Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

42
1
Medium Cost
madamak icon
Sec9

Enables AI agents to inspect Apache Airflow DAGs, runs, and logs, and perform operational tasks like triggering, pausing, and clearing resources across multiple instances.

Setup Requirements

  • ⚠️Requires `AIRFLOW_MCP_INSTANCES_FILE` environment variable pointing to a YAML configuration file.
  • ⚠️Airflow instance credentials (username/password/token) must be provided via environment variables, referenced within the YAML configuration.
  • ⚠️Depends on `apache-airflow-client` Python package, which must be compatible with the target Airflow API version (2.7.0 to 3.0.0).
Verified SafeView Analysis
The server includes robust measures against SSRF attacks by strictly validating UI URLs against configured instance hostnames. Sensitive credentials are managed via environment variables and are not logged or exposed directly. The use of `ast.literal_eval` for log parsing is controlled and safe. Bearer token authentication is explicitly marked as 'experimental'.
Updated: 2025-11-30GitHub
42
29
Medium Cost
bitrise-io icon

bitrise-mcp

by bitrise-io

Sec9

Integrate Bitrise CI/CD operations with AI assistants via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️A Bitrise Personal Access Token (PAT) is mandatory for authenticating with the Bitrise API.
  • ⚠️For running the server locally, Go (version >= 1.25) must be installed.
  • ⚠️Environment variables (e.g., BITRISE_TOKEN) must be correctly set and sourced for local server modes, with some IDEs like AWS Kiro having specific requirements for when variables are read.
Verified SafeView Analysis
No apparent malicious patterns, dynamic code execution, or hardcoded sensitive credentials within the server's source code. Personal Access Tokens (PATs) are handled securely via environment variables or HTTP headers, aligning with best practices. The server includes logging with configurable levels and proper error handling. The primary security consideration for users is ensuring secure management of their Bitrise PATs and properly configuring network access if using the HTTP transport.
Updated: 2026-01-19GitHub
42
1
Medium Cost
jiahuidegit icon

memory-mcp-server

by jiahuidegit

Sec8

A structured AI context memory system designed for Claude Code, focusing on comprehensive context preservation and multi-level retrieval for developer tasks.

Setup Requirements

  • ⚠️Requires Node.js >=18.0.0 and pnpm >=8.0.0 to build from source or run globally.
  • ⚠️Semantic search (L3 retrieval strategy) requires an embedding service. This can be configured to use OpenAI (requires a paid API key) or Ollama (free, requires a local Ollama server running 'nomic-embed-text' or a compatible model).
  • ⚠️PostgreSQL storage, suitable for team/production use, requires setting the 'DATABASE_URL' environment variable and relies on Prisma for schema management, which the MCP server attempts to automatically push on first run.
Verified SafeView Analysis
The server relies on environment variables for sensitive database connections. SQL injection risks are mitigated by using parameterized queries through 'better-sqlite3' for SQLite and Prisma for PostgreSQL. The 'execSync' command is used for Prisma database migrations, which is a controlled administrative task and not directly exposed to untrusted user input. No 'eval' or other blatant malicious patterns were found.
Updated: 2026-01-19GitHub
42
1
Medium Cost
Adidem23 icon
Sec2

Cardano J.A.R.V.I.S is an intelligent AI-powered automation system that allows users to perform Cardano blockchain operations using natural voice commands.

Setup Requirements

  • ⚠️Requires specific Windows OS setup for 'pyautogui' desktop automation (e.g., D: drive paths, specific screen assets).
  • ⚠️Requires a browser-based Cardano wallet (e.g., Typhon) installed and configured for 'pyautogui' to automate.
  • ⚠️Requires API keys for Google Gemini, Masumi Registry, and Masumi Payment services (likely paid).
  • ⚠️Python 3.12+ is required for the Masumi MCP server component.
Review RequiredView Analysis
The system utilizes 'pyautogui' for UI automation (e.g., opening wallets, typing addresses, clicking buttons). This grants the AI agent complete control over the user's desktop environment, which is a critical security vulnerability. A compromised or hallucinating AI could perform arbitrary, unauthorized actions, including accessing sensitive data or initiating unintended transactions outside the intended blockchain context, bypassing programmatic checks. Additionally, the FastAPI backend has CORS configured with `allow_origins=["*"]`, making it vulnerable to requests from any origin, which is highly insecure for a server handling blockchain operations.
Updated: 2025-12-01GitHub
42
25
High Cost
Mnehmos icon

rpg-mcp-servers

by Mnehmos

Sec8

This server suite provides advanced D&D 5e combat and game state management functionalities for AI-powered Dungeon Master experiences, including 3D spatial combat, character and inventory management, quest tracking, and dynamic spell creation.

Setup Requirements

  • ⚠️Requires Roo Code VS Code extension (or CLI) for Model Context Protocol communication.
  • ⚠️Requires manual configuration of `mcp_settings.json` with specific project paths for the MCP client to recognize the local servers.
  • ⚠️The system consists of two separate Node.js servers (`game-state-server` and `combat-engine-server`) that must be built and run concurrently in separate terminals.
Verified SafeView Analysis
The server suite is designed for local or controlled environments. Input validation for dice notation is implemented using regular expressions, mitigating arbitrary code execution through dice strings. MCP tool definitions enforce schema validation, reducing risks from malformed input. SQLite is used for local persistence. No hardcoded external secrets are exposed in the provided code. Running two separate Node.js processes locally (game-state-server and combat-engine-server) limits direct external exposure, assuming proper firewall configurations. The use of 'better-sqlite3' with prepared statements typically protects against SQL injection. However, a comprehensive audit would be needed for all database interaction points and the full MCP SDK.
Updated: 2025-12-06GitHub
42
29
Medium Cost
aywengo icon
Sec10

A comprehensive Model Context Protocol (MCP) server that provides Claude Desktop and other MCP clients with tools for Kafka Schema Registry operations, including schema management, migration, and export.

Setup Requirements

  • ⚠️Requires a running Kafka Schema Registry instance (SCHEMA_REGISTRY_URL) to connect to.
  • ⚠️Docker is highly recommended for deployment and testing; local Python setup also possible.
  • ⚠️OAuth 2.1 configuration (AUTH_ISSUER_URL, AUTH_AUDIENCE) is required if authentication (ENABLE_AUTH) is enabled.
  • ⚠️Default ports (e.g., 38000 for MCP server, 38081-38082 for registries) may conflict with existing services.
Verified SafeView Analysis
The server implements robust security measures, achieving 'perfect 100/100 MCP 2025-06-18 Specification Score'. It includes comprehensive OAuth 2.1 compliance with mandatory PKCE, RFC 8707 resource indicators, secure HTTP headers (e.g., Strict-Transport-Security, Content-Security-Policy), and URL validation to prevent SSRF. Sensitive data is filtered from logs, and containers are designed for non-root execution. No obvious 'eval' or other highly dangerous patterns without clear justification were found in the provided code snippets.
Updated: 2026-01-19GitHub
42
14
Low Cost
janwilmake icon

install-this-mcp

by janwilmake

Sec4

The tool generates comprehensive, client-specific installation guides for remote Model Context Protocol (MCP) servers, reducing friction for server maintainers.

Setup Requirements

  • ⚠️Only supports remote MCP servers, local MCPs are out of scope.
  • ⚠️Only supports public MCPs (without auth) or MCPs with OAuth, API key-based authentication is not supported.
  • ⚠️Relies on the availability and content of '.well-known/mcp' metadata from the provided MCP server URL.
Verified SafeView Analysis
The Cloudflare Worker fetches metadata (MCPServerCard) from a user-provided MCP URL. Fields like `description` and `instructions` from this metadata are directly embedded into the generated HTML with minimal sanitization (only Markdown-like replacements for `**` to `<strong>` and `\n` to `<br>`). This creates a Reflected Cross-Site Scripting (XSS) vulnerability, as a malicious MCP server could inject arbitrary HTML or JavaScript into these fields, which would then execute in the user's browser when they view the generated guide. Additionally, the `serverIcon` URL is directly inserted into an `<img>` tag without URL encoding, potentially allowing XSS via crafted `javascript:` URLs if the icon source is malicious. While no `eval` or hardcoded secrets are present, this vulnerability due to improper input sanitization for dynamically generated content is critical.
Updated: 2025-11-30GitHub
42
25
Low Cost
Kyure-A icon
Sec8

Controls Svakom Sam Neo sex toys by bridging Model Context Protocol (MCP) commands to the Buttplug protocol for device interaction.

Setup Requirements

  • ⚠️Requires a local Buttplug server running and accessible at `ws://localhost:12345`.
  • ⚠️Requires a Svakom Sam Neo device (Original, Neo 2, or Neo 2 Pro) connected to the Buttplug server.
  • ⚠️Requires Node.js and pnpm to install dependencies and run the server.
Verified SafeView Analysis
The server connects to a local Buttplug server via websocket (`ws://localhost:12345`), limiting direct external network exposure. There are no apparent hardcoded sensitive credentials or direct calls to external APIs. Debugging information is logged to `console.error`. The use of `ActuatorType: "Constrict" as any` is a type safety workaround but not a direct security vulnerability. The overall security relies heavily on the local Buttplug server's configuration and security.
Updated: 2025-12-11GitHub
42
16
Low Cost
bonigarcia icon

context-engineering

by bonigarcia

Sec8

Provides a Model Context Protocol (MCP) server that enables AI agents to control a web browser using Selenium for web automation tasks.

Setup Requirements

  • ⚠️Requires Node.js to be installed locally.
  • ⚠️Requires a local web browser (e.g., Chrome, Firefox) to be installed.
  • ⚠️The server does not directly incur LLM token costs as it is a tool provider, not an LLM itself.
Verified SafeView Analysis
The server itself runs locally and communicates via standard input/output (stdin/stdout), which significantly limits direct network exposure. Input validation for tool parameters (like 'url' for 'navigate_url' and 'browser_name' for 'open_browser') is handled by Zod. However, the core functionality involves controlling a local web browser via Selenium. If this server were exposed to untrusted or unsanitized external inputs (e.g., through a poorly secured wrapper API), an attacker could potentially instruct the local browser to visit malicious websites, scrape sensitive information from pages it navigates to, or trigger browser-specific vulnerabilities. The risk is primarily in the capabilities exposed (browser control) rather than internal code vulnerabilities like 'eval' or hardcoded secrets, which are not present.
Updated: 2026-01-19GitHub
42
12
Low Cost
ssssota icon

chapplin

by ssssota

Sec8

A framework for building type-safe ChatGPT Apps using the OpenAI Apps SDK with JSX-based UI rendering, streamlining the development and build process for Model Context Protocol (MCP) servers.

Setup Requirements

  • ⚠️Requires familiarity with the OpenAI Apps SDK and Model Context Protocol for effective application development.
  • ⚠️Requires Node.js (version >=18) and pnpm as the package manager for installation and development.
  • ⚠️Developers need to be proficient with TypeScript and JSX syntax, choosing a UI library (React, Preact, Hono JSX, or SolidJS) for widget development.
Verified SafeView Analysis
The `chapplin` framework itself doesn't expose glaring runtime security vulnerabilities in its core logic, relying on established server (Hono, Express) and build (Vite, Rollup) technologies. The build process involves parsing and transforming developer-provided code (e.g., JSX components into HTML widgets), which is a common pattern in build tools but carries inherent risks if not handled securely or if underlying dependencies have flaws. No direct use of `eval` or hardcoded secrets found within the provided source code for the framework's runtime. Environment variables like `OPENAI_API_KEY` would be critical for applications built with `chapplin` to interact with OpenAI services, but are not directly required by the framework's core to function.
Updated: 2026-01-19GitHub
42
184
Medium Cost
huggingface icon

hf-mcp-server

by huggingface

Sec7

The Hugging Face MCP Server acts as a universal adapter, allowing various LLM clients (like Claude, Gemini, VSCode, Cursor) to interact with the Hugging Face Hub, Gradio applications, and other Hugging Face services through a standardized Model Context Protocol (MCP) interface.

Setup Requirements

  • ⚠️Requires a Hugging Face API Token (`DEFAULT_HF_TOKEN` or `HF_TOKEN`) for most functionalities, especially authenticated operations and higher rate limits.
  • ⚠️Relies heavily on external Hugging Face APIs; network connectivity to `huggingface.co` and `*.hf.space` is essential.
  • ⚠️Local execution requires Node.js (>=18) and pnpm, or Docker as an alternative.
Verified SafeView Analysis
The server's design focuses on proxying and facilitating interactions with external Hugging Face APIs and Gradio Spaces. It handles authentication via Hugging Face tokens, which can be provided in the Authorization header or as a `DEFAULT_HF_TOKEN` environment variable. The `start.sh` script explicitly warns about the security implications of `DEFAULT_HF_TOKEN`, indicating awareness of this risk. Extensive network interactions occur with `huggingface.co` and `*.hf.space`. CORS is configured with a default allowlist but is overrideable via environment variables. Input validation for tool calls is performed using `zod` schemas, mitigating common injection risks. While the server constructs commands for remote job execution (e.g., `uv run` commands for the Hugging Face Jobs API), it does not execute these commands locally, shifting that security boundary to the remote Hugging Face Jobs platform. No direct instances of `eval()` for local server execution were found. The primary security considerations for operators revolve around secure management of Hugging Face API tokens and careful configuration of environment variables, especially `DEFAULT_HF_TOKEN` and `CORS_ALLOWED_ORIGINS`.
Updated: 2025-12-18GitHub
42
1
Medium Cost
auth-agent icon

mcp-auth

by auth-agent

Sec2

Provides an OAuth 2.1 authorization server for Model Context Protocol (MCP) servers, enabling secure authentication for AI agents interacting with third-party APIs like Adobe Premiere Pro.

Setup Requirements

  • ⚠️Requires a Cloudflare account for deployment and operation of the OAuth server.
  • ⚠️Requires a Supabase account for the PostgreSQL database backend.
  • ⚠️For the Adobe Premiere Pro integration, Adobe Premiere Pro (24.4+) must be installed and the corresponding UXP/CEP extension configured.
  • ⚠️Requires `wrangler` CLI for deploying the Cloudflare Worker.
Review RequiredView Analysis
The example `mcp-adobe-premiere-pro` server's UXP plugin (`uxp-plugin/bridge.js`) uses `eval(script)` and `app.executeExtendScript(script)` to execute arbitrary ExtendScript code received from command files. These commands are generated by the `PremiereProTools` class based on tool calls from AI agents. This design presents a critical remote code execution vulnerability if an attacker can inject malicious script fragments into tool arguments, bypassing `zod` validation or exploiting vulnerabilities in script string construction. The core `mcp-auth` OAuth server itself demonstrates good security practices (PBKDF2 hashing, JWT signing, PKCE, secure secret management, HTTPS). However, the presence of `eval` in the provided example, meant to be used with this authorization server, significantly lowers the overall safety score.
Updated: 2025-11-28GitHub
PreviousPage 82 of 760Next