Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

41
13
Low Cost
marianfoo icon
Sec9

This is a Middleman Control Plane (MCP) server for SAP consultants, designed to integrate various SAP-related functionalities (e.g., SAP Notes, ABAP ADT, S4/HANA OData) as conversational agents or tools within the LibreChat platform, including authentication via OpenID Connect and managing permissions.

Setup Requirements

  • ⚠️Requires complex Docker setup including a Playwright-enabled container for certain SAP services, which involves installing Git, Node.js, npm dependencies, and Chromium browser within the container.
  • ⚠️Extensive environment variable configuration is necessary for various SAP connections (URL, username, password, client, language, certificates) and OpenID Connect settings (client ID, secret, issuer).
  • ⚠️Database interaction uses Mongoose, implying a MongoDB instance is required for persistent storage of data schemas, models, and types.
Verified SafeView Analysis
The server employs robust security measures including JWT-based authentication, OpenID Connect for federated logins, comprehensive middleware for input validation, moderation, rate limiting, and access control (ACLs based on roles and resource types). Sensitive configurations like PFX passphrases and API keys are expected to be environment variables, not hardcoded. Image handling, including avatars and content, includes validation and JWT-protected access paths to prevent traversal. The overall architecture demonstrates a strong focus on secure practices for an open-source project. Potential risks typically stem from misconfiguration or reliance on external dependencies (e.g., Playwright container setup, external OAuth providers), rather than inherent code vulnerabilities.
Updated: 2026-01-19GitHub
41
23
Medium Cost
shuizhengqi1 icon

futu-stock-mcp-server

by shuizhengqi1

Sec9

A Model Context Protocol (MCP) server for accessing Futu OpenAPI functionality, providing standardized MCP protocol to AI models for market data subscription and querying, including trading capabilities.

Setup Requirements

  • ⚠️Requires a Futu Securities account with OpenAPI permissions.
  • ⚠️Requires Futu OpenD gateway installed and running on a specified host/port.
  • ⚠️Requires Python 3.10+.
Verified SafeView Analysis
No obvious hardcoded secrets. Employs robust stdout/stderr protection for MCP communication. Uses process locking and cleanup for self-management, which is generally safe but relies on `psutil`. Relies on a local `Futu OpenD` gateway for actual market data and trading, so the security of that external dependency is critical.
Updated: 2025-11-28GitHub
41
19
Medium Cost
aws-samples icon

sample-cfm-tips-mcp

by aws-samples

Sec9

A comprehensive Model Context Protocol (MCP) server for AWS cost analysis and optimization recommendations, designed to integrate with Kiro CLI and other MCP-compatible clients.

Setup Requirements

  • ⚠️Requires Python 3.8 or higher (3.11+ recommended for best performance).
  • ⚠️Requires specific AWS services to be enabled/subscribed for full functionality (e.g., Cost Optimization Hub enrollment, Trusted Advisor Business/Enterprise support plan, Performance Insights enabled on RDS instances).
  • ⚠️Requires comprehensive read-only IAM permissions across multiple AWS services for complete analysis.
Verified SafeView Analysis
The server demonstrates a strong commitment to security best practices. It explicitly enforces 'Read-Only Access' and 'Least Privilege' principles, providing detailed IAM policies for auditing. There are no indications of hardcoded production secrets (test credentials are used in examples). Network exposure is minimal, requiring only outbound HTTPS to AWS APIs. No 'eval' or other directly exploitable patterns were observed in the provided code snippets. The architecture relies on standard AWS SDK practices for credential management.
Updated: 2026-01-16GitHub
41
45
Medium Cost
aashari icon
Sec9

Connects AI assistants to Atlassian Confluence knowledge bases, enabling natural language interaction to query, search, and manage Confluence content.

Setup Requirements

  • ⚠️Requires an Atlassian API Token with appropriate permissions.
  • ⚠️Credentials (ATLASSIAN_SITE_NAME, ATLASSIAN_USER_EMAIL, ATLASSIAN_API_TOKEN) must be set as environment variables or in `~/.mcp/configs.json`.
  • ⚠️Only supports Confluence Cloud (on-premise/Data Center not supported).
Verified SafeView Analysis
The server follows good security practices by loading sensitive credentials (Atlassian API Token, email, site name) from environment variables or a local configuration file, avoiding hardcoded secrets. It performs authenticated API calls to Atlassian Cloud. There are no obvious signs of 'eval', code obfuscation, or malicious patterns. Raw API responses are saved to the `/tmp/mcp/` directory when responses are truncated, which is standard for temporary debug/context data but could lead to excessive disk usage if not managed externally in high-volume, debug-enabled scenarios.
Updated: 2026-01-07GitHub
41
2
Medium Cost
gitabozaid icon
Sec8

Provides semantic code search capabilities to AI coding assistants (like Claude Code) by indexing entire codebases into a vector database for deep contextual understanding, enhancing AI agents with relevant code context.

Setup Requirements

  • ⚠️Requires Node.js >= 20.0.0 and < 24.0.0 (incompatible with Node.js 24+)
  • ⚠️Requires an API key for an embedding provider (OpenAI, VoyageAI, Gemini are paid services) and a vector database (Zilliz Cloud API Key or local Milvus setup).
  • ⚠️Uses pnpm for dependency management, requiring its installation.
Verified SafeView Analysis
The primary MCP server (Node.js/TypeScript) uses standard file system and network operations essential for its code indexing and search functions. It handles API keys via environment variables. While Python evaluation scripts demonstrate `subprocess.run` for system commands (`grep`, `git`), this is within a controlled testing framework, not the deployed MCP server. The `ts_executor.py` is a test utility and not part of the deployed MCP server. No obvious vulnerabilities like arbitrary `eval` from user input were found in the main server logic. Requires typical file system and network permissions for its intended function.
Updated: 2025-11-26GitHub
41
26
Medium Cost
angrysky56 icon

ast-mcp-server

by angrysky56

Sec8

Provides an MCP (Model Context Protocol) server for code structure and semantic analysis using ASTs and ASGs, integrated with external AI clients like Claude Desktop.

Setup Requirements

  • ⚠️Requires Python 3.12 or higher.
  • ⚠️Requires manual building of Tree-sitter language parsers (`uv run build-parsers`).
  • ⚠️An OpenAI/OpenRouter API key (`OPENROUTER_API_KEY`) is required for LLM-powered features (USS Agent, AI summaries), incurring external costs.
  • ⚠️Optional Neo4j database setup and credentials are required for graph storage and advanced querying features.
  • ⚠️The `ast-grep-cli` tool needs to be available in the system's PATH for code transformation features, potentially requiring a separate installation.
Verified SafeView Analysis
The project uses `subprocess.run` to execute the `ast-grep` CLI tool for code transformation. This is handled by passing arguments as a list (not `shell=True`), which mitigates direct shell injection risks. However, executing external binaries with user-provided patterns/replacements inherently carries a risk, which depends on the trustworthiness of the `ast-grep` tool itself and the sanitization of user input by the client. Neo4j and OpenRouter API keys are correctly managed via environment variables. Multiple development-related scripts utilize `sys.path.insert(0, os.getcwd())`, a practice that can introduce path-based vulnerabilities if the current working directory is untrusted, though in a local development context, this is less critical.
Updated: 2026-01-19GitHub
41
19
Low Cost
biocontext-ai icon

registry

by biocontext-ai

Sec2

Registry for discovering Model Context Protocol (MCP) servers relevant to biomedical research, facilitating tool discovery and integration for AI assistants.

Setup Requirements

  • ⚠️Requires `uv` (a Python package installer/executor) and `pre-commit` for local development and validation setup.
  • ⚠️The registry's validation process can trigger local execution of arbitrary external commands (including downloading and running remote scripts) specified within the `mcp.json` configuration files of submitted MCP servers. Running the validation requires a highly isolated and secure environment.
  • ⚠️`yq` (a YAML processor) is required for the `build.sh` script to generate the `registry.json` file.
Review RequiredView Analysis
The core validation scripts (`src/schema_validation/get_mcp_tools.py` called by `check_remote_urls.py` and `filter_remote_urls.py`) are designed to interact with and list tools from user-provided MCP server configurations. If an `mcp.json` file specifies a `command` and `args` (e.g., using `uvx` or `npx` to download and execute remote Python/Node.js scripts, as seen in `servers/vrtejus-pymol-mcp/mcp.json`), the registry's automated validation pipeline will attempt to execute these arbitrary commands locally. This constitutes a severe remote code execution vulnerability for anyone running the registry's validation system against untrusted or malicious `meta.yaml` and `mcp.json` submissions.
Updated: 2026-01-12GitHub
41
25
Medium Cost
algolia icon

mcp

by algolia

Sec9

The MCP server acts as an intermediary, enabling Large Language Models (LLMs) to interact with Algolia's various APIs for search, analytics, A/B testing, query suggestions, recommendations, monitoring, and usage data.

Setup Requirements

  • ⚠️Requires Go (GoLang) to build and run the server.
  • ⚠️Mandatory Algolia API credentials (ALGOLIA_APP_ID, ALGOLIA_API_KEY, ALGOLIA_INDEX_NAME) must be provided as environment variables. ALGOLIA_WRITE_API_KEY is also required for write operations, implying a paid Algolia account for full functionality.
  • ⚠️Requires a Model Context Protocol (MCP) host or inspector (e.g., Claude Desktop, @modelcontextprotocol/inspector, or mark3labs/mcphost) to interact with the server's exposed tools.
Verified SafeView Analysis
The server correctly retrieves Algolia API credentials (application ID, API keys, index name) from environment variables, preventing hardcoded secrets. Outbound HTTP requests are made to legitimate Algolia API endpoints. No 'eval' or similar dynamic code execution patterns are observed. The underlying `mcp-go` library for Model Context Protocol is also used, which is a standard approach for this kind of server. Overall, the code appears robust against common security vulnerabilities for its stated purpose.
Updated: 2025-11-27GitHub
41
27
Medium Cost
Couchbase-Ecosystem icon

mcp-server-couchbase

by Couchbase-Ecosystem

Sec9

An MCP server enabling LLMs to interact directly with Couchbase clusters for data operations, schema retrieval, and query performance analysis.

Setup Requirements

  • ⚠️Requires a running Couchbase cluster (e.g., Capella free tier).
  • ⚠️Requires Python 3.10 or higher and 'uv' package manager installed.
  • ⚠️Authentication to the Couchbase cluster is critical, requiring either username/password or client certificates via environment variables or CLI arguments.
Verified SafeView Analysis
The server transparently prevents data/structure modification via SQL++ queries by default (CB_MCP_READ_ONLY_QUERY_MODE=true) using `lark_sqlpp` for query parsing and validation. Authentication credentials are sourced from environment variables or CLI arguments, preventing hardcoded secrets. Network communication for index management uses HTTPS with appropriate SSL verification mechanisms. Key-Value operations (upsert, delete) can still modify data even in read-only query mode, which is clearly documented. No 'eval' or malicious patterns were found.
Updated: 2026-01-16GitHub
41
25
Low Cost
alexwohletz icon

language-server-mcp

by alexwohletz

Sec3

Provides language support features like hover information, code completion, and diagnostics for code editing through the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires specific language servers (e.g., `typescript-language-server`, `pyright`) to be pre-installed on the system.
  • ⚠️Requires configuring language server commands and arguments via environment variables (e.g., `TYPESCRIPT_SERVER='{"command": "typescript-language-server", "args": ["--stdio"]}'`) before running.
  • ⚠️Tools require an accurate `projectRoot` parameter for correct language server operation, which can be challenging for an agent to determine consistently.
Review RequiredView Analysis
The server dynamically spawns external language server processes based on configurations read from environment variables (e.g., `process.env.TYPESCRIPT_SERVER`). If an attacker can control these environment variables, they could inject arbitrary shell commands to be executed by the `child_process.spawn` call, leading to remote code execution. While the README implies user configuration for local development, in an automated or untrusted AI agent context, this presents a significant command injection vulnerability. Uses of `eval` found in coverage report utility files are not part of the core server's runtime logic.
Updated: 2025-11-26GitHub
41
15
High Cost
TheInformationLab icon

tableau_mcp_starter_kit

by TheInformationLab

Sec7

Provides a powerful AI integration for Tableau Server/Cloud, enabling natural language querying and interaction with Tableau data via a web interface or dashboard extension.

Setup Requirements

  • ⚠️Requires Tableau Server Version 2025.1+ or Tableau Cloud.
  • ⚠️Requires Python 3.12+ and Node.js (tested with 22.15.0 LTS) with npm installed.
  • ⚠️Requires an OpenAI API Key (paid service) and Tableau Personal Access Token (PAT) for default operation.
  • ⚠️The `TABLEAU_MCP_FILEPATH` environment variable must be manually set to the local build path of the `tableau-mcp` repository (or `tableau-mcp-experimental` for dashboard extension mode).
Verified SafeView Analysis
The default configuration sends data from Tableau to an external AI model (OpenAI). The README explicitly warns about this data egress risk and recommends using a local AI model for sensitive data. Personal Access Tokens (PATs) for Tableau are stored in the .env file, which is protected by .gitignore, but still requires secure handling. The `TABLEAU_MCP_FILEPATH` points to a local Node.js build, whose integrity depends on the upstream `tableau-mcp` (and `tableau-mcp-experimental`) repositories and secure build practices.
Updated: 2025-12-01GitHub
41
27
Medium Cost
ivelin-web icon

tempo-mcp-server

by ivelin-web

Sec9

Manages Tempo worklogs in Jira via a Model Context Protocol (MCP) server, allowing time tracking and worklog operations through MCP-compatible clients.

Setup Requirements

  • ⚠️Requires Node.js 18+ (LTS recommended).
  • ⚠️Requires manual generation of Tempo API Token and Jira API Token with appropriate permissions.
  • ⚠️JIRA_EMAIL is mandatory for Basic Authentication, necessitating careful configuration of JIRA_AUTH_TYPE.
  • ⚠️JIRA_TEMPO_ACCOUNT_CUSTOM_FIELD_ID is required if Tempo mandates account linking to Jira issues, requiring manual lookup of the custom field ID.
Verified SafeView Analysis
The server uses Zod for robust input validation on all tool parameters and environment variables, mitigating common injection risks. Sensitive API tokens and credentials are strictly sourced from environment variables, preventing hardcoding. Authentication for Jira supports both basic (email:token) and bearer (OAuth 2.0) methods securely. Error handling logs details internally and returns user-friendly messages to the client, limiting information exposure. No 'eval' or obvious obfuscation patterns were found.
Updated: 2025-12-04GitHub
PreviousPage 88 of 760Next