Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

42
25
Medium Cost
dtyq icon

php-mcp

by dtyq

Sec8

Facilitates communication and integration between LLM applications and external data sources or tools by implementing the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires PHP 8.3+
  • ⚠️Composer dependencies must be installed.
  • ⚠️Process execution permissions are needed for StdioTransport to spawn child processes.
  • ⚠️`pcntl` extension is recommended for robust signal handling with StdioTransport.
  • ⚠️`mbstring` extension is required for UTF-8 validation.
  • ⚠️If using Hyperf integration with RedisSessionManager, a Redis server is required.
Verified SafeView Analysis
The server demonstrates robust message validation (UTF-8, JSON-RPC 2.0 structure, MCP stdio format) and uses interfaces for authentication and session management, promoting a secure design. Session IDs are generated cryptographically. Text content is sanitized to remove control characters. Potential risks include insecure implementations of custom tools, prompts, or resource handlers registered by the user, and possible path traversal/SSRF vulnerabilities if user-provided URIs are not meticulously validated by custom resource handlers leveraging `file_get_contents` or similar. The `Access-Control-Allow-Origin: *` header in HttpTransport exposes the API to all origins, which is standard for public APIs but should be noted.
Updated: 2025-12-12GitHub
42
28
Low Cost
clerk icon

mcp-tools

by clerk

Sec9

Provides a TypeScript library to simplify building Model Context Protocol (MCP) clients and servers, enabling AI applications to securely access private user data through OAuth-based authentication flows.

Setup Requirements

  • ⚠️Requires a Clerk account and configuration (publishable key, secret key) for Clerk authentication integration.
  • ⚠️Requires installing framework-specific dependencies (e.g., `next`, `express`, `@vercel/mcp-adapter`) depending on the target application environment.
  • ⚠️Requires a running instance of Redis, PostgreSQL, or a SQLite database file for production-ready persistent session storage if not using the development-only file system store.
Verified SafeView Analysis
The project follows good security practices including PKCE for OAuth flows and parameterized queries for database interactions (SQLite, Postgres), mitigating SQL injection risks. Environment variables are used for sensitive keys like Clerk API keys and database credentials. Publicly exposed OAuth metadata endpoints use `Access-Control-Allow-Origin: *` which is acceptable for metadata but should not be broadly applied to sensitive data endpoints. A minor `@ts-expect-error` is used for augmenting the Express request object, which is a common pattern but bypasses type safety.
Updated: 2026-01-15GitHub
42
24
Medium Cost

dev-assist

by googleworkspace

Sec6

This project is a monorepo offering developer assistance, likely leveraging AI/LLMs to streamline development workflows and automate tasks.

Setup Requirements

  • ⚠️Requires `pnpm` (Node.js package manager) to install dependencies and run local scripts.
  • ⚠️Likely requires configuration for an LLM backend (e.g., API key for OpenAI/Anthropic, or a locally running LLM service like Ollama) due to `smithery.yaml`.
  • ⚠️Docker may be required for containerized deployment or development environment setup due to `Dockerfile`.
Verified SafeView Analysis
Potential network risks due to LLM API calls indicated by `smithery.yaml`. Requires careful review of dependencies for supply chain vulnerabilities, and permissions/actions of custom scripts in the `scripts` directory. The absence of a `README` makes a comprehensive security assessment challenging.
Updated: 2025-11-18GitHub
42
33
Medium Cost
timescale icon
Sec9

This server acts as a wrapper for the Linear API, providing focused tools for LLMs to manage and query issue tracking and project data.

Setup Requirements

  • ⚠️Requires a LINEAR_API_KEY, which is typically associated with a paid Linear.app account.
  • ⚠️Requires Node.js environment for execution.
  • ⚠️Designed for integration with Model Context Protocol (MCP) clients like Claude Desktop or MCP Inspector, rather than as a standalone web application.
Verified SafeView Analysis
The server correctly retrieves the LINEAR_API_KEY from environment variables, avoiding hardcoded secrets. Input validation is implemented using Zod schemas for all API endpoints, which helps mitigate common injection vulnerabilities. The core server functionality relies on the '@tigerdata/mcp-boilerplate' library, which is assumed to handle fundamental security practices for an MCP server (e.g., transport layer security if applicable for HTTP, robust error handling). No direct 'eval' or other easily exploitable malicious patterns were found in the provided code. Caching of users and projects is implemented, which is good for performance but does not directly impact security, other than reducing unnecessary external calls. For production deployment, additional security measures like network access control, HTTPS (if using HTTP transport), and robust authentication for the MCP server itself (beyond just the Linear API key) would be standard practice.
Updated: 2026-01-07GitHub
42
1
Medium Cost
danpeig icon
Sec8

Provides an MCP interface for water and wastewater treatment system design tools via the Plutocalc Designer REST API, enabling AI applications to interact with engineering calculations.

Setup Requirements

  • ⚠️Requires Node.js 18+ to run.
  • ⚠️External Plutocalc Designer REST API is required, and compute-intensive models may require a paid license key.
  • ⚠️Server runs on port 3003 by default; requires environment variable configuration (`PORT`) or a reverse proxy for different ports or production deployment.
Verified SafeView Analysis
The server uses standard security middleware (helmet, cors, express-rate-limit) for common web vulnerabilities and rate limiting. It acts as an API gateway, proxying requests to an external API. There are no 'eval' or direct shell command executions observed. Sensitive URLs (`PLUTOCALC_API_BASE_URL`) are configurable via environment variables. Input validation against the `inputSchema` defined in `tools` metadata is not explicitly performed by the gateway before proxying requests; however, arguments are stringified as JSON to the backend API, which helps mitigate direct injection in the gateway itself. The ultimate security depends on the Plutocalc Designer API's own input handling.
Updated: 2026-01-18GitHub
42
28
Low Cost
Agent-Hellboy icon

mcp-server-fuzzer

by Agent-Hellboy

Sec9

Fuzzing and security testing of Model Context Protocol (MCP) servers across multiple transport protocols (HTTP, SSE, Stdio) to validate functionality, robustness, and protocol compliance.

Setup Requirements

  • ⚠️Requires Node.js 18+ and npm for building and running some target MCP servers (e.g., 'Everything MCP Server' for e2e tests).
  • ⚠️Requires Python 3.10+ for the fuzzer itself; some e2e tests specify Python 3.13+.
  • ⚠️Docker is required for containerized testing environments; network configuration differs for Linux (`--network host`) versus macOS/Windows (`http://host.docker.internal`) when accessing host servers.
  • ⚠️For source installations, the MCP spec is vendored as a Git submodule and requires `git submodule update --init --recursive`.
Verified SafeView Analysis
The MCP Server Fuzzer is explicitly designed with robust, multi-layered safety features (command blocking, filesystem sandboxing via `--fs-root`, strict network policies with `--no-network`/`--allow-host`, process isolation, and non-root Docker user execution) to safely test potentially vulnerable target servers. Its internal architecture (e.g., `SafetyFilter`, `SystemCommandBlocker`) is built to prevent the fuzzer itself from performing dangerous operations on the host machine.
Updated: 2026-01-18GitHub
42
22
Medium Cost
infobip icon

mcp

by infobip

Sec9

Build conversational AI agents capable of interacting with the Infobip platform for omnichannel communication (SMS, WhatsApp, Viber, etc.) using the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires an Infobip account with API access and appropriate scopes (e.g., sms:manage). This is a paid service.
  • ⚠️Requires an Azure OpenAI account with a deployed model, or an AWS account with Bedrock access and a specific model ID. These are paid AI services.
  • ⚠️Requires specific SDKs depending on the chosen demo: .NET 9.0+ SDK (for C#), Python 3.12+ with 'uv' (for Python), or Node.js with 'npm' (for JavaScript).
Verified SafeView Analysis
The code consists of client examples interacting with remote Infobip MCP servers and AI models (Azure OpenAI, AWS Bedrock). It correctly utilizes environment variables for all API keys, preventing hardcoded secrets. No 'eval', obfuscation, or malicious patterns were found. Network risks are limited to standard outbound HTTPS API calls to trusted endpoints, which are securely handled by external services.
Updated: 2026-01-09GitHub
42
1
Medium Cost
foscomputerservices icon

hindsight-mcp

by foscomputerservices

Sec9

An MCP server that maintains a searchable knowledge base of development learnings, common errors, coding patterns, and best practices to assist developers.

Setup Requirements

  • ⚠️Requires Python 3.11+.
  • ⚠️Manual client configuration for Claude Desktop/Code is required if not using the Homebrew `hindsight-init` script.
  • ⚠️The knowledge base is stored locally in an SQLite database, which may not suit users requiring cloud synchronization or shared team knowledge.
Verified SafeView Analysis
The server uses parameterized SQL queries, which prevents SQL injection vulnerabilities. No dynamic code execution (e.g., 'eval') is present in the provided source. Data is stored locally in an SQLite database, mitigating external network data exposure risks. File system operations are confined to the user's ~/.hindsight/ directory. Overall, good security practices are evident.
Updated: 2025-12-04GitHub
42
52
Medium Cost
mailtrap icon

mailtrap-mcp

by mailtrap

Sec9

The Mailtrap MCP server provides tools for sending transactional emails and managing email templates, including a sandbox environment for testing.

Setup Requirements

  • ⚠️Requires a Mailtrap account and API token (paid service potentially involved for full functionality).
  • ⚠️Domain verification is necessary for sending actual transactional emails.
  • ⚠️Specific Mailtrap Account ID is required for template management operations.
  • ⚠️A Mailtrap Test Inbox ID is required for sandbox email functionality.
Verified SafeView Analysis
The server correctly uses environment variables for sensitive API tokens and account IDs, preventing hardcoding. Input validation for all tools is implemented using Zod schemas. Error handling is structured, returning clear messages and an 'isError' flag. There is no usage of 'eval' or other directly dangerous dynamic code execution. Network communication relies on standard SDK and web server practices.
Updated: 2026-01-07GitHub
42
28
Medium Cost
CheckPointSW icon

mcp-servers

by CheckPointSW

Sec8

Provides AI assistants with capabilities for malware analysis, file scanning, and threat detection by integrating with Check Point's Threat Emulation and Anti-Virus cloud services.

Setup Requirements

  • ⚠️Requires Node.js 20+ and npm 10+ to run.
  • ⚠️Requires a valid Check Point Threat Emulation API Key (or other specific credentials for other MCP servers in the monorepo) which must be obtained from Check Point.
  • ⚠️The 'file_path' parameter for file upload must point to an uncompressed text file (e.g., for CPInfo Analysis, raw data for Threat Emulation). Compressed archives require manual extraction.
  • ⚠️Using complex tools or processing large files (e.g., for CPInfo Analysis) may incur higher token costs and potentially require a paid subscription to the AI model provider.
Verified SafeView Analysis
The system utilizes standard API key authentication (or OAuth for Spark Management, interactive prompts for Gaia) for Check Point services. Credentials are handled securely, either passed as API keys, exchanged for bearer tokens, or cached in-memory per session (Gaia). Interactive UI dialogs for authentication run a local HTTP server and open a browser to a localhost URL, with URL validation to prevent external access. Telemetry is opt-out and uses hashed machine IDs, without sensitive data. File path inputs (e.g., for `file_path` in `upload_file`) are processed using Node.js's `fs` module, which means the MCP server requires read access to the specified paths. The security risk here depends heavily on the privileges of the running MCP server process and the trustworthiness of the client invoking the AI. The `bundle-mcp.js` and `build-mcpb.js` scripts use `execSync` for build-time tasks (npm install, chmod, mcpb pack) but not in the runtime server logic. Regular expressions are heavily used in `cpinfo-analysis`, which could theoretically pose a ReDoS risk if applied to arbitrary untrusted input, but are generally applied to diagnostic log file content.
Updated: 2026-01-19GitHub
42
6
High Cost
blueraai icon

bluera-knowledge

by blueraai

Sec8

Provides a semantic knowledge base and intelligent web crawling capabilities to power coding agents, enabling them to search internal project files, Git repositories, and crawled web documentation.

Setup Requirements

  • ⚠️Requires Claude Code CLI to be installed and accessible in the system's PATH for intelligent crawling and content extraction features.
  • ⚠️Requires Python 3 along with specific dependencies (e.g., crawl4ai) which are managed by the hooks/check-dependencies.sh script, for web crawling and Python AST parsing.
  • ⚠️Downloads and utilizes local Hugging Face embedding models (e.g., Xenova/all-MiniLM-L6-v2) which consume significant disk space (100-200MB) and RAM during processing.
Verified SafeView Analysis
The system uses child_process.spawn to interact with external Python (crawl4ai) and Claude CLI tools. While arguments for these tools are constructed internally and user inputs are primarily passed via stdin or validated parameters, external process execution always carries some inherent risk. File system operations for managing stores and job data rely on internally generated paths and UUIDs, mitigating direct path traversal vulnerabilities from user input. The application exposes an HTTP API and an MCP endpoint, which require standard network security practices during deployment. No obvious hardcoded secrets or eval usage detected in the core application logic.
Updated: 2026-01-18GitHub
42
1
Medium Cost
stefans71 icon

Claude_GPT_MCP

by stefans71

Sec9

Allows Claude Code users to query over 200+ other AI models via OpenRouter for tasks like code review, second opinions, and architectural feedback, without leaving their coding environment.

Setup Requirements

  • ⚠️Requires an active Claude Code CLI installation (which requires a Pro subscription or Anthropic API key).
  • ⚠️Requires Node.js version 18 or higher to be installed.
  • ⚠️Requires an OpenRouter API Key, which may incur costs depending on model usage and OpenRouter's pricing (though a free tier is available).
Verified SafeView Analysis
The project demonstrates strong security practices for handling API keys. It explicitly stores API keys locally with `chmod 600` permissions (owner-only access) and emphasizes direct communication with OpenRouter without telemetry. The setup script transparently modifies user shell configurations and Claude's MCP config. It avoids dangerous patterns like `eval` by using `jq` or Node.js for JSON manipulation. The API key is verified with OpenRouter during setup. The main security risk is inherent to providing an API key to a local script, but measures are in place to mitigate misuse and ensure transparency.
Updated: 2026-01-19GitHub
PreviousPage 80 of 760Next