Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

42
12
Medium Cost
opentargets icon
Sec7

This server acts as a Model Context Protocol (MCP) endpoint, enabling AI assistants to interact with the Open Targets Platform GraphQL API for drug discovery and target-disease association data.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Requires the `uv` package manager for local installation and execution (e.g., `uv sync`).
  • ⚠️Relies on an external Open Targets Platform API endpoint (https://api.platform.opentargets.org/api/v4/graphql by default).
Verified SafeView Analysis
The server uses `jq.compile()` to process JSON responses based on user-provided `jq_filter` strings. While `jq` is a domain-specific language for JSON transformation and not arbitrary code execution, a malicious or overly complex filter could potentially lead to resource exhaustion (Denial of Service) if not adequately rate-limited or validated. However, the project includes adaptive rate limiting middleware and error detail masking, which helps mitigate some risks. No obvious hardcoded secrets were found.
Updated: 2026-01-11GitHub
42
31
Low Cost
respawn-app icon

tool-filter-mcp

by respawn-app

Sec8

A proxy server for Model Context Protocol (MCP) that filters available tools from upstream MCP servers based on a regex-based deny list to optimize context for AI agents.

Setup Requirements

  • ⚠️Requires Node.js >= 20.0.0.
  • ⚠️Requires an existing upstream Model Context Protocol (MCP) server (HTTP/SSE or stdio) to proxy.
  • ⚠️Effective tool filtering requires proficiency in regular expressions to define `deny` patterns correctly.
Verified SafeView Analysis
The project uses `safe-regex2` to validate deny patterns, mitigating ReDoS vulnerabilities. It handles sensitive information by supporting environment variable expansion for authentication headers, preventing hardcoded secrets. In stdio mode, it spawns child processes for upstream servers, which is an inherent risk if the executed command is not carefully controlled by the deployer, though the tool itself does not introduce arbitrary user command execution.
Updated: 2026-01-06GitHub
42
28
Low Cost
opena2a-org icon
Sec9

A production-ready identity verification and security platform for AI agents and Model Context Protocol (MCP) servers, providing cryptographic identity, access control, and real-time threat detection.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose for the recommended full local setup.
  • ⚠️Production deployment critically requires overriding numerous default secrets (e.g., database, Redis, MinIO, Grafana passwords, JWT_SECRET, KEYVAULT_MASTER_KEY).
  • ⚠️Specific Go (1.23+) and Node.js (18+) versions are required for direct development setup (outside Docker).
Verified SafeView Analysis
The system is designed with strong security principles, including cryptographic identity (Ed25519, ML-DSA/PQC support), robust authentication/authorization, and rate limiting. It uses bcrypt for password hashing and implements measures to prevent information leakage in error responses. Critical components like JWT_SECRET and KEYVAULT_MASTER_KEY, along with other database/service passwords, have default values in development environments but are explicitly flagged for overriding in production. CORS middleware correctly rejects wildcards. The primary deduction is for the sheer number of secrets that require manual overriding for a secure production deployment, even if well-documented.
Updated: 2026-01-07GitHub
42
39
Low Cost
koki-develop icon

mmcp

by koki-develop

Sec9

Manages Model Context Protocol (MCP) server definitions in a central configuration and applies them to various AI agent tools.

Setup Requirements

  • ⚠️Requires npm or bun for installation.
  • ⚠️Relies on specific, predefined file paths for each supported agent's configuration, which might not be compatible with highly customized system setups.
  • ⚠️Users must understand that 'mmcp' configures agents to run commands; 'mmcp' itself does not execute the MCP server commands specified.
Verified SafeView Analysis
The tool primarily acts as a configuration manager, writing user-defined MCP server commands and arguments to local configuration files of various AI agents (e.g., Claude, Cursor, GitHub Copilot CLI). It does not directly execute these user-provided commands itself. The security risk lies with the user providing malicious commands which are then executed by the target AI agent, not by 'mmcp'. File system interactions are limited to reading/writing known configuration file paths in the user's home directory. No 'eval' or direct arbitrary command execution by 'mmcp' itself was found. Input validation is present for environment variables.
Updated: 2026-01-05GitHub
42
34
High Cost
JustasMonkev icon
Sec3

Automated web accessibility scanning and browser automation using Playwright and Axe-core, enabling LLMs to perform WCAG compliance checks and generate reports.

Setup Requirements

  • ⚠️Requires Node.js >=18.0.0.
  • ⚠️Requires Playwright-supported browsers to be installed (Chromium, Firefox, WebKit).
  • ⚠️Requires 'Playwright MCP Bridge' VS Code extension if `--extension` or `--vscode` flags are used.
  • ⚠️Requires correct JSON configuration for the MCP client (e.g., Claude Desktop).
Review RequiredView Analysis
The `browser_evaluate` tool allows arbitrary JavaScript execution within the browser's context. While Playwright provides isolation from the host machine, malicious scripts could still perform actions like data exfiltration from the loaded web page or contribute to browser-level exploits if not carefully sandboxed and monitored by the orchestrating LLM. More critically, the `mdb_push_tools` tool, used in advanced configurations, allows the dynamic loading of additional MCP servers from a specified URL (`mcpUrl`). This presents a significant supply chain risk; if an attacker could coerce an LLM to call `mdb_push_tools` with a malicious or compromised `mcpUrl`, it could lead to the execution of arbitrary code within the Node.js process running this server, potentially compromising the host system. This is a critical vulnerability if the LLM's access to this tool is not severely restricted and monitored. Other network connection capabilities like `remoteEndpoint` and `cdpEndpoint` could also introduce risks if connected to untrusted sources, though these are configuration-dependent.
Updated: 2026-01-14GitHub
42
27
Medium Cost
Sec7

An MCP server to interact with an InfluxDB instance, providing access to resources, tools for data management, and prompt templates for common queries and data formats.

Setup Requirements

  • ⚠️Requires a running InfluxDB instance to connect to.
  • ⚠️The `INFLUXDB_TOKEN` environment variable is mandatory for authentication with InfluxDB.
  • ⚠️If InfluxDB is not at `http://localhost:8086`, the `INFLUXDB_URL` environment variable must be set.
Verified SafeView Analysis
The server requires an `INFLUXDB_TOKEN` which must be securely managed as an environment variable. If run with the `--http` option, it exposes an HTTP server on a specified port (default 3000), which could pose a network risk if exposed publicly without proper security measures. The server makes outbound connections to the InfluxDB instance, whose security depends on the InfluxDB setup itself.
Updated: 2025-11-17GitHub
42
48
Medium Cost
1xn-labs icon

1xn-vmcp

by 1xn-labs

Sec4

An open-source platform for composing, customizing, and extending multiple Model Context Protocol (MCP) servers into a single logical, virtual MCP server, enabling fine-grained context engineering for AI workflows and agents.

Setup Requirements

  • ⚠️Requires Python 3.10 to 3.13.
  • ⚠️Requires `uv` (recommended) or `pip` for package installation.
  • ⚠️For full functionality (e.g., running integration tests or interacting with external MCPs), external MCP servers are required.
Review RequiredView Analysis
The server includes functionality for 'custom Python tools' which executes user-provided Python code using the `exec` function. While there are explicit efforts to sandbox this execution (`secure_exec` function attempts to restrict imports and system calls), arbitrary code execution inherently carries significant security risks. A sophisticated attacker might find ways to bypass these sandbox limitations, potentially leading to remote code execution. This feature, while intended for customization, requires careful consideration regarding trust in the users providing the Python code and the environment where the server is deployed. The system also acts as a proxy for external MCP servers, necessitating trust in those upstream services.
Updated: 2025-12-24GitHub
42
11
High Cost
aserper icon

RTFD

by aserper

Sec7

Provides AI coding agents with real-time access to up-to-date library and service documentation from various package ecosystems and cloud platforms to prevent LLM hallucinations and use of outdated APIs.

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️GitHub API rate limits are severely restricted (60 requests/hour) without a `GITHUB_TOKEN` environment variable. A token increases the limit to 5000 requests/hour.
  • ⚠️Inherent risk of indirect prompt injection and potential malicious code execution when processing external documentation from untrusted sources in autonomous agent modes. Mitigations (`RTFD_FETCH=false`, `VERIFIED_BY_PYPI=true`) are available but require explicit configuration.
Verified SafeView Analysis
This MCP server's core function is to fetch documentation and code from external, potentially untrusted sources (GitHub, PyPI, npm, etc.) for processing by an AI agent. This introduces significant risks, including indirect prompt injection and the potential for malicious code execution if the agent operates autonomously or processes unverified content without human oversight. The server itself avoids obvious direct vulnerabilities like arbitrary `eval()` on untrusted input or hardcoded API keys. It uses `subprocess.run` only for `gh auth token` which is a specific, generally safe operation. However, the inherent risk of its functionality means agents can be exposed to hostile content. Mitigation strategies like `RTFD_FETCH=false` (disables content fetching) and `VERIFIED_BY_PYPI=true` (restricts PyPI sources to verified ones) are provided but require explicit configuration.
Updated: 2026-01-16GitHub
42
32
Low Cost
Robotti-io icon
Sec6

This MCP server provides a toolkit to guide GitHub Copilot toward secure coding practices by offering customizable security-focused prompts and agents for integration into development workflows.

Setup Requirements

  • ⚠️Requires Node.js >=22.0.0.
  • ⚠️Requires manual `.env` configuration; critical to change default SSL passphrase and AMQP credentials for production.
  • ⚠️Requires VSCode configuration for MCP server URL to integrate with Copilot.
Verified SafeView Analysis
The server demonstrates a strong intent for security by focusing on secure coding practices and using `zod` for input schema validation (e.g., prompt names). However, there are critical security concerns regarding default configurations and logging practices: 1) The `reqInfo` middleware captures the entire `req.body` for all requests to `/mcp` POST endpoint, which is then logged by default via `logger.info`. If sensitive data is included in JSON-RPC requests, this could lead to information leakage. 2) The `.env.example` file specifies a default `server.ssl.pfx.passphrase` of 'PFX_PASSPHRASE' and default AMQP credentials ('guest'/'guest'). Using these defaults in a production environment would be a severe security vulnerability. While the documentation notes these need customization, they represent insecure-by-default settings.
Updated: 2026-01-14GitHub
42
14
Low Cost
vercel-labs icon
Sec8

This server acts as a Model Context Protocol (MCP) tool to assist developers in migrating projects from AI SDK 4.x to AI SDK 5.0, primarily designed for use with Cursor or other compatible MCP clients.

Setup Requirements

  • ⚠️Requires an MCP-compatible client like Cursor to utilize its tools effectively.
  • ⚠️Local development requires `pnpm` and a Node.js runtime environment.
Verified SafeView Analysis
The server's primary function involves generating markdown checklists and searching local documentation. It does not use `eval` or process untrusted code on the server side. The `create-checklist` tool instructs the *client* to run a `curl` command to download content, meaning the server itself is not executing arbitrary commands. The search tools construct regular expressions from user queries, which can introduce a minor ReDoS (Regular Expression Denial of Service) risk if not carefully handled, but the implementation appears to mitigate this by splitting queries into individual words before regex creation, reducing the likelihood of complex, exploitable patterns. No hardcoded secrets were found; environment variables are used for configuration.
Updated: 2025-12-12GitHub
42
14
Medium Cost
greenfieldlabs-inc icon

savecontext

by greenfieldlabs-inc

Sec8

Provides persistent memory, issue tracking, and project planning for AI coding assistants via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Bun runtime.
  • ⚠️Semantic search feature requires additional setup (Ollama with 'nomic-embed-text' model or a HuggingFace API token).
  • ⚠️Claude Code statusline integration requires Python 3.x to be installed and available.
Verified SafeView Analysis
The server operates locally using SQLite for data storage, enhancing privacy. It communicates via stdio (standard input/output), which is generally secure for inter-process communication. Optional features for semantic search involve network calls to Ollama (local server) or HuggingFace (cloud API), configurable via environment variables. CLI setup scripts modify local user configuration files and execute system commands (e.g., `git`, `python`, `bunx`). These operations are standard but require user trust, as they perform system-level changes. No hardcoded secrets or obvious malicious patterns were found. The local web UI (`dashboard`) is intended for single-user local access, implying local network security should be managed by the user if it's exposed.
Updated: 2026-01-12GitHub
42
19
High Cost
marcindulak icon

stt-mcp-server-linux

by marcindulak

Sec6

Local speech-to-text server for Linux, designed to integrate with Claude Code via the MCP protocol or run in standalone mode to inject transcribed text into a Tmux session.

Setup Requirements

  • ⚠️Requires Docker Engine or Docker Desktop for containerized operation.
  • ⚠️Requires Tmux for text injection into terminal sessions.
  • ⚠️Linux-only due to direct dependencies on `/dev/input` and `/dev/snd` device files.
  • ⚠️An initial download of the Whisper 'tiny' model (approx. 75 MB) to `~/.stt-mcp-server-linux/whisper` is required.
Review RequiredView Analysis
The `scripts/restart_mcp_server.sh` uses `eval` to execute the constructed `docker run` command, which is a shell anti-pattern that can lead to command injection vulnerabilities if any of the variables composing `$DOCKER_CMD` were ever sourced from untrusted input. The server requires the Docker container to have direct access to sensitive host devices (`/dev/input` for keyboard monitoring and `/dev/snd` for audio recording) and adds the container user to the `input` group. This grants the container high privileges to interact with the host's hardware, increasing the potential attack surface if the container were compromised. While `TmuxOutputHandler` implements robust input sanitization to prevent command injection when injecting transcribed text into Tmux, the underlying system setup involves elevated privileges and a potentially dangerous shell construct.
Updated: 2026-01-10GitHub
PreviousPage 84 of 760Next