, leading to server-side template injection vulnerabilities (e.g., code execution or information disclosure). The frontend uses `js-yaml.load` for user-uploaded OpenAPI specs, which, while generally safe against arbitrary code execution in default modes, could still be a vector for unexpected object construction if not handled robustly. `dangerouslySetInnerHTML` is used in a CodeHighlight component, which assumes sanitization by `highlight.js`. Critical secrets like JWT keys and admin passwords are passed via environment variables, with explicit warnings in the README not to use default values, which is good practice. However, the reliance on user-supplied templates for integration remains a significant attack surface.
Updated: 2025-12-11GitHub
100
2912
High Cost
browserbase icon
Sec8

Enables LLMs to perform cloud browser automation tasks such as navigating, interacting with elements, extracting data, and capturing screenshots on web pages.

Setup Requirements

  • ⚠️Requires a Browserbase API Key (Browserbase is a paid cloud service).
  • ⚠️Requires a Browserbase Project ID.
  • ⚠️Requires an LLM API Key (e.g., GEMINI_API_KEY for the default Gemini model, or a custom API key like ANTHROPIC_API_KEY or OPENAI_API_KEY if configuring a different model via `--modelApiKey`). LLM usage will incur costs from the respective provider.
  • ⚠️Advanced Stealth mode is restricted to Browserbase Scale Plan users.
Verified SafeView Analysis
The server correctly uses environment variables for API keys, preventing hardcoding of sensitive data. It explicitly warns users about the security implications of binding the SHTTP server to '0.0.0.0'. No direct use of `eval` or other dangerous code execution patterns was identified. The overall security relies on securely managing the provided API keys for Browserbase and the integrated LLMs.
Updated: 2025-12-10GitHub
100
1669
Low Cost
agent-infra icon

sandbox

by agent-infra

Sec5

An all-in-one agent sandbox environment combining browser, shell, file, Jupyter, Node.js, and VSCode Server operations with MCP (Model Context Protocol) compatibility for AI agent development.

Setup Requirements

  • ⚠️Requires Docker runtime with `--security-opt seccomp=unconfined` configuration, which has security implications for the host.
  • ⚠️Exposes multiple services (Documentation, VNC, VSCode Server, MCP) on port 8080, requiring careful network configuration and access control.
Verified SafeView Analysis
The Docker container explicitly runs with `--security-opt seccomp=unconfined`, which removes default syscall restrictions. This significantly increases the attack surface and potential for container escapes if vulnerabilities exist within the applications running inside the sandbox. While designed for sandboxing AI agents, careful isolation and rigorous monitoring of the host and container environment are critical for secure deployment.
Updated: 2025-12-12GitHub
100
11161
Low Cost
tadata-org icon

fastapi_mcp

by tadata-org

Sec9

Automatically converts FastAPI endpoints into Model Context Protocol (MCP) tools for seamless integration with LLM agents.

Setup Requirements

  • ⚠️Requires Python 3.10+ (Python 3.12+ recommended).
  • ⚠️FastAPI routes should ideally define explicit `operation_id` for clearer MCP tool names.
  • ⚠️OAuth authentication (if configured with `AuthConfig`) requires providing client IDs/secrets and potentially proxying external OAuth provider URLs, with security depending on the trustworthiness of the external OAuth service.
Verified SafeView Analysis
The library primarily uses secure practices, including ASGI transport for internal FastAPI communication and `httpx` for external HTTP requests. OAuth proxying features rely on user-provided URLs (e.g., `metadata_url`, `authorize_url`), which places the responsibility for trusting external services on the developer. No 'eval' or direct malicious patterns were identified in the source code.
Updated: 2025-11-24GitHub
100
24300
Medium Cost
microsoft icon

playwright-mcp

by microsoft

Sec6

A Model Context Protocol (MCP) server that provides browser automation capabilities using Playwright, enabling LLMs to interact with web pages through structured accessibility snapshots.

Setup Requirements

  • ⚠️Requires Node.js 18 or newer.
  • ⚠️Requires a compatible MCP client (e.g., VS Code, Cursor, Claude Desktop).
  • ⚠️If using the browser extension, it requires a Chrome/Edge/Chromium browser and manual installation (downloading and loading 'unpacked').
  • ⚠️The browser binaries (Chromium, Firefox, WebKit) might need to be installed via `npx playwright install` if not already present.
Review RequiredView Analysis
The server provides powerful browser automation tools like `browser_evaluate` (arbitrary JavaScript execution) and `browser_run_code` (arbitrary Playwright code execution). While intended for automation, these can be abused if the LLM receives malicious instructions or is not properly sandboxed. The documentation explicitly states that `--allowed-origins` and `--blocked-origins` are *not* security boundaries and do not affect redirects. The `--no-sandbox` option, used in some Docker examples, significantly reduces browser security and should be avoided in production or when interacting with untrusted content. Using `sharedBrowserContext` can expose browser state (cookies, local storage) across multiple clients, posing a risk if clients are untrusted. The browser extension uses `chrome.debugger` API, granting significant control over browser tabs, and its authentication token (PLAYWRIGHT_MCP_EXTENSION_TOKEN) needs to be securely managed.
Updated: 2025-12-11GitHub
100
3742
Low Cost
open-webui icon

mcpo

by open-webui

Sec7

Exposes Model Context Protocol (MCP) tools as OpenAPI-compatible HTTP servers.

Setup Requirements

  • ⚠️Requires Python 3.11+
  • ⚠️Requires the proxied MCP server command/tool to be installed and available in the environment.
  • ⚠️OAuth token storage in `~/.mcpo/tokens/` is plaintext and relies on OS-level permissions for security.
Verified SafeView Analysis
The core functionality involves executing user-provided commands for MCP servers. While this is by design, it introduces a significant arbitrary code execution risk if `mcpo` is deployed with high privileges and its configuration (CLI arguments or config file) can be controlled by untrusted entities. Strong authentication (`--api-key`) and network segmentation are crucial for secure deployment. Default host `0.0.0.0` and `cors_allow_origins='*'` are permissive but configurable. OAuth tokens, when using file storage, are stored in plaintext in `~/.mcpo/tokens/` and rely on OS-level file permissions for security, as noted in the documentation.
Updated: 2025-12-08GitHub
99
831
Low Cost
tuananh icon

hyper-mcp

by tuananh

Sec8

An extensible server that orchestrates AI-driven capabilities by loading and running WebAssembly plugins, facilitating integration with Model Context Protocol (MCP)-compatible clients like IDEs and desktop applications.

Setup Requirements

  • ⚠️Building plugins from templates typically requires `wasm32-wasip1` Rust target and Docker for multi-stage WebAssembly compilation.
  • ⚠️Use of `s3://` plugin URLs requires AWS credentials (e.g., `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`) to be configured in the environment.
  • ⚠️Keyring authentication (`AuthConfig::Keyring`) requires platform-specific keyring services (e.g., macOS `security`, Linux `secret-tool`, Windows `cmdkey`) to be available and configured.
Verified SafeView Analysis
The server utilizes Extism for WebAssembly plugin sandboxing, providing good process isolation. OCI plugin images support `sigstore` verification, a strong security feature for supply chain integrity. However, the `insecure_skip_signature` CLI/config option can bypass this, posing a significant risk if used with untrusted OCI images. Broad `allowed_hosts` or `allowed_paths` configurations can grant plugins extensive network or filesystem access, requiring careful user discretion. The `check_env_reference` mechanism can also expose host environment variables to plugins if explicitly configured to do so in runtime_config.
Updated: 2025-12-12GitHub
99
955
Low Cost
jaw9c icon
Sec10

A curated directory providing high-quality remote Model Context Protocol (MCP) servers for integration with AI models and applications.

Verified SafeView Analysis
The provided source code consists solely of documentation (Markdown files). As such, it does not contain executable code patterns like 'eval', obfuscation, or network-related vulnerabilities, nor does it hardcode secrets. Therefore, the repository itself, when considered as static documentation, poses no direct security risks related to running code. Security considerations for the *listed* external MCP servers should be assessed independently.
Updated: 2025-12-11GitHub
99
844
Low Cost
steipete icon

Peekaboo

by steipete

Sec7

A macOS automation and AI integration server designed to capture screen content, interact with UI elements, and perform AI-driven analysis across various AI providers, acting as a Model Context Protocol (MCP) server for agents.

Setup Requirements

  • ⚠️Requires 'Screen Recording' and 'Accessibility' permissions on macOS for core automation features.
  • ⚠️Requires API keys (e.g., OPENAI_API_KEY, ANTHROPIC_API_KEY, X_AI_API_KEY) for commercial AI providers, which incur costs.
  • ⚠️For local AI, requires the Ollama daemon to be running and specific models (e.g., llama3.3, llava) to be pulled locally.
  • ⚠️The peekaboo-mcp.js wrapper requires Node.js to be installed on the system.
Verified SafeView Analysis
The server's core functionality involves high-privilege macOS automation (screen recording, accessibility, UI interaction, command execution via scripts). While internal safeguards like path validation and client identity verification (for MCP connections) are present, a compromised trusted client could leverage the server for malicious automation tasks. Users should be aware of the powerful system control this tool inherently provides. No obvious 'eval' or malicious patterns were found in the truncated source.
Updated: 2025-12-14GitHub
PreviousPage 8 of 636Next