Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(7756)

41
23
Medium Cost
nunyabiznessyoubeezy icon

mcp-server-macos-use

by nunyabiznessyoubeezy

Sec8

An AI agent designed to control a macOS computer using OS-level tools, compatible with the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires macOS (v13 or newer) and a Swift development environment (Xcode) if building from source.
  • ⚠️Requires the `MacosUseSDK` package to be located in a sibling directory (`../MacosUseSDK`) if building from source.
  • ⚠️Requires granting Accessibility permissions for the server application to control the OS.
Verified SafeView Analysis
The server communicates via standard I/O (StdioTransport), which reduces direct network attack surface. No 'eval' or explicit hardcoded secrets are visible in the provided code. However, the server is designed to perform inherently high-privilege OS-level operations (opening applications, clicking, typing, pressing keys). If the AI agent is compromised or misused, it could lead to unauthorized system control. The security of the underlying `MacosUseSDK` is assumed.
Updated: 2025-12-15GitHub
41
14
Medium Cost
collibra icon

chip

by collibra

Sec8

Provides AI agents with access to Collibra Data Governance Center capabilities for data asset discovery, business glossary queries, and detailed asset information retrieval.

Setup Requirements

  • ⚠️Requires access to an existing Collibra Data Governance Center instance.
  • ⚠️Requires valid Collibra credentials for authentication.
  • ⚠️The `COLLIBRA_MCP_API_URL` configuration is mandatory.
Verified SafeView Analysis
The server is designed with security in mind, explicitly warning against skipping TLS verification in production and recommending environment variables for sensitive credentials. In HTTP mode, it binds only to localhost by default, reducing network exposure. Authentication can be delegated to clients using basic auth headers, enabling better attribution of actions. No 'eval' or obvious obfuscation patterns were found in the provided source.
Updated: 2025-12-02GitHub
41
23
Medium Cost
shuizhengqi1 icon

futu-stock-mcp-server

by shuizhengqi1

Sec9

A Model Context Protocol (MCP) server for accessing Futu OpenAPI functionality, providing standardized MCP protocol to AI models for market data subscription and querying, including trading capabilities.

Setup Requirements

  • ⚠️Requires a Futu Securities account with OpenAPI permissions.
  • ⚠️Requires Futu OpenD gateway installed and running on a specified host/port.
  • ⚠️Requires Python 3.10+.
Verified SafeView Analysis
No obvious hardcoded secrets. Employs robust stdout/stderr protection for MCP communication. Uses process locking and cleanup for self-management, which is generally safe but relies on `psutil`. Relies on a local `Futu OpenD` gateway for actual market data and trading, so the security of that external dependency is critical.
Updated: 2025-11-28GitHub
41
16
Medium Cost
aws-samples icon

sample-cfm-tips-mcp

by aws-samples

Sec9

Provides comprehensive AWS cost analysis and optimization recommendations for various services (EC2, EBS, RDS, Lambda, S3, CloudWatch, CloudTrail), designed to integrate seamlessly with Amazon Q CLI and other Model Context Protocol (MCP) compatible clients.

Setup Requirements

  • ⚠️Python 3.11 or higher is required.
  • ⚠️AWS CLI must be configured with appropriate read-only IAM credentials (a specific policy is provided in the README).
  • ⚠️Amazon Kiro CLI is required for MCP integration.
  • ⚠️For certain analyses (e.g., Cost Explorer), there will be minimal AWS API call costs if explicit consent is given via preferences.
Verified SafeView Analysis
The project explicitly prioritizes security by recommending least-privilege, read-only IAM roles for LLM agents to prevent resource modification. It includes critical internal mechanisms (`S3CostConstraintViolationError`, `CostController`) to actively prevent cost-incurring or forbidden AWS API operations. No hardcoded sensitive credentials were found. Uses standard `boto3` for AWS interactions and `pip` for dependency management.
Updated: 2025-12-01GitHub
41
21
High Cost
Agent-Hellboy icon

mcp-server-fuzzer

by Agent-Hellboy

Sec9

A comprehensive CLI-based fuzzing tool for Model Context Protocol (MCP) servers, designed to find vulnerabilities and validate server conformance through both tool argument fuzzing and protocol type fuzzing across multiple transport protocols (HTTP, SSE, Stdio, StreamableHTTP).

Setup Requirements

  • ⚠️Requires Python 3.10+ (3.13+ recommended for latest E2E test setup).
  • ⚠️Requires Node.js 18+ and npm (for building target MCP servers in E2E tests).
  • ⚠️Requires Git to clone target MCP server repositories for testing.
  • ⚠️Needs an external MCP server to be running and accessible for fuzzing.
Verified SafeView Analysis
The MCP Server Fuzzer is designed to generate potentially malicious inputs to find vulnerabilities in target MCP servers. However, the fuzzer itself has a highly robust and layered safety system to protect the host machine where it runs. This includes argument-level sanitization using a DangerDetector (blocking dangerous URLs, script injection, and command patterns), a filesystem sandboxing mechanism that confines file operations to a specified root directory, and a System Command Blocker that installs PATH shims to intercept and prevent the execution of dangerous system commands (like browser launches). Network policy controls (default-deny, allowlists, proxy stripping) further restrict outbound network access. These extensive internal safeguards make the fuzzer itself very safe to run on a host system, even while it's actively trying to exploit vulnerabilities in a target.
Updated: 2025-11-28GitHub
41
2
Medium Cost
gitabozaid icon
Sec8

Provides semantic code search capabilities to AI coding assistants (like Claude Code) by indexing entire codebases into a vector database for deep contextual understanding, enhancing AI agents with relevant code context.

Setup Requirements

  • ⚠️Requires Node.js >= 20.0.0 and < 24.0.0 (incompatible with Node.js 24+)
  • ⚠️Requires an API key for an embedding provider (OpenAI, VoyageAI, Gemini are paid services) and a vector database (Zilliz Cloud API Key or local Milvus setup).
  • ⚠️Uses pnpm for dependency management, requiring its installation.
Verified SafeView Analysis
The primary MCP server (Node.js/TypeScript) uses standard file system and network operations essential for its code indexing and search functions. It handles API keys via environment variables. While Python evaluation scripts demonstrate `subprocess.run` for system commands (`grep`, `git`), this is within a controlled testing framework, not the deployed MCP server. The `ts_executor.py` is a test utility and not part of the deployed MCP server. No obvious vulnerabilities like arbitrary `eval` from user input were found in the main server logic. Requires typical file system and network permissions for its intended function.
Updated: 2025-11-26GitHub
41
25
Medium Cost
angrysky56 icon

ast-mcp-server

by angrysky56

Sec8

Provides a Model Context Protocol (MCP) server for deep code analysis, offering Abstract Syntax Tree (AST) and Abstract Semantic Graph (ASG) generation, code structure analysis, and transformation capabilities, primarily for integration with AI agents like Claude Desktop.

Setup Requirements

  • ⚠️Requires Python 3.12 or higher (as specified in `pyproject.toml`).
  • ⚠️Building tree-sitter parsers is a required installation step (`uv run build-parsers`).
  • ⚠️AI-powered features (e.g., semantic search, code summarization) require an OpenRouter API Key (`OPENROUTER_API_KEY`) and will incur external LLM costs.
  • ⚠️Optional Neo4j database integration requires a running Neo4j instance and configuration via environment variables.
  • ⚠️The `ast-grep-cli` tool must be available in the system's PATH for code transformation features to function, although it is also listed as a Python dependency.
Verified SafeView Analysis
The server uses `subprocess.run` to execute the `ast-grep` CLI tool. The developers acknowledge this and implement mitigations by avoiding `shell=True`, passing arguments as a list, and resolving absolute paths, which reduces the risk of shell injection (as noted by `trunk-ignore(bandit/B603)`). Sensitive credentials like API keys (OpenRouter) and Neo4j database access are handled using environment variables, which is a secure practice. No `eval` or other direct code execution vulnerabilities from untrusted input were identified.
Updated: 2025-12-13GitHub
41
19
Medium Cost
biocontext-ai icon

registry

by biocontext-ai

Sec8

To maintain and validate a curated registry of Model Context Protocol (MCP) servers focused on biomedical research, enhancing their discoverability for AI assistants through structured metadata and an accessible JSON API.

Setup Requirements

  • ⚠️Requires Python 3.11+ to run validation and build scripts.
  • ⚠️Relies on `uv` / `uvx` being installed for the build system and pre-commit hooks.
  • ⚠️Validation process involves external network calls to registered MCP server URLs, which may be slow or fail if external services are unresponsive.
Verified SafeView Analysis
The Python validation scripts use `yaml.safe_load` and `json.load` for parsing, which are safe. The `fastmcp` client interacts with external, potentially untrusted MCP server URLs; security relies on the client's robustness. The `build.sh` script downloads and executes `yq` from GitHub, introducing a supply chain risk. The Cloudflare Worker (`deploy/index.js`) is a simple CORS handler, appearing very secure. No hardcoded secrets or malicious patterns were found within the repository's own code.
Updated: 2025-12-08GitHub
41
25
Medium Cost
algolia icon

mcp

by algolia

Sec9

The MCP server acts as an intermediary, enabling Large Language Models (LLMs) to interact with Algolia's various APIs for search, analytics, A/B testing, query suggestions, recommendations, monitoring, and usage data.

Setup Requirements

  • ⚠️Requires Go (GoLang) to build and run the server.
  • ⚠️Mandatory Algolia API credentials (ALGOLIA_APP_ID, ALGOLIA_API_KEY, ALGOLIA_INDEX_NAME) must be provided as environment variables. ALGOLIA_WRITE_API_KEY is also required for write operations, implying a paid Algolia account for full functionality.
  • ⚠️Requires a Model Context Protocol (MCP) host or inspector (e.g., Claude Desktop, @modelcontextprotocol/inspector, or mark3labs/mcphost) to interact with the server's exposed tools.
Verified SafeView Analysis
The server correctly retrieves Algolia API credentials (application ID, API keys, index name) from environment variables, preventing hardcoded secrets. Outbound HTTP requests are made to legitimate Algolia API endpoints. No 'eval' or similar dynamic code execution patterns are observed. The underlying `mcp-go` library for Model Context Protocol is also used, which is a standard approach for this kind of server. Overall, the code appears robust against common security vulnerabilities for its stated purpose.
Updated: 2025-11-27GitHub
41
25
Medium Cost
Couchbase-Ecosystem icon

mcp-server-couchbase

by Couchbase-Ecosystem

Sec8

Enables LLMs to directly interact with Couchbase clusters for database operations and analytics via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Requires a running Couchbase cluster and valid authentication credentials (connection string, plus either username/password or client certificates/keys).
  • ⚠️If using HTTP or SSE transport modes, the server lacks built-in authorization; exposing it publicly without external security measures (e.g., API Gateway, firewall) is a significant security risk.
Verified SafeView Analysis
The `run_sql_plus_plus_query` tool uses `lark_sqlpp` to parse and detect data or structure modification queries, enforcing a read-only mode by default. This is a strong safeguard against accidental LLM-driven modifications via SQL++. However, if `CB_MCP_READ_ONLY_QUERY_MODE` is explicitly set to `false`, LLMs can execute arbitrary SQL++ queries. Key-Value (KV) operations (upsert, delete) directly modify data and are always available. The documentation explicitly states that HTTP and SSE transport modes do not include authorization support, which is a critical security consideration. If these network transports are enabled and exposed, external authorization/authentication mechanisms must be implemented to prevent unauthorized database access.
Updated: 2025-12-11GitHub
41
3
Medium Cost
n24q02m icon
Sec9

Provides a Markdown-first MCP Server for Notion, consolidating Notion's 28+ REST API endpoints into 7 composite tools optimized for AI agents to manage pages, databases, blocks, users, and workspace information efficiently.

Setup Requirements

  • ⚠️Requires `NOTION_TOKEN` environment variable with a valid Notion integration token.
  • ⚠️Requires Node.js 22+ and pnpm (or mise) if building from source, otherwise Docker simplifies deployment.
  • ⚠️Integration must be shared with specific Notion pages/databases to access them, as Notion API permissions are resource-specific.
Verified SafeView Analysis
The codebase demonstrates good security practices with explicit error handling, input validation within its composite tools, and no evident use of 'eval' or hardcoded sensitive information (beyond expected environment variables). It leverages the `@modelcontextprotocol/sdk` for server communication and the official Notion API client. A minor concern is the verbose logging of Notion API errors (including potentially sensitive details from error.body) if logs are not securely managed, but this is a common debugging practice and not a direct vulnerability within the application logic itself.
Updated: 2025-12-15GitHub
41
21
Medium Cost
imprvhub icon
Sec8

Enables Claude Desktop to interact with Spotify for music search, playback control, and playlist management via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires manual creation and configuration of a Spotify Developer App to obtain Client ID and Client Secret.
  • ⚠️The Spotify App's Redirect URI must be set specifically to `http://127.0.0.1:8888/callback`.
  • ⚠️Requires manual editing of the Claude Desktop configuration file (`claude_desktop_config.json`) with the server's absolute path and environment variables.
  • ⚠️Multiple restarts of Claude Desktop are necessary during the initial setup process (after config changes and successful authentication) for tools to register properly.
  • ⚠️The server listens on port 8888, which might lead to conflicts with other local services; troubleshooting steps involve potentially aggressive process termination.
Verified SafeView Analysis
The server correctly uses environment variables for Spotify API credentials, avoiding hardcoded secrets. It implements a local OAuth flow, opening an HTTP server on port 8888. Access and refresh tokens are stored locally in `~/.spotify-mcp/tokens.json`, which is user-specific but implies that `No user data is stored on disk` from the README might be misleading regarding sensitive credentials. A notable pattern is the use of `execAsync` with system commands (`taskkill` on Windows, `lsof | xargs kill -9` on macOS/Linux) to clear a port if it's in use. While intended for troubleshooting and recovery, executing system commands introduces a slight elevated risk compared to a purely application-level solution, though it is scoped to port management and a fixed port.
Updated: 2025-12-03GitHub
PreviousPage 85 of 647Next