Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(7756)

41
40
Medium Cost
zaizaizhao icon
Sec7

Generates various chart types using server-side rendering and stores the resulting images in MinIO object storage, providing accessible URLs.

Setup Requirements

  • ⚠️Requires Node.js (v18+) and npm/yarn.
  • ⚠️Requires Docker for easy deployment and MinIO integration.
  • ⚠️Requires system-level dependencies (e.g., Cairo, Pango, libpng) for Canvas image rendering in `@antv/gpt-vis-ssr`, which can be a point of friction during local setup.
  • ⚠️Critical environment variables (`PUBLIC_API_URL`, `MINIO_EXTERNAL_ENDPOINT`, MinIO credentials) must be correctly configured for production deployments to ensure proper external access and security.
Verified SafeView Analysis
The default MinIO credentials (`minioadmin`/`minioadmin`) are hardcoded in `docker-compose.yml` and used by default in `deploy-production.sh`. The README explicitly warns that these *must be changed* for production, but the script still uses them. The MinIO service also sets a public read policy for the 'charts' bucket, meaning generated images are publicly accessible without authentication. CORS is enabled globally, which could be a risk if not restricted to specific origins in production.
Updated: 2025-11-19GitHub
41
21
Medium Cost
intruder-io icon

intruder-mcp

by intruder-io

Sec9

Enables MCP clients to manage and query vulnerability scanning and security posture information from Intruder.io.

Setup Requirements

  • ⚠️Requires an Intruder API Key (potentially paid service).
  • ⚠️Requires a Python environment with 'uv' for local execution.
  • ⚠️Requires Docker for containerized execution.
Verified SafeView Analysis
The server correctly retrieves the Intruder API key from environment variables, preventing hardcoding. All external communication is directed to the official Intruder API endpoint. Pydantic models are used for data validation, enhancing robustness. No dangerous functions like 'eval' or arbitrary shell command execution from user input were detected in the provided source code.
Updated: 2025-11-26GitHub
41
16
High Cost
divar-ir icon

sourcegraph-mcp

by divar-ir

Sec8

Provides AI-enhanced code search and content fetching capabilities from Sourcegraph instances to LLM agents.

Setup Requirements

  • ⚠️Requires access to a Sourcegraph instance (sourcegraph.com or self-hosted).
  • ⚠️Requires Python 3.13+.
  • ⚠️The SRC_ENDPOINT environment variable must be set.
  • ⚠️SRC_ACCESS_TOKEN is required for private Sourcegraph instances.
Verified SafeView Analysis
The server relies on environment variables for sensitive data (SRC_ACCESS_TOKEN) and endpoint configuration, avoiding hardcoded secrets. It does not use 'eval' or other inherently dangerous functions. Network requests are made to a user-configured Sourcegraph endpoint. The primary security consideration is trusting the configured Sourcegraph instance and the integrity of the SRC_ENDPOINT variable to prevent malicious redirection.
Updated: 2025-11-25GitHub
41
22
Medium Cost
ramkansal icon

pentestMCP

by ramkansal

Sec4

Provides an AI-powered interface for ethical penetration testing by exposing a suite of security assessment tools as callable functions for LLM agents.

Setup Requirements

  • ⚠️Docker required for server execution.
  • ⚠️OWASP ZAP instance must be running and accessible within the Docker container for ZAP-related tools.
  • ⚠️The code is stated to be only efficient in Linux environments.
  • ⚠️If building the Docker image locally, the SecLists repository must be cloned into the project directory.
Review RequiredView Analysis
The `start_services.sh` script hardcodes a ZAP API key (`ZAP_API_KEY="v6r0iikqecitmhhj2kistk1iui"`). This is a critical security vulnerability as it grants full control over the ZAP instance to anyone who obtains this key, especially if ZAP's API is exposed (e.g., via Docker port mapping) or if any other process inside the container can read this file. While `shlex.split()` is used for argument parsing, the inherent nature of penetration testing tools means user-provided arguments can initiate destructive actions, requiring strict user authorization and ethical use. Paths to tools like Nuclei (`/root/go/bin/nuclei`) and Subfinder (`/root/go/bin/subfinder`) are hardcoded, relying on their specific installation within the Docker image.
Updated: 2025-12-14GitHub
41
12
Medium Cost
brenoepics icon

prometheus-mcp

by brenoepics

Sec9

Provides a Model Context Protocol (MCP) interface and CLI tools for querying Prometheus metrics, including discovery, instant/range queries, and an optional metrics exporter.

Setup Requirements

  • ⚠️Requires a running Prometheus instance to connect to (default: http://localhost:9090).
  • ⚠️Docker is the recommended installation method for MCP clients; otherwise, a Rust toolchain or prebuilt binaries are needed.
  • ⚠️Docker users may need specific network configurations (e.g., `--network host` on Linux, `http://host.docker.internal` on macOS/Windows) to reach Prometheus on the host.
Verified SafeView Analysis
The server primarily operates as a stdio JSON-RPC server, which is inherently secure for inter-process communication within a trusted environment. An optional HTTP metrics exporter opens a port (default 9091) which is well-documented but lacks authentication. The project explicitly warns users to keep this endpoint on localhost when not running via stdio. Prometheus connection details (URL, basic auth) are configured via environment variables or CLI arguments, preventing hardcoding of secrets. No 'eval' or malicious patterns were found in the provided source code.
Updated: 2025-12-08GitHub
41
22
Medium Cost
influxdata icon
Sec3

An MCP server that integrates with various InfluxDB v3 instances (Core, Enterprise, Cloud Dedicated, Clustered, Serverless) to provide tools, resources, and prompts for interaction via MCP clients.

Setup Requirements

  • ⚠️Requires an InfluxDB 3 instance with specific URL and token combinations, which vary significantly based on the InfluxDB product type (Core/Enterprise, Cloud Serverless, Cloud Dedicated, Clustered).
  • ⚠️The configuration for Cloud Dedicated and Clustered instances can be complex, requiring separate database and management tokens, and in some cases, account/cluster IDs.
  • ⚠️For InfluxDB Clustered deployments, the server explicitly disables SSL certificate validation (`rejectUnauthorized: false`), posing a significant security risk for data in transit.
Review RequiredView Analysis
The server uses `rejectUnauthorized: false` for `InfluxProductType.Clustered` in its HTTP client, which disables SSL certificate validation and makes it vulnerable to man-in-the-middle attacks. This is a critical network security risk. Additionally, sensitive token management operations (creation, listing, regeneration, deletion of admin and resource tokens) are exposed via tools, which could be exploited if the MCP client or the underlying environment is compromised. While environment variables are used for secrets, the `ContextFileService` reads local files, which, if combined with other vulnerabilities or misconfigurations, could lead to local file inclusion risks.
Updated: 2025-12-02GitHub
41
12
Medium Cost
prefrontal-systems icon

cortexgraph

by prefrontal-systems

Sec9

CortexGraph serves as a Model Context Protocol (MCP) server providing short-term memory for AI assistants, featuring temporal decay, spaced repetition, multi-agent consolidation (merge, promote, relate), and long-term memory integration with Obsidian vaults. It aims to prevent memory loss and surface relevant context naturally in conversations.

Setup Requirements

  • ⚠️Requires Python 3.9+ (implied by FastAPI/Pydantic usage patterns)
  • ⚠️Optional features (embeddings, spaCy entity extraction) may require additional model downloads (e.g., `sentence-transformers`, `en_core_web_sm`)
  • ⚠️Multi-agent consolidation relies on the 'beads' CLI tool, which must be installed and accessible in PATH
  • ⚠️JSONL storage loads all memories into RAM, limiting scalability for very large datasets; SQLite is an alternative but some search/filter operations may still be memory-intensive if not pushed to the DB layer
  • ⚠️Long-Term Memory (LTM) promotion/search requires `CORTEXGRAPH_LTM_VAULT_PATH` environment variable to be configured, pointing to an Obsidian vault.
Verified SafeView Analysis
The project demonstrates robust security practices. Input validators prevent DoS and injection attacks, path utilities safeguard against traversal, and explicit permission management secures storage. Secrets detection proactively warns users about sensitive data. API rate limiting is implemented. 'subprocess' calls to the 'bd' CLI are handled with careful argument construction and JSON parsing. Comprehensive security modules (`security/permissions.py`, `security/paths.py`, `security/secrets.py`, `security/validators.py`) are a strong positive.
Updated: 2025-12-12GitHub
41
18
Low Cost
arm icon

mcp

by arm

Sec6

This MCP server provides AI assistants with specialized tools and a knowledge base to assist with Arm architecture development, code migration, and performance optimization.

Setup Requirements

  • ⚠️Requires Docker with buildx support (for multi-arch builds, though single-platform builds are faster).
  • ⚠️Requires an MCP-compatible AI assistant client (e.g., GitHub Copilot, AWS Kiro CLI).
  • ⚠️Requires careful configuration of a Docker volume mount (`-v /path/to/your/workspace:/workspace`) for the server to access project files, with incorrect paths being a common troubleshooting issue.
  • ⚠️Migration scans can be long-running and may require increasing the MCP client's timeout setting.
Verified SafeView Analysis
The server extensively uses `subprocess.run` to execute external CLI tools (`migrate-ease-*`, `skopeo`, `llvm-mca`). While commands are passed as a list of strings, which mitigates direct shell injection (no `shell=True`), arbitrary user-controlled `extra_args` in `migrate_ease_scan` and `mca`, and `input_path` in `mca`, could potentially lead to argument injection attacks (e.g., overriding flags, specifying malicious output paths within the mounted workspace) or unauthorized file access within the mounted `/workspace`. The server runs within a Docker container, providing a degree of isolation. No direct `eval` calls or hardcoded secrets were found.
Updated: 2025-12-11GitHub
41
17
Low Cost
tolkonepiu icon

best-of-mcp-servers

by tolkonepiu

Sec9

This repository serves as a curated and ranked list of open-source Model Context Protocol (MCP) servers across various domains.

Setup Requirements

  • ⚠️Contributions require modifying `projects.yaml` directly or via GitHub UI.
  • ⚠️Full list generation (of the README.md) relies on an external `best-of-generator` tool.
  • ⚠️Requires a GitHub account for submitting contributions (issues/pull requests).
Verified SafeView Analysis
This repository is a collection of Markdown and YAML configuration files used to generate a curated list. It does not contain executable server code within the provided source. Security concerns would primarily relate to the external `best-of-generator` tool it relies on and the security of the listed third-party MCP servers, neither of which are part of this repository's direct source code.
Updated: 2025-12-15GitHub
41
3
Medium Cost
Fawzy-AI-Explorer icon

ObsidianMate

by Fawzy-AI-Explorer

Sec9

An intelligent, AI-powered assistant designed to supercharge Obsidian note-taking workflows.

Setup Requirements

  • ⚠️Requires Python 3.12 or higher
  • ⚠️Requires Docker for MCP (Model Context Protocol) servers (Obsidian, YouTube Transcript)
  • ⚠️Requires a Google API Key (Paid for LLM usage)
  • ⚠️Requires an Obsidian API Key for vault interaction
Verified SafeView Analysis
Secrets (API keys) are handled using `SecretStr` from Pydantic settings, loaded from environment variables or .env files, which is good practice. The application runs a FastAPI server exposed on 0.0.0.0:8000 and leverages Docker for MCP services (Obsidian, YouTube Transcript, Excalidraw), which might expose additional network interfaces. Proper network isolation and firewall rules are recommended for production deployment. No direct `eval` calls or clear malicious patterns were found.
Updated: 2025-11-30GitHub
41
2
Medium Cost
yejianye icon
Sec9

Provides semantic search and connection discovery within Obsidian vaults, leveraging pre-generated embeddings, for both command-line users and AI agents via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Node.js >= 18.0.0.
  • ⚠️Requires the Smart Connections Obsidian plugin to be installed and the vault indexed within Obsidian, as it relies on plugin-generated embedding data ('.smart-env/').
  • ⚠️Requires the `OBSIDIAN_VAULT` environment variable to be set or the `--vault`/`vault_path` argument to be provided for specifying the Obsidian vault path.
Verified SafeView Analysis
The server and CLI operate on local, pre-indexed Obsidian vault data, performing only read operations. Robust path validation mechanisms (e.g., `fs.realpathSync`, `path.relative` checks) are implemented when handling user-provided note paths to prevent path traversal attacks, ensuring all operations remain strictly within the defined vault boundary. Embedding generation for queries uses `@xenova/transformers` locally, mitigating external network risks during inference. No direct `eval` usage or hardcoded sensitive information was found.
Updated: 2025-11-25GitHub
41
24
Medium Cost
hauptsacheNet icon

typo3-mcp-server

by hauptsacheNet

Sec9

Provides a Model Context Protocol (MCP) server for TYPO3, enabling AI assistants to safely manage and analyze pages and records through TYPO3's workspace system.

Setup Requirements

  • ⚠️Requires TYPO3 v13.4+
  • ⚠️Requires PHP 8.1+
  • ⚠️LLM API key (e.g., ANTHROPIC_API_KEY) is required to run LLM-specific tests, which will incur costs.
Verified SafeView Analysis
The project prioritizes security through a 'TCA-First' approach, robust input validation, and automatic workspace handling which ensures AI changes are staged, not immediately live. Extensive edge case tests cover SQL injection, mass assignment, and various permission types (table, field, workspace, language, mount point, operation). OAuth is used for backend user authentication. File reference tables (`sys_file_reference`) are intentionally restricted due to workspace limitations. A minor concern is the hardcoded admin password `Admin123!` in the `Build/setup-typo3.sh` script, though this script is for a test setup and not intended for production deployment.
Updated: 2025-11-30GitHub
PreviousPage 83 of 647Next