Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(7756)

42
1
Low Cost

mcpx-mcp-server

by YudaiKitamura

Sec7

Enables generative AI to access and control Mitsubishi PLC devices in real time via an MCP server.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose to be installed for deployment.
  • ⚠️Requires manual configuration of PLC connection details (IP, Port, communication mode) in `app/src/.env`.
  • ⚠️Requires defining device addresses, names, and comments in `app/src/address-comment.json` for named access.
  • ⚠️The generative AI client (e.g., Gemini CLI) needs to be configured to point to the MCP server's URL.
Verified SafeView Analysis
The server acts as a bridge between generative AI and industrial control systems (PLCs) over a local network. While the AI interface is designed for local access (localhost), any compromise of the server could potentially impact physical processes. PLC connection details are stored in an .env file. Secure network segmentation and access control are critical when deploying in environments connected to production PLCs.
Updated: 2025-11-18GitHub
42
28
Low Cost
royyannick icon
Sec10

A curated list of Model Context Protocol (MCP) servers, enabling AI models to interact with various blockchain networks, crypto market data, and decentralized finance protocols.

Verified SafeView Analysis
The provided source code is a `README.md` file, which serves as a curated list of external MCP servers. It contains no executable code, hardcoded secrets, 'eval' statements, or direct network risks within this repository itself. The security of the external MCP servers listed in this repository would require independent audits.
Updated: 2025-11-26GitHub
42
1
Medium Cost
madamak icon
Sec9

Enables AI agents to inspect Apache Airflow DAGs, runs, and logs, and perform operational tasks like triggering, pausing, and clearing resources across multiple instances.

Setup Requirements

  • ⚠️Requires `AIRFLOW_MCP_INSTANCES_FILE` environment variable pointing to a YAML configuration file.
  • ⚠️Airflow instance credentials (username/password/token) must be provided via environment variables, referenced within the YAML configuration.
  • ⚠️Depends on `apache-airflow-client` Python package, which must be compatible with the target Airflow API version (2.7.0 to 3.0.0).
Verified SafeView Analysis
The server includes robust measures against SSRF attacks by strictly validating UI URLs against configured instance hostnames. Sensitive credentials are managed via environment variables and are not logged or exposed directly. The use of `ast.literal_eval` for log parsing is controlled and safe. Bearer token authentication is explicitly marked as 'experimental'.
Updated: 2025-11-30GitHub
42
1
Low Cost
es6kr icon
Sec3

Manages Claude Code conversation sessions and projects, offering features like listing, renaming, deleting sessions and messages, and cleaning up old data via a Web UI and MCP tools.

Setup Requirements

  • ⚠️Requires Node.js 22+
  • ⚠️Requires pnpm 9.15.0 (managed via corepack)
  • ⚠️Requires Claude Code installation and existing session data in `~/.claude/projects`
  • ⚠️The `code` command (e.g., VS Code CLI) must be available in PATH for file opening functionality to work.
Review RequiredView Analysis
Critical command injection vulnerability in `web/src/routes/api/open-file/+server.ts`. The `filePath` parameter in the `/api/open-file` POST endpoint is directly interpolated into a shell command `code "${filePath}"` without proper sanitization. A malicious `filePath` containing double quotes (`"`) could allow arbitrary command execution on the host system. This poses a significant risk if an attacker can send arbitrary requests to the local server, e.g., via a compromised browser extension or an instructed LLM agent.
Updated: 2025-12-14GitHub
42
1
Medium Cost
Adidem23 icon
Sec2

Cardano J.A.R.V.I.S is an intelligent AI-powered automation system that allows users to perform Cardano blockchain operations using natural voice commands.

Setup Requirements

  • ⚠️Requires specific Windows OS setup for 'pyautogui' desktop automation (e.g., D: drive paths, specific screen assets).
  • ⚠️Requires a browser-based Cardano wallet (e.g., Typhon) installed and configured for 'pyautogui' to automate.
  • ⚠️Requires API keys for Google Gemini, Masumi Registry, and Masumi Payment services (likely paid).
  • ⚠️Python 3.12+ is required for the Masumi MCP server component.
Review RequiredView Analysis
The system utilizes 'pyautogui' for UI automation (e.g., opening wallets, typing addresses, clicking buttons). This grants the AI agent complete control over the user's desktop environment, which is a critical security vulnerability. A compromised or hallucinating AI could perform arbitrary, unauthorized actions, including accessing sensitive data or initiating unintended transactions outside the intended blockchain context, bypassing programmatic checks. Additionally, the FastAPI backend has CORS configured with `allow_origins=["*"]`, making it vulnerable to requests from any origin, which is highly insecure for a server handling blockchain operations.
Updated: 2025-12-01GitHub
42
25
High Cost
Mnehmos icon

rpg-mcp-servers

by Mnehmos

Sec8

This server suite provides advanced D&D 5e combat and game state management functionalities for AI-powered Dungeon Master experiences, including 3D spatial combat, character and inventory management, quest tracking, and dynamic spell creation.

Setup Requirements

  • ⚠️Requires Roo Code VS Code extension (or CLI) for Model Context Protocol communication.
  • ⚠️Requires manual configuration of `mcp_settings.json` with specific project paths for the MCP client to recognize the local servers.
  • ⚠️The system consists of two separate Node.js servers (`game-state-server` and `combat-engine-server`) that must be built and run concurrently in separate terminals.
Verified SafeView Analysis
The server suite is designed for local or controlled environments. Input validation for dice notation is implemented using regular expressions, mitigating arbitrary code execution through dice strings. MCP tool definitions enforce schema validation, reducing risks from malformed input. SQLite is used for local persistence. No hardcoded external secrets are exposed in the provided code. Running two separate Node.js processes locally (game-state-server and combat-engine-server) limits direct external exposure, assuming proper firewall configurations. The use of 'better-sqlite3' with prepared statements typically protects against SQL injection. However, a comprehensive audit would be needed for all database interaction points and the full MCP SDK.
Updated: 2025-12-06GitHub
42
14
Low Cost
janwilmake icon

install-this-mcp

by janwilmake

Sec4

The tool generates comprehensive, client-specific installation guides for remote Model Context Protocol (MCP) servers, reducing friction for server maintainers.

Setup Requirements

  • ⚠️Only supports remote MCP servers, local MCPs are out of scope.
  • ⚠️Only supports public MCPs (without auth) or MCPs with OAuth, API key-based authentication is not supported.
  • ⚠️Relies on the availability and content of '.well-known/mcp' metadata from the provided MCP server URL.
Verified SafeView Analysis
The Cloudflare Worker fetches metadata (MCPServerCard) from a user-provided MCP URL. Fields like `description` and `instructions` from this metadata are directly embedded into the generated HTML with minimal sanitization (only Markdown-like replacements for `**` to `<strong>` and `\n` to `<br>`). This creates a Reflected Cross-Site Scripting (XSS) vulnerability, as a malicious MCP server could inject arbitrary HTML or JavaScript into these fields, which would then execute in the user's browser when they view the generated guide. Additionally, the `serverIcon` URL is directly inserted into an `<img>` tag without URL encoding, potentially allowing XSS via crafted `javascript:` URLs if the icon source is malicious. While no `eval` or hardcoded secrets are present, this vulnerability due to improper input sanitization for dynamically generated content is critical.
Updated: 2025-11-30GitHub
42
25
Low Cost
Kyure-A icon
Sec8

Controls Svakom Sam Neo sex toys by bridging Model Context Protocol (MCP) commands to the Buttplug protocol for device interaction.

Setup Requirements

  • ⚠️Requires a local Buttplug server running and accessible at `ws://localhost:12345`.
  • ⚠️Requires a Svakom Sam Neo device (Original, Neo 2, or Neo 2 Pro) connected to the Buttplug server.
  • ⚠️Requires Node.js and pnpm to install dependencies and run the server.
Verified SafeView Analysis
The server connects to a local Buttplug server via websocket (`ws://localhost:12345`), limiting direct external network exposure. There are no apparent hardcoded sensitive credentials or direct calls to external APIs. Debugging information is logged to `console.error`. The use of `ActuatorType: "Constrict" as any` is a type safety workaround but not a direct security vulnerability. The overall security relies heavily on the local Buttplug server's configuration and security.
Updated: 2025-12-11GitHub
42
1
High Cost
tobs-code icon

a-mem-mcp-server

by tobs-code

Sec8

An agentic memory system for LLM agents, based on the Zettelkasten principle, providing knowledge graph management and web research capabilities for IDE environments.

Setup Requirements

  • ⚠️Requires either Ollama (local server + models like `qwen3:4b`, `nomic-embed-text:latest`) or OpenRouter (API key required) for LLM interactions.
  • ⚠️Advanced features like Researcher Agent may require a Google Search API Key (paid), Docker (for local Jina Reader), or Unstructured library/API (requires additional dependencies like `pdfminer.six`).
  • ⚠️Graph backend selection has specific installation requirements: `pip install rustworkx` for RustworkX, or `pip install falkordblite` (Linux/macOS) / `pip install falkordb redis` + external Redis server (Windows) for FalkorDB.
Verified SafeView Analysis
The server makes outbound HTTP requests for LLM interactions (Ollama/OpenRouter) and web research (Google Search, DuckDuckGo, Jina Reader, Unstructured). Hardcoded *example* API keys for Google Search are present in `config.py`, but users are expected to replace them in `.env`. FalkorDB on Windows requires an external Redis server, which adds an external dependency that needs secure configuration. No direct `eval` or obvious malicious code patterns were found. File operations are confined to a `data` directory, enhancing sandboxing.
Updated: 2025-12-01GitHub
42
1
Medium Cost
mschoch icon

ithreemcp

by mschoch

Sec3

Allows AI assistants to control the i3 window manager using natural language by exposing i3 functionality via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires i3 window manager running with socket access.
  • ⚠️Requires Go 1.23+ for building from source.
  • ⚠️If using the quick start, requires `ollmcp` client for Ollama.
Review RequiredView Analysis
The `RunCommand` function directly executes arbitrary i3 commands provided by the client (e.g., an LLM). These commands can include `exec` which allows launching any program accessible via the system's PATH. This poses a significant security risk if the client input is not fully trusted or properly sanitized, potentially leading to unauthorized program execution or system disruption. No explicit input sanitization for `RunCommand` is present in the provided source.
Updated: 2025-12-11GitHub
42
1
Medium Cost
auth-agent icon

mcp-auth

by auth-agent

Sec2

Provides an OAuth 2.1 authorization server for Model Context Protocol (MCP) servers, enabling secure authentication for AI agents interacting with third-party APIs like Adobe Premiere Pro.

Setup Requirements

  • ⚠️Requires a Cloudflare account for deployment and operation of the OAuth server.
  • ⚠️Requires a Supabase account for the PostgreSQL database backend.
  • ⚠️For the Adobe Premiere Pro integration, Adobe Premiere Pro (24.4+) must be installed and the corresponding UXP/CEP extension configured.
  • ⚠️Requires `wrangler` CLI for deploying the Cloudflare Worker.
Review RequiredView Analysis
The example `mcp-adobe-premiere-pro` server's UXP plugin (`uxp-plugin/bridge.js`) uses `eval(script)` and `app.executeExtendScript(script)` to execute arbitrary ExtendScript code received from command files. These commands are generated by the `PremiereProTools` class based on tool calls from AI agents. This design presents a critical remote code execution vulnerability if an attacker can inject malicious script fragments into tool arguments, bypassing `zod` validation or exploiting vulnerabilities in script string construction. The core `mcp-auth` OAuth server itself demonstrates good security practices (PBKDF2 hashing, JWT signing, PKCE, secure secret management, HTTPS). However, the presence of `eval` in the provided example, meant to be used with this authorization server, significantly lowers the overall safety score.
Updated: 2025-11-28GitHub
42
26
High Cost
aliyun icon
Sec9

AI-powered intelligent data querying, database management, and data migration services for Alibaba Cloud DMS and DTS.

Setup Requirements

  • ⚠️Requires an Alibaba Cloud account with active DMS and DTS services, implying potential cloud service costs.
  • ⚠️Requires specific IAM permissions (AliyunDMSFullAccess) for the provided Alibaba Cloud credentials.
  • ⚠️Database instances must be pre-configured and added to Alibaba Cloud DMS, with 'Security Hosting' enabled for full functionality.
  • ⚠️Requires Python 3.10+ and the 'uv' package manager to run.
Verified SafeView Analysis
The server securely retrieves Alibaba Cloud credentials (Access Key ID, Access Key Secret, Security Token) from environment variables, which is a standard best practice. It connects to Alibaba Cloud's DMS and DTS endpoints, relying on the security of these cloud services. There are no direct uses of 'eval' or other easily exploitable patterns with untrusted input. The primary security consideration is ensuring the provided Alibaba Cloud credentials have appropriately scoped IAM permissions (AliyunDMSFullAccess).
Updated: 2025-12-02GitHub
PreviousPage 80 of 647Next