Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

41
3
Medium Cost
Fawzy-AI-Explorer icon

ObsidianMate

by Fawzy-AI-Explorer

Sec9

An intelligent, AI-powered assistant designed to supercharge Obsidian note-taking workflows.

Setup Requirements

  • ⚠️Requires Python 3.12 or higher
  • ⚠️Requires Docker for MCP (Model Context Protocol) servers (Obsidian, YouTube Transcript)
  • ⚠️Requires a Google API Key (Paid for LLM usage)
  • ⚠️Requires an Obsidian API Key for vault interaction
Verified SafeView Analysis
Secrets (API keys) are handled using `SecretStr` from Pydantic settings, loaded from environment variables or .env files, which is good practice. The application runs a FastAPI server exposed on 0.0.0.0:8000 and leverages Docker for MCP services (Obsidian, YouTube Transcript, Excalidraw), which might expose additional network interfaces. Proper network isolation and firewall rules are recommended for production deployment. No direct `eval` calls or clear malicious patterns were found.
Updated: 2025-11-30GitHub
41
23
High Cost
i-dot-ai icon

lex

by i-dot-ai

Sec9

Provides a UK legal research API for AI agents, offering capabilities to search legislation, caselaw, amendments, and explanatory notes using semantic and keyword search, and includes a Micro-Copilot (MCP) server for integration with AI assistants.

Setup Requirements

  • ⚠️Requires Azure OpenAI API Key (Paid): Critical for semantic search, AI summaries, explanations, and PDF processing (embeddings and chat models).
  • ⚠️Requires Qdrant Vector Database: Can be run locally via Docker Compose or connected to a cloud instance (requires URL/API Key).
  • ⚠️Requires Initial Data Ingestion: The server is non-functional without pre-ingested legal data. The ingestion process is time-consuming and also incurs significant AI token costs.
  • ⚠️Docker required for local setup of Qdrant and convenient execution.
Verified SafeView Analysis
The server uses `uvicorn` with `reload=True` in its local run command, which is not suitable for production. CORS is configured with `allow_origins=["*"]`, typical for a public API but note-worthy. Secret management for `QDRANT_CLOUD_API_KEY`, `AZURE_OPENAI_API_KEY`, and `REDIS_PASSWORD` relies on environment variables, which is good practice. The system interacts with external AI services for embeddings, summaries, explanations, and PDF OCR, involving potentially large prompts and outputs. While these interactions are handled by client libraries with retry/timeout mechanisms, the experimental `FASTMCP_EXPERIMENTAL_ENABLE_NEW_OPENAPI_PARSER` feature is used, which might have unknown implications.
Updated: 2026-01-13GitHub
41
2
Medium Cost
yejianye icon
Sec9

Provides semantic search and connection discovery within Obsidian vaults, leveraging pre-generated embeddings, for both command-line users and AI agents via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Node.js >= 18.0.0.
  • ⚠️Requires the Smart Connections Obsidian plugin to be installed and the vault indexed within Obsidian, as it relies on plugin-generated embedding data ('.smart-env/').
  • ⚠️Requires the `OBSIDIAN_VAULT` environment variable to be set or the `--vault`/`vault_path` argument to be provided for specifying the Obsidian vault path.
Verified SafeView Analysis
The server and CLI operate on local, pre-indexed Obsidian vault data, performing only read operations. Robust path validation mechanisms (e.g., `fs.realpathSync`, `path.relative` checks) are implemented when handling user-provided note paths to prevent path traversal attacks, ensuring all operations remain strictly within the defined vault boundary. Embedding generation for queries uses `@xenova/transformers` locally, mitigating external network risks during inference. No direct `eval` usage or hardcoded sensitive information was found.
Updated: 2025-11-25GitHub
41
29
High Cost
FlowLLM-AI icon

flowllm

by FlowLLM-AI

Sec2

FlowLLM is a configuration-driven framework for building LLM-powered applications, encapsulating LLM, Embedding, and vector store capabilities as HTTP/MCP services. It's designed for AI assistants, RAG applications, and complex workflow orchestration, minimizing boilerplate code.

Setup Requirements

  • ⚠️Requires API keys for LLM and Embedding models (typically paid services like OpenAI, DashScope).
  • ⚠️Requires Python 3.10+ (as per `README.md`).
  • ⚠️Full functionality may require external services like Elasticsearch, Qdrant, PostgreSQL (with pgvector), or Ray, which need separate setup and management.
Review RequiredView Analysis
The framework uses `exec()` and `eval()` internally (`parse_flow_expression`) to process `flow_content` defined in YAML configuration. While the documentation states execution in a 'restricted environment', arbitrary code execution remains a critical risk if the YAML input is not from an absolutely trusted source or if the sandbox is insufficient. Default CORS settings allow all origins, which should be restricted in production environments.
Updated: 2026-01-07GitHub
41
22
Low Cost
flaviodelgrosso icon

fastify-mcp-server

by flaviodelgrosso

Sec9

A Fastify plugin providing a streamable HTTP transport for the Model Context Protocol (MCP), enabling AI assistants to interact with services.

Setup Requirements

  • ⚠️Requires Node.js >= 22
  • ⚠️Requires Fastify 5.x
  • ⚠️Requires implementation of a `createMcpServer` factory function to define MCP tools.
Verified SafeView Analysis
The plugin provides a secure framework for implementing an MCP server, including robust Bearer token authentication and session management with pluggable storage. Bearer token validation relies on a user-provided `OAuthTokenVerifier` implementation, ensuring no hardcoded secrets in the core plugin. Session management for Redis uses `SCAN` for operations to prevent blocking. The overall security posture in a deployed application will depend on the security of the user's `OAuthTokenVerifier` implementation, the `createMcpServer` logic, and the underlying `@modelcontextprotocol/sdk` itself. The demo includes a clearly marked mock verifier.
Updated: 2026-01-19GitHub
41
16
Medium Cost
xiaolai icon
Sec8

Provides long-term memory for AI coding agents by indexing conversation history, tracking decisions and mistakes, and enabling semantic search across projects.

Setup Requirements

  • ⚠️Requires Node.js 20 or 22 LTS; other versions may break native modules.
  • ⚠️If using Ollama, `ollama serve` must be running and the embedding model must be pulled. If using OpenAI, `OPENAI_API_KEY` environment variable is required. Transformers.js is the default and works offline.
  • ⚠️Default storage paths require a writable home directory. In sandboxed environments (e.g., certain Claude setups), `CCCMEMORY_DB_PATH` and `CCCMEMORY_GLOBAL_INDEX_PATH` environment variables must be explicitly set to a writable location.
Verified SafeView Analysis
The server uses `better-sqlite3` for local database storage and `simple-git` for Git integration. SQL queries are generally parameterized, mitigating SQL injection risks. File system operations for project data and backups leverage built-in Node.js `fs` module, with efforts made in path sanitization (`sanitization.ts`) to prevent path traversal attacks. Environment variables are used for sensitive information like `OPENAI_API_KEY` rather than hardcoding. The `execFileSync` calls in `worktree.ts` for Git commands appear to use controlled arguments, reducing command injection risk. Network interaction for embeddings is with specified LLM APIs (Ollama, OpenAI, or local Transformers.js). Overall, good practices are in place, but local file system interaction always presents some inherent risk if configured maliciously by an untrusted host.
Updated: 2026-01-08GitHub
41
23
Medium Cost
OEvortex icon

ddg_search

by OEvortex

Sec8

A Model Context Protocol server for web search using DuckDuckGo and AI-powered answers from IAsk AI, Monica, and Brave AI, designed for integration with AI assistants.

Setup Requirements

  • ⚠️Reliance on web scraping means the server is susceptible to breaking changes if DuckDuckGo, IAsk AI, Monica, or Brave AI alter their website structure or APIs.
  • ⚠️Performance and resource consumption (network, CPU) can be significant for 'detailed' web searches that fetch full page content via Jina AI or for comprehensive AI-generated responses.
Verified SafeView Analysis
The server employs good security practices, including rotating user agents to mitigate detection during web scraping and robust input validation for all search queries and parameters. Network requests use timeouts to prevent hangs from unresponsive external services. Critically, it explicitly states 'No API keys required', which reduces the risk of credential exposure. Error handling for tool execution is comprehensive, returning structured error messages without crashing the server. The server's own source code does not implement explicit rate limiting, but this might be handled by the underlying MCP SDK or is expected from the consuming client.
Updated: 2026-01-19GitHub
41
10
Low Cost
missdeer icon

codex-mcp-rs

by missdeer

Sec9

This server acts as an MCP (Model Context Protocol) wrapper for the Codex CLI, enabling AI-assisted coding tasks through compatible clients like Claude Code.

Setup Requirements

  • ⚠️Requires Codex CLI to be installed and configured on the system.
  • ⚠️Requires an MCP client (e.g., Claude Code) for interaction.
  • ⚠️Rust 1.70+ required for building from source.
  • ⚠️The `npm` installation process relies on `tar` (Linux/macOS) or `PowerShell` (Windows) for binary extraction, and optionally uses `GITHUB_TOKEN` to prevent GitHub API rate limits during download.
Verified SafeView Analysis
The server implements strong security practices including explicit sandbox policies ('read-only' by default, 'workspace-write', 'danger-full-access'), environment variable controls for dangerous features, and input validation for paths. It uses `std::process::Command` with `Command::arg()` for subprocess execution which handles argument escaping securely. The `npm/run.js` script uses `spawn` with path escaping for archive extraction, and GitHub downloads are performed over HTTPS. Output line limits are in place to prevent memory exhaustion. The primary security consideration is the use of 'danger-full-access' mode by the underlying Codex CLI, which is explicitly opt-in via an environment variable `CODEX_ALLOW_DANGEROUS` and defaults to disabled.
Updated: 2026-01-18GitHub
41
26
High Cost
OHNLP icon

omop_mcp

by OHNLP

Sec8

Maps clinical terminology to OMOP (Observational Medical Outcomes Partnership) concepts using Large Language Models (LLMs) via the Model Context Protocol (MCP) server.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid) or Azure OpenAI credentials.
  • ⚠️Requires 'uv' (https://docs.astral.sh/uv/getting-started/installation/) to be installed.
  • ⚠️Requires Python 3.12 or higher.
Verified SafeView Analysis
The server makes external HTTP requests to known OMOP resources (Athena OHDSI) which is appropriate. API keys are managed through environment variables via `dotenv`. The `batch_map_concepts_from_csv` tool takes a `csv_path` as an argument; if the server were exposed publicly to untrusted users without input validation, this could potentially be leveraged for arbitrary local file access (e.g., path traversal). However, the intended use case (e.g., Claude Desktop integration) implies a local or controlled environment where this risk is mitigated.
Updated: 2026-01-17GitHub
41
135
High Cost
ilanbenb icon

wa_llm

by ilanbenb

Sec8

An AI-powered WhatsApp bot that joins groups, summarizes conversations, and answers questions using a knowledge base.

Setup Requirements

  • ⚠️Requires PostgreSQL with `pgvector` extension installed.
  • ⚠️Requires Python 3.12+.
  • ⚠️Requires API keys for Voyage AI (for embeddings) and Anthropic (for LLM interactions), both are paid services.
  • ⚠️Docker and Docker Compose are required for the easiest setup.
  • ⚠️Requires manual database update (`UPDATE public."group" SET managed = true WHERE group_name = 'Your Group Name';`) to activate the bot for a specific group.
  • ⚠️Requires restarting the `web-server` service after connecting the WhatsApp device or activating a group.
Verified SafeView Analysis
The application handles secrets via environment variables, which is a good practice. Database interactions using SQLAlchemy's `text()` method with parameterized queries are correctly implemented to prevent SQL injection. Webhook endpoint `/webhook` is exposed, typical for such applications. The `WhatsAppClient` communicates with an external WhatsApp API, requiring trust in that external service. Some `docker-compose.base.yml` configurations use default credentials (`admin:admin` for WhatsApp API basic auth, `user:password` for Postgres) which are primarily for local development and are intended to be overridden by `.env` files in production/deployment, but could be a minor risk if deployed without proper `.env` configuration. `eval` or similar dangerous functions were not found.
Updated: 2025-12-30GitHub
41
12
Medium Cost
YosefHayim icon

ebay-mcp

by YosefHayim

Sec8

Enables AI assistants to manage eBay selling operations, including inventory, orders, marketing, and analytics, through a Model Context Protocol (MCP) server.

Setup Requirements

  • ⚠️Requires an eBay Developer Account and API credentials (Client ID, Client Secret, Redirect URI/RuName).
  • ⚠️Requires a multi-step OAuth 2.0 Authorization Code Flow for user tokens, involving browser interaction to grant permissions.
  • ⚠️Requires Node.js (version 18 or higher).
  • ⚠️Environment variables must be securely configured (e.g., in a `.env` file).
Verified SafeView Analysis
The server acts as a proxy for eBay APIs, relying heavily on environment variables for sensitive credentials (eBay Client ID/Secret, OAuth Refresh Token). These are appropriately excluded from version control via `.gitignore`. The application uses `helmet` for basic Express security and `cors` with `origin: '*'` in development, which is explicitly noted as a potential production issue in comments. OAuth 2.1 is implemented with token introspection/JWT validation and automatic token refreshing. No direct `eval` or obvious malicious patterns were found. Interactive setup scripts handle sensitive data entry and `.env` file updates responsibly. The general security posture is good for an open-source project of this nature, but the inherent risk of handling API credentials and the `cors` setting warrant caution for production deployment.
Updated: 2026-01-18GitHub
41
25
Low Cost
stagsz icon
Sec9

Facilitates context-efficient generation, branching, and searching of unconventional thoughts for AI problem-solving.

Setup Requirements

  • ⚠️Requires Node.js & npm for building and execution.
  • ⚠️Requires manual configuration of Claude Desktop's `claude_desktop_config.json` with an absolute path to the compiled server binary.
  • ⚠️Server uses `process.cwd()` for data storage, so its behavior depends on the directory from which it is launched by Claude Desktop.
Verified SafeView Analysis
The server communicates via standard I/O (stdio) instead of network ports, significantly reducing direct network attack surface. It primarily performs local file operations within a dedicated '.thoughts' directory relative to its working directory. No 'eval' or similar dangerous functions are present. No hardcoded secrets or sensitive API keys are found in the source. The file system access is constrained and transparent, posing minimal risk when run as intended by a trusted parent process like Claude Desktop.
Updated: 2025-11-24GitHub
PreviousPage 86 of 760Next