Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

42
11
Medium Cost
aserper icon

doc-mcp-server

by aserper

Sec5

Provides real-time access to up-to-date documentation from various package ecosystems (PyPI, npm, GitHub, etc.) for LLM-powered coding agents, mitigating hallucination and outdated information.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️GitHub API rate limits are severely restricted (60 requests/hour) without a GITHUB_TOKEN or GitHub CLI ('gh') authentication configured via GITHUB_AUTH.
  • ⚠️Processing unverified external content carries inherent security risks, mitigated by 'RTFD_FETCH=false' or 'VERIFIED_BY_PYPI=true' but requiring explicit user configuration.
Review RequiredView Analysis
The server is designed to fetch and process potentially unverified content from external sources (PyPI, npm, GitHub, web scraping), which inherently introduces risks of indirect prompt injection and malicious code execution, as explicitly warned by the project itself. While it uses httpx and subprocess.run (for 'gh' CLI) in a controlled manner, the core function involves ingesting untrusted data. Mitigations like 'RTFD_FETCH=false' (disables all content fetching) and 'VERIFIED_BY_PYPI=true' (restricts Python packages to verified sources) are available but require explicit configuration by the user.
Updated: 2026-01-16GitHub
42
21
Low Cost
mafzaal icon

d365fo-client

by mafzaal

Sec7

This server provides a Model Context Protocol (MCP) interface for a D365 F&O client, enabling AI assistants and other MCP-compatible tools to interact with Microsoft Dynamics 365 Finance & Operations environments for metadata retrieval, CRUD operations, action execution, and data querying.

Setup Requirements

  • ⚠️Requires D365 F&O environment URL and configured Azure AD authentication (client_id/secret/tenant_id or DefaultAzureCredential).
  • ⚠️Python 3.8+ is required.
Verified SafeView Analysis
The MCP server incorporates authentication mechanisms (API Key or Azure AD) which are crucial for its security. The core client handles D365 F&O authentication securely (Azure Default Credentials or client_id/secret/tenant_id via environment or Key Vault). However, the `d365fo_execute_sql` tool within the MCP server exposes direct SQL querying capabilities to the underlying SQLite metadata cache. While there's a `_validate_query_safety` mechanism mentioned, exposing raw SQL via an API, even to a local cache, is inherently a high-risk surface area if not perfectly implemented and contained. Deploying the MCP server over HTTP/SSE with inadequate network access controls or weak authentication could lead to unauthorized data access or manipulation of the metadata cache. Ensure strong authentication is enabled and only trusted entities can access the MCP server's endpoints.
Updated: 2026-01-19GitHub
42
21
High Cost
xorrkaz icon

cml-mcp

by xorrkaz

Sec6

Enables AI assistants to interact with and automate Cisco Modeling Labs (CML) network lab operations using natural language.

Setup Requirements

  • ⚠️Requires Python 3.12 or later.
  • ⚠️CLI command execution on CML nodes requires PyATS to be installed (use `cml-mcp[pyats]` extra) and additional device credentials (PYATS_USERNAME, PYATS_PASSWORD, PYATS_AUTH_PASS).
  • ⚠️Windows users need Windows Subsystem for Linux (WSL) or Docker for PyATS-based CLI command support.
  • ⚠️When using HTTP transport mode, MCP clients require Node.js and the 'mcp-remote' bridge to connect, and must send CML credentials via HTTP headers (Base64 encoded).
Verified SafeView Analysis
The `send_cli_command` tool allows direct execution of CLI commands on running CML nodes. This poses a significant risk for command injection on target network devices if the AI is unconstrained or if the commands are not properly sanitized. The server's HTTP transport mode supports client-provided CML server URLs, but attempts to validate them against `CML_ALLOWED_URLS` or `CML_URL_PATTERN` to prevent SSRF. Credentials for CML and PyATS are handled via environment variables (for stdio mode) or HTTP headers (for HTTP mode), and the ACL feature in HTTP mode allows for granular control over tool access.
Updated: 2026-01-16GitHub
42
29
Medium Cost
tandemai-inc icon

rdkit-mcp-server

by tandemai-inc

Sec1

Enables language models to interact with RDKit cheminformatics functions through a Model Context Protocol server.

Setup Requirements

  • ⚠️Requires an OpenAI API Key for the CLI client and evaluations (paid service).
  • ⚠️RDKit installation via `pip` can sometimes be challenging due to dependencies; `conda` might be a more stable alternative.
  • ⚠️Requires the local RDKit MCP server to be running before the client can connect.
Review RequiredView Analysis
CRITICAL: The `decode_mol` function uses `pickle.loads` on client-provided data (`PickledMol`), which can lead to arbitrary code execution if a malicious pickle string is supplied. CRITICAL: Several tools (`mol_to_sdf`, `mol_to_pdb`, `MolToFile`, `MolsMatrixToGridImage`, `MolToImage`) accept an arbitrary `file_dir` path, allowing an attacker to write files anywhere on the server's filesystem. The server also disables DNS rebinding protection.
Updated: 2026-01-16GitHub
42
22
High Cost
CognitionAI icon

metabase-mcp-server

by CognitionAI

Sec8

Enables AI assistants to interact with and manage Metabase's analytics platform by providing comprehensive API access through a Model Context Protocol server.

Setup Requirements

  • ⚠️Requires a running Metabase instance.
  • ⚠️Requires Node.js 20.19.0+ and npm 8.0.0+ for optimal compatibility.
  • ⚠️Metabase authentication details (either `METABASE_API_KEY` or `METABASE_USERNAME` and `METABASE_PASSWORD`) must be explicitly provided via environment variables.
Verified SafeView Analysis
The primary execution path (via `npx` or `docker`) correctly enforces the use of environment variables for Metabase credentials, preventing accidental exposure. However, an alternative/example `sse-server.js` file, which is not part of the standard deployment, contains hardcoded default Metabase admin credentials (`admin@metabase.local`, `MetabaseAdmin2024!`) and an `Access-Control-Allow-Origin: '*'` header. Its direct execution without overriding these defaults would pose a significant security risk. The extensive API access provided (including write operations) requires careful management of permissions on the connected Metabase instance.
Updated: 2026-01-15GitHub
42
5
Low Cost
danielealbano icon
Sec9

This MCP server enables LLM agents to manage Azure DevOps Boards by creating, updating, querying, and linking work items, as well as listing teams, boards, and iteration paths.

Setup Requirements

  • ⚠️Requires Azure CLI (`az login`) for authentication prior to running the server.
  • ⚠️Running in HTTP server mode (`--server`) binds to `0.0.0.0`, exposing it to the network. Ensure appropriate firewall rules are in place.
  • ⚠️The WIQL query tool (`azdo_query_work_items_by_wiql`) allows direct execution of Work Item Query Language, which an LLM should use carefully to avoid unintended results.
Verified SafeView Analysis
The server leverages Azure CLI's `az login` for authentication, securely offloading credential management. The HTTP server mode binds to `0.0.0.0`, which means it listens on all network interfaces; users should ensure proper network security (e.g., firewall) if enabling this mode. The `azdo_query_work_items_by_wiql` tool executes raw WIQL queries, which is powerful but requires careful use by the calling agent to prevent unintended data exposure or manipulation. Other query tools construct WIQL safely.
Updated: 2025-12-07GitHub
42
31
Medium Cost
nim444 icon
Sec8

Provides an MCP server for AI agents to automate Android devices using uiautomator2.

Setup Requirements

  • ⚠️Requires Python 3.13 or higher.
  • ⚠️Requires Android Debug Bridge (adb) installed and in system PATH.
  • ⚠️Requires a connected Android device with USB debugging enabled.
  • ⚠️Requires manual modification of `server.py` to switch between HTTP and stdio transport modes for different use cases (e.g., AI agent vs. API).
Verified SafeView Analysis
The project uses `uiautomator2` which grants powerful control over a connected Android device. It uses `subprocess.run` to check ADB status but does so safely by resolving `adb` path and using fixed commands, avoiding injection risks. No hardcoded secrets or `eval` usage were found. The server can be configured to run on `0.0.0.0` (all network interfaces), which means it's accessible on the local network. Users should ensure their network environment is secure to prevent unauthorized access to the server, as control of the server implies control of the connected Android device.
Updated: 2025-11-21GitHub
42
3
Low Cost
mmornati icon

nexus-dev

by mmornati

Sec9

Provides a local RAG (Retrieval-Augmented Generation) system and persistent memory for AI coding agents to enhance their contextual understanding, cross-project learning, and tool-use capabilities.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid) or a locally running Ollama server with a pulled embedding model.
  • ⚠️Python 3.13+ is required for installation and execution.
  • ⚠️Manual configuration of the IDE's MCP client is necessary, often including setting the NEXUS_PROJECT_ROOT environment variable or ensuring correct working directory for the server.
  • ⚠️Specific `pipx` or `uv tool` installation method is recommended for isolated global installation.
Verified SafeView Analysis
Follows good practices like environment variables for secrets (e.g., OPENAI_API_KEY, GITHUB_PERSONAL_ACCESS_TOKEN), local-first data storage (LanceDB), and type-safe parsing with Pydantic and tree-sitter. Gateway mode proxies user-configured external MCP servers, so users are responsible for the security of those backend services. SSE transport exposes a network port, requiring proper network configuration (e.g., firewalls). CLI pre-commit hook installer uses a static script, mitigating injection risks. No direct 'eval' or execution of untrusted code found.
Updated: 2026-01-18GitHub
42
28
Low Cost
ukkit icon

memcord

by ukkit

Sec9

A privacy-first, self-hosted MCP server for organizing chat history, summarizing messages, and searching past conversations using AI, particularly for Claude interactions.

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️Utilizes 'uv' for virtual environment and package management, which the install scripts handle.
  • ⚠️Requires manual configuration (copying JSON files) to integrate with clients like Claude Desktop/Code or VSCode, in specific application data directories.
  • ⚠️Full functionality, especially 'infinite memory' for Claude conversations, implicitly requires active Claude client usage.
Verified SafeView Analysis
The server demonstrates a strong focus on security, implementing extensive input validation for slot names, group paths, and content to prevent common vulnerabilities like XSS, SQL injection, and path traversal. It includes checks for dangerous characters, reserved names, and system directory access. Network operations (e.g., URL imports) use timeouts and user-agent headers, and content extraction sanitizes scripts. Rate limiting and operation timeout mechanisms are also in place, contributing to overall system resilience against abuse.
Updated: 2026-01-19GitHub
42
21
Medium Cost
szaffarano icon

org-mcp-server

by szaffarano

Sec8

A Model Context Protocol (MCP) server for org-mode knowledge management, providing search, content access, and note linking capabilities for AI agents.

Setup Requirements

  • ⚠️Requires a Rust toolchain to build from source, or Nix for Nix Flakes installation.
  • ⚠️A TOML configuration file (`~/.config/org-mcp/config.toml`) is used, and users must configure `org_directory` to point to their org-mode file root.
  • ⚠️The configured `org_directory` must exist and be accessible by the running process for any file operations to succeed.
Verified SafeView Analysis
The project is written in Rust, which offers strong memory safety. It interacts with the file system for org-mode files, performing checks for directory existence and file validity (`OrgConfig::validate`, `OrgMode::read_file`). Path expansion uses `shellexpand::tilde`. The primary server transport shown is `stdio()`, limiting direct network exposure to agents running locally. However, if the `org_directory` configuration is set too broadly by the user, or if `--root-directory` is used carelessly, it could potentially expose more of the file system than intended, albeit limited to read operations. The `rmcp` dependency supports HTTP transport, but this is not the default configuration shown in `main.rs`.
Updated: 2026-01-15GitHub
42
38
Low Cost
Dark-Kernel icon

tuisic

by Dark-Kernel

Sec6

A terminal-based online music streaming application that provides an MCP (Model Context Protocol) server for AI integration, allowing AI clients to control music playback and search.

Setup Requirements

  • ⚠️Requires 'yt-dlp' to be installed for track download functionality (though not directly exposed by MCP tools).
  • ⚠️Optional MPRIS support requires 'sdbus-cpp', which may need manual building and installation.
  • ⚠️Requires a TUI-compatible terminal for the main application mode, but the MCP server runs headless.
Verified SafeView Analysis
The underlying MusicPlayer module, utilized by the MCP server, contains 'system()' calls for features like downloading tracks (via 'yt-dlp') and clipboard operations, which are vulnerable to command injection if input is not robustly sanitized. While the current MCP server tools do not directly expose these specific vulnerable paths to AI client commands, the presence of such methods in the codebase warrants caution. Additionally, 'execl()' is used for daemon mode, which could be exploited if arguments are not sanitized. There's a minor risk from 'notify-send' calls if messages contain shell metacharacters.
Updated: 2025-12-05GitHub
42
11
High Cost
MariyaSha icon

Docker_MCPGUIApp

by MariyaSha

Sec7

This repository provides a starter template for building full-stack AI assistants that integrate with real-world tools using Docker MCP Gateway and a Large Language Model.

Setup Requirements

  • ⚠️Requires Docker Desktop with MCP Toolkit & Catalog enabled.
  • ⚠️Requires Python 3.12+.
  • ⚠️Requires installing a lightweight model (e.g., Gemma3) in Docker Desktop.
  • ⚠️Stripe account is optional for certain remote MCP functionalities.
Verified SafeView Analysis
The `mcp_demo_app` setup instructs users to directly embed a Stripe secret key into `catalog.yaml`, which poses a risk if committed to a public repository. The `complete_app` mitigates this by using environment variables (`.env`) for secrets, which is a better practice. No 'eval' or obvious malicious patterns were found. Network communication to external services is handled via Docker MCP Gateway.
Updated: 2026-01-16GitHub
PreviousPage 83 of 760Next