Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(7756)

41
6
Medium Cost

ifc-bonsai-mcp

by Show2Instruct

Sec3

Connects AI language models with Blender's Bonsai add-on to read, create, and edit IFC models directly via high-level tool calls and RAG-powered knowledge.

Setup Requirements

  • ⚠️Requires specific Blender 4.4+ and Bonsai Add-on 0.8.2+ versions.
  • ⚠️Requires Claude Desktop (or other MCP-compatible client) and manual configuration of its JSON settings, including potentially an absolute path to the Python executable.
  • ⚠️An additional local embedding server (Sentence Transformers) must be run continuously in a separate process for the RAG knowledge base to function.
  • ⚠️Initial setup involves installing `uv` package manager and potentially manual installation of Python packages into Blender's isolated Python environment.
Review RequiredView Analysis
The server explicitly includes a tool `execute_blender_code` which allows the execution of 'arbitrary Python code in Blender context' driven by the LLM. The `README` also warns about the general `execute_code` tool behaving 'unpredictably' and potentially producing 'unsafe results'. While running locally, this grants significant control to the LLM over the user's machine within the Blender environment, posing a high risk for unintended or malicious code execution based on LLM output.
Updated: 2025-11-17GitHub
41
15
High Cost
proofgeist icon
Sec9

An experimental Model Context Protocol (MCP) server that integrates Granola.ai meeting intelligence with Claude Desktop, using Granola's local cache for read-only access to meeting data.

Setup Requirements

  • ⚠️Requires macOS operating system, as Granola.ai and its cache file are macOS-specific.
  • ⚠️Requires the Granola.ai desktop application to be installed and actively generating meeting data.
  • ⚠️Requires manual configuration within the Claude Desktop application's JSON config file (`claude_desktop_config.json`).
  • ⚠️Requires Python 3.12+ and the `uv` package manager (or `pip` with manual virtual environment setup).
Verified SafeView Analysis
The server is explicitly designed for 100% local, read-only processing of the Granola.ai cache file. No external API calls are made, and no hardcoded secrets or network listening on public interfaces are apparent. Input parsing relies on standard JSON and Pydantic validation, minimizing code injection risks. The primary security consideration is the integrity of the local `cache-v3.json` file, as a malformed cache could potentially lead to local resource exhaustion or parsing errors, but not remote code execution.
Updated: 2025-11-27GitHub
41
19
Low Cost
ukkit icon

memcord

by ukkit

Sec9

Memcord is a privacy-first, self-hosted MCP server designed to organize chat history, summarize messages, and enable AI-powered search across past conversations, keeping all data secure and under user control.

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️Utilizes 'uv' (a modern Python package installer/dependency manager), diverging from traditional 'pip' workflows.
  • ⚠️Manual configuration of 'claude_desktop_config.json' or `claude mcp add-json` command is necessary for integration with Claude Desktop/Code, requiring the user to specify the installation path.
  • ⚠️The server's dependencies include future-dated versions of MCP SDK (1.22.0, released Nov 20, 2025) and MCP Protocol (2025-11-25, released Nov 25, 2025), which may not be readily available or stable at present.
Verified SafeView Analysis
The project demonstrates a strong focus on security, with dedicated modules and explicit checks for common vulnerabilities. Input validation (`MemoryEntry`, `MemorySlot`, `SearchQuery`) actively sanitizes names and content against XSS, SQL injection, and path traversal. A `SecurityMiddleware` module handles rate limiting, path validation, and input validation for import and save operations, including checks for private IP addresses to mitigate SSRF risks in URL imports. No hardcoded secrets or obvious malicious patterns like `eval` are present in the provided code snippets. The architecture is designed for local, privacy-first operation, reducing external attack surfaces.
Updated: 2025-11-27GitHub
41
13
Medium Cost
GravityKit icon

GravityMCP

by GravityKit

Sec9

Manage Gravity Forms data (forms, entries, feeds, fields) via Model Context Protocol, enabling programmatic interaction with WordPress forms.

Setup Requirements

  • ⚠️Requires Node.js 18+ (though `scripts/check-env.js` recommends 20+).
  • ⚠️Requires an active WordPress installation with Gravity Forms 2.5+.
  • ⚠️Requires an HTTPS-enabled WordPress site if using Basic Authentication (OAuth 1.0a is a fallback for HTTP).
  • ⚠️Requires Gravity Forms REST API Consumer Key and Secret, generated in WordPress settings.
  • ⚠️For local development with self-signed SSL certificates, `MCP_ALLOW_SELF_SIGNED_CERTS=true` must be set in your `.env` file.
Verified SafeView Analysis
The server enforces HTTPS for Basic Authentication, falling back to OAuth 1.0a for HTTP connections. Sensitive data (keys, secrets, passwords) is obfuscated in logs using a dedicated sanitization utility (`sanitize.js`). Destructive operations (delete) are disabled by default and require explicit `GRAVITY_FORMS_ALLOW_DELETE=true` configuration. A `MCP_ALLOW_SELF_SIGNED_CERTS=true` option is available for local development with self-signed certificates, which carries an explicit security warning against its use in production.
Updated: 2025-12-05GitHub
41
11
Medium Cost
sbroenne icon

mcp-server-excel

by sbroenne

Sec9

Automate Microsoft Excel operations using natural language through AI assistants, covering tasks like Power Query, DAX measures, VBA, PivotTables, charts, ranges, and formatting.

Setup Requirements

  • ⚠️Requires Windows OS for COM interop.
  • ⚠️Requires Microsoft Excel 2016 or later to be installed.
  • ⚠️VBA operations require 'Trust access to the VBA project object model' to be manually enabled in Excel settings.
  • ⚠️Requires exclusive access to Excel workbooks; all Excel instances must be closed before use.
Verified SafeView Analysis
The server uses Excel's native COM API, minimizing file corruption risks. It implements input validation, file size limits, and path security. Telemetry data is redacted to remove sensitive information. VBA features require manual user enablement of 'Trust access to the VBA project object model' in Excel's Trust Center, placing security control in the user's hands rather than bypassing it automatically. Proper privacy levels for Power Query must also be explicitly configured by the user. Relying on COM automation implies trust in the underlying Excel application's security.
Updated: 2025-12-14GitHub
41
5
Low Cost
andrewmat32 icon
Sec8

An AI-powered code generator for Apostrophe CMS modules, operating as a local Model Context Protocol (MCP) server that can be integrated with Claude Code.

Setup Requirements

  • ⚠️Requires Node.js v18 or higher.
  • ⚠️Requires Claude Code CLI (@anthropic-ai/claude-code) installed globally.
  • ⚠️Requires an Anthropic API key configured via `claude configure` (this is a paid service, token usage applies).
  • ⚠️Apostrophe CMS projects must be located in the parent directory of this tool and configured for ES Modules (`"type": "module"` in their `package.json`).
Verified SafeView Analysis
The server runs locally and explicitly states no API keys are required for its own operation, relying on the `claude` CLI for AI interaction. It executes the `claude` CLI via `child_process.spawn` and passes prompts securely via `stdin`, mitigating direct command injection through prompts. File system operations (read, write, delete) are confined to discovered Apostrophe projects (which must be in the parent directory and meet specific `app.js` criteria) and a local `history/` folder. A specific safety measure is appending to `modules/asset/ui/src/index.js` rather than overwriting. The primary risks involve trusting the security of the `claude` CLI itself and potential (though mitigated) malicious manipulation of discovered project paths.
Updated: 2025-12-11GitHub
41
22
Medium Cost
goern icon

forgejo-mcp

by goern

Sec9

Integrates Forgejo with Model Context Protocol (MCP) systems, enabling AI agents to execute commands and manage repositories via a chat interface.

Setup Requirements

  • ⚠️Requires Golang (Go 1.24 or later recommended) and 'make' to build from source.
  • ⚠️Requires a running Forgejo instance URL for connection.
  • ⚠️Requires a Forgejo Personal Access Token for authentication.
  • ⚠️Can operate in 'stdio' (standard I/O) or 'sse' (Server-Sent Events) transport modes, with 'stdio' being default for direct MCP client integration.
Verified SafeView Analysis
The server uses command-line arguments and environment variables for sensitive information like the Forgejo URL and access token, avoiding hardcoded secrets. It includes robust logging with context and sensitive URL sanitization. Input parameters for tools are type-checked and marked as required where appropriate. The SSE mode runs a local HTTP server, which is standard but requires users to manage its network exposure (though it defaults to localhost). No 'eval' or similar dangerous dynamic code execution patterns were found, and dependencies are standard for Go. Overall, the security implementation is strong for its purpose.
Updated: 2025-12-14GitHub
41
25
High Cost
olaservo icon

mcp-advisor

by olaservo

Sec8

Provides comprehensive access to Model Context Protocol (MCP) specification and compliance evaluation for LLMs and humans.

Setup Requirements

  • ⚠️The server currently depends on the official `LLMS.txt` file which no longer matches the format expected by this server, potentially leading to errors or incomplete data.
  • ⚠️Requires external network access to `modelcontextprotocol.io` and `raw.githubusercontent.com` to fetch specification documents and schemas. Network failures will cause fallback to expired cache or errors.
Verified SafeView Analysis
The server fetches documentation and schemas from external URLs (`modelcontextprotocol.io`, `raw.githubusercontent.com`). While these are trusted sources for the MCP, a compromise of these external resources could feed incorrect or outdated information. The `llms.txt` parsing logic has some filtering, but its current incompatibility (as noted in the README) is a functional risk. The 'path' argument in `evaluate_server_compliance` is passed to the LLM for evaluation, not executed by this server, mitigating local execution risks from this specific argument. No 'eval' or obvious malicious code patterns were found.
Updated: 2025-12-12GitHub
41
2
High Cost
eamonnfaherty icon

oh-no-mcp-server

by eamonnfaherty

Sec9

Provides a Model Context Protocol (MCP) server for deep analysis of code performance, identifying bottlenecks, memory issues, algorithm complexity, and suggesting optimizations across code snippets, single files, or entire directories.

Setup Requirements

  • ⚠️Requires a compatible MCP client (e.g., Claude Desktop) to operate as intended, as it's an MCP server, not a standalone application.
  • ⚠️Python 3.10 or newer is required to run the server.
Verified SafeView Analysis
The server's core functionality involves read-only access to the file system to gather code content based on paths provided by an MCP client. It does not contain `eval()` or similar dangerous functions in its runtime logic (an `exec` call is present in the test suite for module execution testing only). No hardcoded secrets were found. During directory scans, it explicitly excludes common sensitive directories like `.git` and `node_modules`. The primary security consideration is the potential for an untrusted client or LLM to request the reading of arbitrary local files if the MCP client environment (e.g., Claude Desktop) does not adequately sandbox or validate paths. The server itself does not perform file writing; it only prepares prompts that may instruct the LLM to write reports to a specified `output_path`, placing the responsibility for the actual write operation and its security implications on the LLM's client environment.
Updated: 2025-11-25GitHub
41
23
Medium Cost
GreptimeTeam icon

greptimedb-mcp-server

by GreptimeTeam

Sec9

Enables AI assistants to securely query and analyze GreptimeDB data, including time-series, logs, and metrics, using SQL, TQL, and RANGE queries, with pipeline management capabilities.

Setup Requirements

  • ⚠️Requires a running GreptimeDB instance.
  • ⚠️Requires Python 3.11 or newer.
  • ⚠️Recommended to configure a read-only database user for enhanced security.
Verified SafeView Analysis
The server implements a robust application-level security gate (`security_gate` function) that explicitly blocks DDL/DML operations (e.g., DROP, DELETE, INSERT, UPDATE, ALTER, CREATE), file system access, and common SQL injection bypass techniques (e.g., UNHEX, CHAR functions, hex encoding). It strictly allows only read-only (SELECT, SHOW, DESCRIBE, TQL, EXPLAIN, WITH, UNION) and pipeline management operations. Data masking is enabled by default for sensitive column patterns (configurable). Audit logging is also enabled by default for all tool invocations, enhancing accountability and detectability. The README strongly recommends creating a read-only database user for an additional layer of security. No direct `eval` or obvious hardcoded secrets were found in the provided code snippets.
Updated: 2025-12-11GitHub
41
8
Medium Cost
nihalxkumar icon

arch-mcp

by nihalxkumar

Sec9

An MCP server that bridges AI assistants with the Arch Linux ecosystem, providing intelligent, safe, and efficient access to the Arch Wiki, AUR, and official repositories for AI-assisted Arch Linux usage.

Setup Requirements

  • ⚠️Most core functionality requires the server to run on an Arch Linux system.
  • ⚠️Write operations and some diagnostic tools require `sudo` access.
  • ⚠️AUR installation tools require an AUR helper (paru or yay) to be installed on the host system.
  • ⚠️Checking for updates (`check_updates_dry_run`) requires the `pacman-contrib` package.
Verified SafeView Analysis
The server features robust, built-in security analysis for AUR packages, actively scanning PKGBUILDs for over 50 critical and suspicious patterns (e.g., `rm -rf /`, fork bombs, reverse shells, crypto miners, obfuscated code, dangerous network activity). It will block installations if critical security issues are detected. `sudo` commands for system operations are handled carefully with checks for password requirements. No apparent hardcoded secrets or direct vulnerabilities in the server's own codebase; its primary function is to provide a safe interface for interacting with potentially unsafe external content.
Updated: 2025-11-30GitHub
41
12
Medium Cost
jalpp icon
Sec7

This MCP server provides advanced chess analysis, puzzle training, game review, and opening exploration by integrating Stockfish, Lichess, ChessDB, and custom positional theme evaluations, primarily for enhancing chess understanding and gameplay.

Setup Requirements

  • ⚠️Requires Node.js 22+.
  • ⚠️Optional Lichess API Key (sensitive) for fetching studies.
  • ⚠️Optional Chessboard Magic PAT (sensitive) for accessing user repertoires and games.
  • ⚠️Relies on an external Stockfish API endpoint (https://mcpstockfish.vercel.app/) for engine analysis, which is a third-party dependency.
Verified SafeView Analysis
The server uses `process.env` for sensitive API keys (Lichess, Chessboard Magic), which is good practice. It heavily relies on external APIs (Lichess, ChessDB, and a Stockfish WASM service hosted on Vercel). The security of core functionality like engine analysis is dependent on these external services. HTML rendering tools generate client-side JavaScript, which, while not directly taking arbitrary user input, always presents a minor risk for potential client-side vulnerabilities, although input FENs are schema-validated.
Updated: 2025-12-02GitHub
PreviousPage 88 of 647Next