Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

42
42
Medium Cost
buildkite icon
Sec9

An MCP server that exposes Buildkite CI/CD data (pipelines, builds, jobs, tests) to AI tooling and editors for enhanced context and automation.

Setup Requirements

  • ⚠️Buildkite API Token: Requires a `BUILDKITE_API_TOKEN` or `BUILDKITE_API_TOKEN_FROM_1PASSWORD` environment variable for authentication.
  • ⚠️Docker (recommended): The server is designed for containerized deployment, implying Docker or a compatible runtime is beneficial.
  • ⚠️1Password CLI (conditional): If `BUILDKITE_API_TOKEN_FROM_1PASSWORD` is used, the `op` (1Password CLI) binary must be installed and configured.
Verified SafeView Analysis
The server relies on a Buildkite API token for authentication, requiring careful management of this secret. The `op` (1Password CLI) execution for fetching secrets is controlled and not arbitrary code execution. The README actively recommends running the server in a container (from a Chainguard static image, as an unprivileged user), which are strong security practices for deployment. No direct `eval` or similar dangerous patterns for arbitrary code execution were found.
Updated: 2026-01-09GitHub
41
5
Low Cost
tairqaldy icon

codearchitect-mcp

by tairqaldy

Sec9

Automatically saves and retrieves AI conversation sessions from IDEs (Cursor, VS Code) to provide context continuity and build a searchable knowledge base for developers.

Setup Requirements

  • ⚠️Requires Node.js v18+.
  • ⚠️Requires manual export of chat from IDE to `~/.codearchitect/exports/` before `store_session` can auto-detect it.
  • ⚠️Requires `npx` to be executable and configured correctly within the IDE's MCP server settings.
Verified SafeView Analysis
The server uses `validatePath` to prevent directory traversal attacks by ensuring all file operations occur strictly within designated, fixed base directories (`~/.codearchitect/sessions/` and `~/.codearchitect/exports/`) or explicitly provided `projectDir` paths, which are also validated. No `eval` or obvious obfuscation was found. Communication is via the Model Context Protocol (likely IPC/stdio), reducing direct network attack surface. File system access is carefully managed within the user's home directory.
Updated: 2025-12-01GitHub
41
14
Low Cost
stacklok icon
Sec8

The central metadata hub for enterprise Model Context Protocol (MCP) server governance and discovery, implementing the official MCP Registry API specification.

Setup Requirements

  • ⚠️Requires PostgreSQL database setup, including specific user roles (`toolhive_registry_server`) which can be configured manually or via `prime-db` command.
  • ⚠️Database passwords are managed securely via PostgreSQL's `.pgpass` file, which requires specific file format and permissions setup.
  • ⚠️Authentication is OAuth 2.0/OIDC by default; requires an identity provider (e.g., Okta, Auth0, Kubernetes service accounts) unless explicitly configured for `anonymous` mode.
  • ⚠️For Docker Compose, `task docker-up` is recommended over `docker-compose up` directly to ensure a fresh state by rebuilding images and clearing volumes.
Verified SafeView Analysis
The project emphasizes security with clear guidelines (`SECURITY.md`), OAuth 2.0/OIDC authentication enabled by default, and recommendations for production (`sslMode: verify-full`, `pgpass`). However, default hardcoded passwords (`app_password`, `migration_password`) are present in `docker/postgres-init.sh` for initialization, which, while common in examples, is a minor concern if not replaced in production. Some example `permissions` configurations for MCP servers in the registry data allow `insecure_allow_all`, highlighting a potential for misconfiguration within the ecosystem the server manages, rather than the server itself.
Updated: 2026-01-19GitHub
41
22
Low Cost
dswbx icon

jsonv-ts

by dswbx

Sec9

Provides a type-safe JSON Schema builder and validator in TypeScript, with integrated Hono middleware for OpenAPI generation and request validation, and an MCP (Model Context Protocol) server/client for agent-based interactions.

Setup Requirements

  • ⚠️Requires Bun runtime for direct execution of provided examples and test suite.
  • ⚠️`hono` is used for HTTP transport and OpenAPI integration, and must be installed if these features are utilized.
  • ⚠️MCP Client's `fetch` method may require polyfilling or specific Node.js configuration if not running in Bun or a browser environment.
Verified SafeView Analysis
The library primarily enhances security through robust JSON schema validation and type-safety. No direct use of `eval` or obvious code injection vectors were found within the MCP-related source code. The `RegExp` constructor is used for pattern validation, which is a potential ReDoS vector if patterns are derived from unsanitized user input, but in typical usage, patterns are developer-defined in the schema. Logging mechanisms could potentially expose sensitive data if not configured appropriately at the application layer.
Updated: 2025-12-02GitHub
41
24
Medium Cost
portone-io icon

mcp-server

by portone-io

Sec8

Provides PortOne documentation and API access to Large Language Models (LLMs) to assist users with payment integration and queries.

Setup Requirements

  • ⚠️Requires Node.js 22.6.0 or higher.
  • ⚠️When using Claude Desktop with a DXT file, a known issue requires disabling 'Use built-in Node.js for MCP' in settings and restarting.
  • ⚠️Console features (e.g., channel listing, payment lookup) require browser-based login to the PortOne console via an OAuth flow initiated locally.
Verified SafeView Analysis
The server includes an OAuth flow for console features that opens a browser for user login and sets up a local HTTP server to receive the callback. This is a standard pattern, and the code uses `crypto.getRandomValues` for the code verifier, indicating good practices. API secrets are expected to be managed via environment variables. The README explicitly warns that third-party AI services might use API responses for model training, and the server attempts to identify and remove personal information, which is a positive security-enhancing measure.
Updated: 2026-01-15GitHub
41
26
High Cost
vgiri2015 icon
Sec2

Optimizes Apache Spark code for performance using an AI model (Claude) via a client-server architecture, including performance analysis and comparison.

Setup Requirements

  • ⚠️Requires a paid Anthropic API Key (`ANTHROPIC_API_KEY`).
  • ⚠️Requires a Python environment with PySpark, which typically means Java needs to be installed for Spark to run.
Review RequiredView Analysis
CRITICAL: The `run_optimized.py` script uses `exec(open(code_path).read())` to execute both original and AI-optimized Spark code files. This allows arbitrary code execution if `spark_code_input.py` or the AI-generated `optimized_spark_code.py` contain malicious code. This makes the system extremely unsafe to run with untrusted inputs or AI models without robust sandboxing. API keys are handled via environment variables, which is good practice.
Updated: 2025-12-05GitHub
41
27
Medium Cost
tan-yong-sheng icon

triliumnext-mcp

by tan-yong-sheng

Sec8

Provides AI assistants with tools to interact with TriliumNext Notes instances, enabling automated knowledge management and content manipulation.

Setup Requirements

  • ⚠️Requires a running TriliumNext Notes instance accessible via API.
  • ⚠️Requires a valid `TRILIUM_API_TOKEN` obtained from Trilium Notes settings.
  • ⚠️For some MCP clients (e.g., Claude Code), `MCP_TIMEOUT` and `MCP_TOOL_TIMEOUT` may need to be increased (e.g., to 60000ms and 300000ms respectively) to prevent timeouts.
  • ⚠️File and image note creation is currently temporarily disabled due to API implementation challenges with Trilium's ETAPI.
Verified SafeView Analysis
The server employs Zod for robust runtime input validation across all tool parameters, which is a strong security measure against common injection attacks. Permission checks are granular for READ/WRITE operations. Update operations require an `expectedHash` to prevent concurrent modification conflicts, enhancing data integrity. Past challenges with file/image uploads led to their temporary disablement, which mitigates potential path traversal or arbitrary file access risks associated with `fileUri` handling. Re-enabling file uploads would require extremely rigorous path validation. The primary remaining risk is the `TRILIUM_API_TOKEN`, which grants full access to the TriliumNext instance; it must be securely managed in the environment.
Updated: 2026-01-19GitHub
41
40
Medium Cost
zaizaizhao icon
Sec7

Generates various chart types using server-side rendering and stores the resulting images in MinIO object storage, providing accessible URLs.

Setup Requirements

  • ⚠️Requires Node.js (v18+) and npm/yarn.
  • ⚠️Requires Docker for easy deployment and MinIO integration.
  • ⚠️Requires system-level dependencies (e.g., Cairo, Pango, libpng) for Canvas image rendering in `@antv/gpt-vis-ssr`, which can be a point of friction during local setup.
  • ⚠️Critical environment variables (`PUBLIC_API_URL`, `MINIO_EXTERNAL_ENDPOINT`, MinIO credentials) must be correctly configured for production deployments to ensure proper external access and security.
Verified SafeView Analysis
The default MinIO credentials (`minioadmin`/`minioadmin`) are hardcoded in `docker-compose.yml` and used by default in `deploy-production.sh`. The README explicitly warns that these *must be changed* for production, but the script still uses them. The MinIO service also sets a public read policy for the 'charts' bucket, meaning generated images are publicly accessible without authentication. CORS is enabled globally, which could be a risk if not restricted to specific origins in production.
Updated: 2025-11-19GitHub
41
21
Medium Cost
intruder-io icon

intruder-mcp

by intruder-io

Sec9

Enables MCP clients to manage and query vulnerability scanning and security posture information from Intruder.io.

Setup Requirements

  • ⚠️Requires an Intruder API Key (potentially paid service).
  • ⚠️Requires a Python environment with 'uv' for local execution.
  • ⚠️Requires Docker for containerized execution.
Verified SafeView Analysis
The server correctly retrieves the Intruder API key from environment variables, preventing hardcoding. All external communication is directed to the official Intruder API endpoint. Pydantic models are used for data validation, enhancing robustness. No dangerous functions like 'eval' or arbitrary shell command execution from user input were detected in the provided source code.
Updated: 2025-11-26GitHub
41
16
High Cost
divar-ir icon

sourcegraph-mcp

by divar-ir

Sec8

Provides AI-enhanced code search and content fetching capabilities from Sourcegraph instances to LLM agents.

Setup Requirements

  • ⚠️Requires access to a Sourcegraph instance (sourcegraph.com or self-hosted).
  • ⚠️Requires Python 3.13+.
  • ⚠️The SRC_ENDPOINT environment variable must be set.
  • ⚠️SRC_ACCESS_TOKEN is required for private Sourcegraph instances.
Verified SafeView Analysis
The server relies on environment variables for sensitive data (SRC_ACCESS_TOKEN) and endpoint configuration, avoiding hardcoded secrets. It does not use 'eval' or other inherently dangerous functions. Network requests are made to a user-configured Sourcegraph endpoint. The primary security consideration is trusting the configured Sourcegraph instance and the integrity of the SRC_ENDPOINT variable to prevent malicious redirection.
Updated: 2025-11-25GitHub
41
17
Low Cost
enuno icon
Sec9

A Model Context Protocol (MCP) server that exposes the UniFi Network Controller API, enabling AI agents and applications to interact with UniFi network infrastructure in a standardized way.

Setup Requirements

  • ⚠️Requires UniFi API Key for authentication.
  • ⚠️Docker and Docker Compose are highly recommended for deployment.
  • ⚠️Python 3.10+ is required.
  • ⚠️Full functionality (e.g., Zone-Based Firewall features) requires 'UNIFI_API_TYPE=local' which means local network access to your UniFi gateway.
Verified SafeView Analysis
The server implements strong security practices including reading API keys from environment variables, HMAC signature verification for webhooks, mandatory confirmation flags for all mutating operations, dry-run mode for previewing changes, and comprehensive audit logging. It uses httpx for API calls with configurable SSL verification. A 'debug_api_request' tool is present but is guarded by a 'DEBUG' environment variable, mitigating accidental exposure in production. There is no evidence of direct 'eval' or similar dangerous patterns used without clear context. The caching layer (Redis) is optional and handles its absence gracefully.
Updated: 2026-01-08GitHub
41
14
Low Cost
prefrontal-systems icon

cortexgraph

by prefrontal-systems

Sec9

A Model Context Protocol (MCP) server providing AI assistants with ephemeral, local short-term memory, temporal decay, reinforcement, and automatic promotion to long-term storage.

Setup Requirements

  • ⚠️Requires `sentence-transformers` and spaCy models (`en_core_web_sm`) to be installed/downloaded for full functionality (embeddings, entity extraction), otherwise these features are disabled.
  • ⚠️The `bd` CLI tool (for 'beads' issue tracking) is a dependency if agent functionalities are enabled and utilized for coordination.
  • ⚠️The default JSONL storage loads all memories into RAM, making it unsuitable for very large datasets; SQLite storage is available as a more scalable alternative.
Verified SafeView Analysis
The project demonstrates a very strong focus on security, with dedicated modules and features for input validation, path traversal prevention, file/directory permission hardening (0o600/0o700), and sensitive data detection. The `detect_secrets` module actively scans content and `.env` files for common secret patterns (API keys, tokens, passwords) and warns the user. Rate limiting is implemented for API endpoints. `subprocess.run` is used for external CLI (`bd` for Beads integration) but appears to be handled with care, using `--json` output and not `shell=True`. Overall, security is a core concern, making it robust against common vulnerabilities.
Updated: 2026-01-15GitHub
PreviousPage 85 of 760Next