Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

42
15
Medium Cost
yoavf icon
Sec9

Allows AI agents to search, list, and read your previous local coding sessions from multiple CLI coding agents.

Setup Requirements

  • ⚠️Requires Go 1.25 or later to build from source.
  • ⚠️Requires an MCP-compatible AI client (e.g., Claude Code, OpenAI Codex, Gemini CLI) to use as a server.
  • ⚠️Manual PATH configuration may be required after installation via `install.sh`.
Verified SafeView Analysis
The server runs locally and primarily reads user-generated session files from well-defined paths within the user's home directory (`~/.claude`, `~/.codex`, etc.). This is its core functionality and expected behavior. The installation script uses `curl | bash`, which always carries inherent risk, though it mitigates this by performing checksum verification of downloaded binaries from GitHub Releases. The `openBrowser` function, which executes external commands, is restricted by `validateAPIURL` to only open trusted domains (`https://aisessions.dev`, `http://localhost:*`, `http://127.0.0.1:*`), preventing arbitrary command execution via malicious URLs. User authentication tokens are stored in `~/.aisessions/config.json` with secure `0600` file permissions. No hardcoded secrets were found. No `eval` or similar direct code execution vulnerabilities are apparent in the Go source code. The CLI upload feature includes a 'Data Responsibility Notice' and requires user confirmation before uploading sensitive data.
Updated: 2025-12-13GitHub
42
27
Medium Cost
GitGuardian icon

ggmcp

by GitGuardian

Sec9

A focused MCP server for developers, providing remediation tools for secrets detected in code and honeytoken management capabilities.

Setup Requirements

  • ⚠️Requires `uv` for package installation and dependency management.
  • ⚠️Requires Python 3.10+ (Python 3.13+ is recommended for development).
  • ⚠️Authentication with GitGuardian is necessary, either via a Personal Access Token (PAT) environment variable or an interactive OAuth 2.0 PKCE flow (opens a browser).
  • ⚠️Honeytoken management features may be omitted for self-hosted GitGuardian instances unless specifically enabled and the user holds a 'manager' role with appropriate scopes.
Verified SafeView Analysis
Developed by GitGuardian, a security company, the server incorporates robust security practices. It supports OAuth 2.0 PKCE and Personal Access Token (PAT) authentication, with strict scope-based access control for individual tools. Sensitive data is redacted in VCR test cassettes, and development workflows leverage `ggshield` pre-commit/pre-push hooks to prevent secret leaks in the repository itself. The server is designed to operate with 'read-only' permissions for AI agents by default, minimizing potential risks. There is no evidence of dangerous patterns like `eval()` or dynamic code execution from untrusted input in the core server logic.
Updated: 2026-01-16GitHub
42
11
Medium Cost
Algiras icon

skillz

by Algiras

Sec9

Skillz enables AI agents to dynamically build, manage, and execute custom tools at runtime using WebAssembly and scripts, with features like persistent memory, Docker service orchestration, and external MCP server integration.

Setup Requirements

  • ⚠️Requires `rustup target add wasm32-wasip1` for WASM tool compilation.
  • ⚠️Docker must be installed and running for Docker service management.
  • ⚠️Ensure `~/.cargo/bin` is in your PATH for client visibility, or use absolute path.
Verified SafeView Analysis
The server implements robust security measures including a fully sandboxed WebAssembly runtime for Rust tools, and optional Linux sandboxing (bubblewrap, firejail, nsjail) for script tools. Environment variables passed to tools are strictly filtered, with `SKILLZ_*` prefixed variables forwarded for secrets. Tool imports from Git/Gist are supported, with the imported code subject to the same sandboxing. Docker services add a dependency on Docker's security model, but are managed within a dedicated network and prefixed volumes. No 'eval' or direct obfuscation patterns were observed; the codebase is transparent Rust.
Updated: 2026-01-10GitHub
42
20
High Cost
Zhang-986 icon

Stardew-Sage

by Zhang-986

Sec2

An AI-powered assistant for Stardew Valley, providing conversational AI, RAG-powered search, multimodal image analysis, daily game insights, and personalized recommendations.

Setup Requirements

  • ⚠️Requires a paid ZhipuAI (or OpenAI compatible) API Key for AI operations.
  • ⚠️Requires MySQL 8.0+ database, with schema and data imported from `database.sql`.
  • ⚠️Requires RedisStack (Redis with RediSearch module) for vector store functionality, standard Redis is insufficient.
  • ⚠️Java 17+ and Node.js 8.9+ (with npm) are required for backend and frontend components respectively.
Review RequiredView Analysis
Critical security vulnerabilities detected: - **SQL Injection**: The `DatabaseMapper` directly injects `tableName` into SQL queries (e.g., `SELECT * FROM ${tableName}`) in `getTableInfo` and `getSampleData` methods, which are exposed via `RagLoadController`. While `getTableInfo` performs a whitelist check, `getSampleData` called by `getRAGDataInfo` does not, creating a severe SQL injection risk. This allows arbitrary table data access or potential database manipulation. - **Hardcoded Sensitive Credentials**: AI API keys (`spring.ai.openai.api-key`), Redis credentials (`spring.data.redis.password`, `host`), MySQL database credentials (`spring.datasource.password`, `username`, `url`), and even Druid monitoring credentials (`login-password`) are hardcoded directly in `application.yml` and `application-druid.yml` within the source code. This is a major security flaw, exposing sensitive access tokens and database access information. - **Wide-Open CORS Policy**: The `CorsConfig` allows `*` for `allowedOrigins`, `allowedMethods`, and `allowedHeaders`, making the API vulnerable to cross-origin attacks in a production environment. - **Hardcoded RSA Keys**: `jsencrypt.js` in the frontend hardcodes public and private RSA keys, which could be a risk if used for sensitive server-side operations or if client-side code is easily tampered with to bypass protections. While likely used for client-side password encryption, it's generally best practice to avoid hardcoding keys.
Updated: 2025-12-14GitHub
42
25
Medium Cost
hashicorp icon

vault-mcp-server

by hashicorp

Sec9

Provides a Model Context Protocol (MCP) server implementation to integrate HashiCorp Vault secrets management and PKI operations with LLM clients.

Setup Requirements

  • ⚠️Requires Docker.
  • ⚠️Requires a running HashiCorp Vault server.
  • ⚠️Requires a valid Vault token with appropriate permissions.
Verified SafeView Analysis
The server implements robust security features including configurable CORS policies (`MCP_ALLOWED_ORIGINS`, `MCP_CORS_MODE`), TLS support (`MCP_TLS_CERT_FILE`, `MCP_TLS_KEY_FILE`), and global/per-session rate limiting. It explicitly rejects Vault tokens passed via URL query parameters. It uses environment variables for sensitive configurations, preventing hardcoding. The README clearly warns that the server is intended for local use only and that exposing Vault data (including secrets) to untrusted LLMs/clients is a significant inherent risk that users must mitigate.
Updated: 2026-01-15GitHub
42
36
Medium Cost
angrysky56 icon

mcp-logic

by angrysky56

Sec8

An MCP server for automated first-order logic reasoning, including theorem proving, model finding, counterexample finding, and categorical reasoning.

Setup Requirements

  • ⚠️Requires local installation and build of LADR (Prover9/Mace4) which involves git, cmake, and build-essential tools. The setup script attempts to automate this.
  • ⚠️The server requires the `--prover-path` argument to specify the absolute path to the Prover9/Mace4 binaries. This path is auto-generated in the `claude-app-config.json` during setup but needs manual update if the repository is moved.
  • ⚠️Different setup scripts are provided for Linux/macOS and Windows, indicating OS-specific installation steps.
Verified SafeView Analysis
The server uses `subprocess.run` to execute external binaries (Prover9/Mace4). While the input to these binaries is crafted from user input, it's passed as a list of arguments and not via `shell=True`, which mitigates common command injection risks. Temporary files are used for input, which are then cleaned up. The setup script downloads and builds the LADR library (Prover9/Mace4) from a third-party GitHub repository, which assumes the integrity of that external project. No hardcoded secrets or direct network calls from the core logic are evident.
Updated: 2025-12-12GitHub
42
48
Medium Cost
aashari icon
Sec9

Connects AI assistants to Jira projects, issues, and workflows to enable natural language interaction for project management and issue tracking.

Setup Requirements

  • ⚠️Requires an Atlassian Jira API Token for authentication.
  • ⚠️Supports Jira Cloud only; Jira Server/Data Center are not currently supported.
  • ⚠️Requires Node.js version 18.0.0 or higher.
Verified SafeView Analysis
The server handles sensitive Jira credentials by loading them from environment variables or a user's local configuration file (~/.mcp/configs.json), rather than hardcoding them. Input validation for tool arguments is implemented using Zod. JMESPath (jq) is used for data filtering, which is a safe query language, not allowing arbitrary code execution. File I/O operations for logging and raw response storage are restricted to user-specific directories (~/.mcp/data/ and /tmp/mcp/), minimizing risks to system files. JSON parsing for API responses is considered safe as Jira's API is a trusted source.
Updated: 2026-01-07GitHub
42
1
Low Cost
DICloak-Inc icon
Sec5

Enables natural language interaction with Dicloak Local API functions through GPT/MCP clients for environment, group, proxy, member, and social media automation.

Setup Requirements

  • ⚠️Requires DICLOAK_API_KEY and DICLOAK_BASE_URL, which must be obtained from a Dicloak account.
  • ⚠️The DICLOAK_BASE_URL requires '/openapi' to be manually appended after copying from the Dicloak settings.
  • ⚠️Requires Node.js and npm/npx to be installed locally to run the bridge.
Review RequiredView Analysis
The provided source code is a README only, so direct code analysis for 'eval', obfuscation, or other malicious patterns is not possible. Running `npx dicloak-local-api-mcp-bridge` involves downloading and executing a third-party Node.js package, which introduces inherent supply chain risks. Sensitive credentials (`DICLOAK_API_KEY`, `DICLOAK_BASE_URL`) are passed as environment variables to this external process.
Updated: 2025-11-28GitHub
42
1
Low Cost

mcpx-mcp-server

by YudaiKitamura

Sec7

Enables generative AI to access and control Mitsubishi PLC devices in real time via an MCP server.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose to be installed for deployment.
  • ⚠️Requires manual configuration of PLC connection details (IP, Port, communication mode) in `app/src/.env`.
  • ⚠️Requires defining device addresses, names, and comments in `app/src/address-comment.json` for named access.
  • ⚠️The generative AI client (e.g., Gemini CLI) needs to be configured to point to the MCP server's URL.
Verified SafeView Analysis
The server acts as a bridge between generative AI and industrial control systems (PLCs) over a local network. While the AI interface is designed for local access (localhost), any compromise of the server could potentially impact physical processes. PLC connection details are stored in an .env file. Secure network segmentation and access control are critical when deploying in environments connected to production PLCs.
Updated: 2025-11-18GitHub
42
32
Medium Cost
rhblind icon
Sec3

Connects Large Language Models (LLMs) to an Emacs environment, allowing LLMs to interact with and control Emacs functionality via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Emacs 27.1+ (for native JSON support).
  • ⚠️Requires `socat` for client connections (especially for the shell wrapper and direct `socat` client integrations).
  • ⚠️Requires Python 3 for the `mcp-wrapper.py` and Python client test scripts.
Review RequiredView Analysis
The server includes an `eval-elisp` tool which allows remote execution of arbitrary Emacs Lisp code by the connected LLM. While the project implements a sophisticated permission system, input validation, and execution limits, the README explicitly states that 'Using `eval-elisp` requires trusting the LLM completely' and details known bypasses (e.g., `funcall`, `apply`, macro evaluation) that can circumvent security checks. This inherent capability for remote code execution makes it a critical security risk if the LLM is untrusted or compromised, despite defense-in-depth measures.
Updated: 2026-01-08GitHub
42
14
High Cost
serkan-ozal icon

browser-devtools-mcp

by serkan-ozal

Sec8

This MCP server provides AI coding assistants with comprehensive browser automation and debugging capabilities using Playwright, enabling execution-level and visual debugging for web pages.

Setup Requirements

  • ⚠️Requires Playwright browser installation (managed by Playwright, but might need system dependencies).
  • ⚠️Requires `FIGMA_ACCESS_TOKEN` for `figma_compare-page-with-design` tool.
  • ⚠️Requires `AWS_REGION` and `AWS_PROFILE` (or other AWS credentials configuration) for Amazon Bedrock integrations (image/text embedding, vision models).
  • ⚠️Requires `BROWSER_PERSISTENT_ENABLE=true` and manual installation of 'React Developer Tools' Chrome extension in the browser profile for optimal reliability of React component inspection tools.
Verified SafeView Analysis
The `run_js-in-sandbox` tool utilizes Node.js `vm.createContext` for code execution, which offers context isolation but is explicitly stated in the documentation as 'NOT a security boundary' and 'intended for trusted automation logic'. It mitigates risks by carefully whitelisting safe built-ins and explicitly blocking dangerous Node.js APIs like `require`, `process`, and `fs`. The `run_js-in-browser` tool executes arbitrary JavaScript within the browser page context using Playwright's `page.evaluate()`, which is an inherent part of browser automation and operates with the permissions of the loaded web page. External API integrations, such as with Figma, rely on sensitive access tokens, which are configured via environment variables to avoid hardcoding.
Updated: 2026-01-19GitHub
42
28
Low Cost
royyannick icon
Sec10

A curated list of Model Context Protocol (MCP) servers, enabling AI models to interact with various blockchain networks, crypto market data, and decentralized finance protocols.

Verified SafeView Analysis
The provided source code is a `README.md` file, which serves as a curated list of external MCP servers. It contains no executable code, hardcoded secrets, 'eval' statements, or direct network risks within this repository itself. The security of the external MCP servers listed in this repository would require independent audits.
Updated: 2025-11-26GitHub
PreviousPage 81 of 760Next