Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(7756)

41
20
Medium Cost
teaguesterling icon

duckdb_mcp

by teaguesterling

Sec8

Integrate SQL databases with Model Context Protocol (MCP) servers, enabling DuckDB to act as both an MCP client (consuming resources/tools) and an MCP server (publishing data/tools).

Setup Requirements

  • ⚠️Requires DuckDB to be installed.
  • ⚠️Building the extension requires a local C++ development environment (make, compilers).
  • ⚠️Windows support for `StdioTransport` (process-based communication) is currently not implemented, limiting server-side features on Windows.
  • ⚠️MCP server processes (e.g., Python scripts) must be separately installed, made executable, and their paths explicitly allowlisted via `SET allowed_mcp_commands='...'` for secure operation.
Verified SafeView Analysis
The extension implements a robust security framework for `ATTACH` and server startup operations. It uses an allowlist (`allowed_mcp_commands`) for executable paths, sanitizes arguments to prevent shell injection (`..`, `|`, `;`, `&`, etc.), and can lock server configurations (`mcp_lock_servers`) to prevent runtime changes. The `StdioTransport` internally uses `execvp`, which is protected by these pre-execution validations. Server-side tools like `execute` (for DDL/DML) are disabled by default and have granular permission controls. The `mcp_disable_serving` option allows a client-only mode, further reducing attack surface. However, as it executes external binaries, careful configuration of `allowed_mcp_commands` is critical. Leaving the system in 'permissive mode' (no security settings configured) allows arbitrary command execution, which is not recommended for production environments.
Updated: 2025-12-09GitHub
41
21
Low Cost

mcp-server

by thoughtspot

Sec7

Provides secure OAuth-based authentication and a set of tools for querying and retrieving data from ThoughtSpot instances, acting as a Model Context Protocol (MCP) server for integration with various Large Language Models (LLMs).

Setup Requirements

  • ⚠️Requires a ThoughtSpot account and a TS_AUTH_TOKEN for API access or self-hosted deployments.
  • ⚠️For local development or stdio support, Node.js version >=18 is required.
  • ⚠️Proper configuration of CORS and SAML redirect domains in the ThoughtSpot instance is necessary for successful OAuth flows.
Verified SafeView Analysis
The server handles sensitive OAuth credentials and bearer tokens (e.g., TS_AUTH_TOKEN, OPENAI_API_KEY), requiring careful management by the user/deployer. It explicitly outlines configurations for CORS and SAML within ThoughtSpot instances, indicating a design focus on secure web interactions. As a self-hosted option is available, the security of the deployment environment and credential handling shifts to the user.
Updated: 2025-11-17GitHub
40
16
High Cost
hrrrsn icon

mcp-vnc

by hrrrsn

Sec9

Enables AI agents to remotely control and automate actions on Windows, Linux, or macOS desktops via VNC.

Setup Requirements

  • ⚠️Requires an external VNC server instance to be running on the target machine.
  • ⚠️Node.js version >= 22.0.0 is required.
  • ⚠️Requires VNC_HOST, VNC_PORT, and optionally VNC_PASSWORD to be set as environment variables for connection.
Verified SafeView Analysis
The server correctly uses environment variables for sensitive VNC connection details (host, port, password) instead of hardcoding. Input for mouse clicks, key presses, and text typing is carefully parsed and mapped to VNC protocol events, preventing direct command injection. The project utilizes standard libraries (`@computernewb/nodejs-rfb`, `sharp`) and doesn't contain obvious malicious patterns, 'eval' usage, or unnecessary dangerous system calls. The primary security consideration lies in the inherent risk of granting remote control via VNC to an AI agent, requiring robust security measures on the VNC server side (strong passwords, network isolation) and secure sandboxing for the AI agent itself. The `src/test.ts` file uses `child_process.spawn` for testing, but with hardcoded, safe arguments.
Updated: 2025-12-13GitHub
40
45
High Cost
ScrapeGraphAI icon

scrapegraph-mcp

by ScrapeGraphAI

Sec9

Provides a Model Context Protocol (MCP) server that integrates with ScrapeGraph AI, enabling language models to perform advanced AI-powered web scraping and structured data extraction across single pages, multiple pages, and search results.

Setup Requirements

  • ⚠️Requires Python 3.10+ to run.
  • ⚠️Requires a ScrapeGraph API Key, which consumes paid credits on the ScrapeGraph AI platform for each scraping operation.
  • ⚠️Windows users may need to prepend `C:\Windows\System32\cmd.exe /c` to the `npx run` command for direct execution outside of integrated clients.
Verified SafeView Analysis
The server securely handles API keys via environment variables or configuration, avoiding hardcoded secrets. It utilizes `json.loads` for parsing input schemas and step instructions, which is safer than `eval`. Outbound network requests are exclusively directed to the official ScrapeGraph AI API (`https://api.scrapegraphai.com/v1`). The primary security considerations relate to the security of the remote ScrapeGraph AI API and secure deployment practices (e.g., protecting the API key) rather than intrinsic vulnerabilities within this server's code.
Updated: 2025-11-19GitHub
40
3
High Cost

dbt-core-mcp

by NiclasOlofsson

Sec9

Enhances AI assistants (like Copilot) to intelligently interact with dbt projects by executing commands and providing project metadata, lineage, and compiled SQL, respecting the user's local environment.

Setup Requirements

  • ⚠️Requires Python 3.9 or higher to be installed.
  • ⚠️Requires `uv` (recommended) or `pipx` to be installed for server execution.
  • ⚠️Your dbt project must use dbt Core 1.9.0 or higher, along with a compatible dbt adapter installed in your project's environment.
Verified SafeView Analysis
The server's primary function is to act as a bridge, executing dbt commands within the user's environment. It does not introduce new arbitrary execution capabilities beyond what dbt itself allows. Risks are primarily associated with the security of the user's dbt project and its underlying environment/database connections, rather than vulnerabilities in the MCP server itself. It relies on `uvx` or `pipx` for execution, which are standard Python package runners. No explicit 'eval' or obfuscation found.
Updated: 2025-11-17GitHub
40
21
Low Cost
chenyeju295 icon

mcp_generate_images

by chenyeju295

Sec9

Generate images using Volcengine Doubao model, integrated with Cursor IDE.

Setup Requirements

  • ⚠️Requires a paid Volcengine API Key (ARK_API_KEY).
  • ⚠️Requires 'uv' package manager installed.
  • ⚠️Requires 'volcengine-python-sdk[ark]' dependency.
  • ⚠️Save folder path must be absolute and have write permissions.
Verified SafeView Analysis
API key (ARK_API_KEY) is correctly handled via environment variables, not hardcoded. Robust path validation (`validate_save_path`) is implemented to prevent path traversal and ensure write permissions. Image downloads from external Volcengine URLs are handled with appropriate error checking and timeouts. No 'eval' or other direct code execution vulnerabilities were found.
Updated: 2025-12-02GitHub
40
2
High Cost
quanticsoul4772 icon

mcplint

by quanticsoul4772

Sec9

A comprehensive security and quality assurance platform for Model Context Protocol (MCP) servers, supporting protocol validation, vulnerability scanning, fuzzing, and AI-assisted explanations to integrate security into development pipelines.

Setup Requirements

  • ⚠️Requires API keys for commercial AI providers (Anthropic, OpenAI) if AI explanation features are enabled and a local Ollama setup is not used. These are paid services.
  • ⚠️Requires a locally running Ollama server instance if 'ollama' is chosen as the AI provider.
  • ⚠️Building from source requires a Rust toolchain (typically installed via rustup).
  • ⚠️Optional Neo4j integration (if `neo4j` feature is enabled during compilation) requires a running Neo4j database and associated configuration environment variables (NEO4J_URI, NEO4J_USERNAME, NEO4J_PASSWORD, NEO4J_DATABASE).
  • ⚠️Optional Voyage AI integration (used for Neo4j embeddings) requires an API key (VOYAGE_API_KEY), which is a paid service.
Verified SafeView Analysis
The MCPLint tool itself demonstrates strong security practices in its implementation, such as secure handling of API keys via environment variables or configuration files, robust JSON schema validation, and compartmentalized modules. It functions as a security scanner, interacting with user-specified MCP servers for testing. While this involves executing external commands (via `stdio` transport) or connecting to remote endpoints, these interactions are managed with safety mechanisms like timeouts and resource limits. No `eval` equivalents, direct code injection vulnerabilities, or hardcoded secrets were identified in the Rust source. The fuzzer is designed to intentionally generate potentially malicious inputs, but these are directed at the *target server* under test, not executed within MCPLint's core logic.
Updated: 2025-12-14GitHub
40
8
Low Cost
enuno icon
Sec9

A Model Context Protocol (MCP) server exposing the UniFi Network Controller API, enabling AI agents and applications to interact with UniFi network infrastructure in a standardized way.

Setup Requirements

  • ⚠️Requires UniFi API Key (UNIFI_API_KEY) from unifi.ui.com, which can be sensitive.
  • ⚠️For full features, requires UNIFI_API_TYPE=local and UNIFI_LOCAL_HOST=<gateway-ip> for direct access to your UniFi gateway on the local network.
  • ⚠️Requires Python 3.10+.
  • ⚠️Optional Redis caching requires a running Redis instance and corresponding environment variables (REDIS_HOST, REDIS_PORT, REDIS_DB, REDIS_PASSWORD).
Verified SafeView Analysis
The server demonstrates good security practices by loading API keys and secrets from environment variables, enforcing SSL verification for cloud APIs (and configurable for local), implementing rate limiting, and including webhook signature verification. No 'eval' or obvious malicious patterns were found. Audit logging is enabled by default for mutating operations. The primary risk is granting the server access to sensitive network configuration via the UniFi API key, which is inherent to its function.
Updated: 2025-12-02GitHub
40
17
Low Cost
roman icon

mcps.nix

by roman

Sec9

A curated library of Model Context Protocol (MCP) server presets for Claude Code, designed to integrate seamlessly with Nix-based configuration management tools like devenv and Home Manager.

Setup Requirements

  • ⚠️Requires the Nix package manager and integrates specifically with either devenv or Home Manager.
  • ⚠️Enabling certain MCP servers requires specific API keys or tokens for external services (e.g., GitHub, Asana), which may involve subscriptions or account setup for those services.
  • ⚠️Assumes an existing setup of Claude Code and potentially an Anthropic Claude API key for full integration functionality.
Verified SafeView Analysis
The project emphasizes strong security practices, including support for reading API tokens from files rather than environment variables, explicit path restrictions for filesystem access, and a commitment to not exposing credentials in the Nix store. No 'eval' or malicious patterns were found in the provided source code snippets. The security of the overall system relies on the user's correct configuration and the trustworthiness of the upstream MCP servers.
Updated: 2025-12-09GitHub
40
22
Medium Cost
seanivore icon

mcp-file-preview

by seanivore

Sec3

This server provides capabilities to preview local HTML files by capturing full-page screenshots and analyzing their structural content.

Setup Requirements

  • ⚠️Hardcoded Absolute Screenshot Directory: The server attempts to save screenshots to a hardcoded absolute path (`/Users/seanivore/Projects/mcp-file-preview/screenshots`). This must be manually changed in `src/index.ts` for the server to function correctly in any other environment.
  • ⚠️Puppeteer Requirements: Running Puppeteer can be resource-intensive (CPU, memory) and requires significant disk space for the Chromium browser binary. The host system must have the necessary libraries for Chromium to run.
  • ⚠️Specific Local File Structure for CSS: The `preview_file` tool expects `style.css` one directory up from the HTML file and `[filename].css` in the same directory. This specific structure might not apply to arbitrary HTML files, leading to unstyled previews or errors.
Review RequiredView Analysis
1. Arbitrary Local File Access (High Risk): The `preview_file` and `analyze_content` tools accept `filePath` directly from user input. This allows an MCP client to request reading or screenshotting any file on the host system where the server is running, given the server's process permissions, potentially leading to information disclosure (Local File Inclusion). 2. Hardcoded Absolute Screenshot Path (Critical Flaw/Misconfiguration): The server saves screenshots to a hardcoded absolute path: `/Users/seanivore/Projects/mcp-file-preview/screenshots`. This path is specific to a developer's machine and user. For anyone else to use this server, this path *must* be manually changed in the source code. Otherwise, it will likely fail to write screenshots or attempt to write to an inaccessible/unintended location. 3. Content Security Policy (CSP) Bypass (Medium Risk): The `page.setBypassCSP(true)` call disables a crucial browser security feature. If the HTML content being previewed contains malicious scripts, they could execute without CSP restrictions, potentially interacting with local filesystem or network resources available to the Puppeteer instance. 4. Path Traversal in CSS Injection (Potential): The server attempts to inject CSS files using relative paths (`path.join(baseDir, '..', 'style.css')`). A maliciously crafted `filePath` containing path traversal sequences (e.g., `../../`) could potentially lead to reading unintended CSS files from other system directories, exacerbating the LFI risk.
Updated: 2025-11-29GitHub
40
10
Low Cost
shinzo-labs icon

shinzo-py

by shinzo-labs

Sec9

Provides OpenTelemetry-compatible observability for Python MCP servers, offering insights into agent usage patterns, contextualized tool calls, and server performance analysis.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️This is an SDK, not a standalone server; it requires an existing MCP server (FastMCP or Traditional MCP) instance to instrument.
  • ⚠️For telemetry export to a backend, authentication (e.g., a bearer token or API key) must be configured in `exporter_auth` with a valid token/key.
Verified SafeView Analysis
The SDK is well-structured and includes PII sanitization as a security feature. It uses `httpx` for network communication to a configurable OTLP endpoint. Authentication (bearer, API key, basic) is handled using user-provided credentials within the configuration. No direct usage of `eval`, obfuscation, or hardcoded secrets were found. The primary security consideration is ensuring the user configures a trusted telemetry endpoint and securely manages their authentication tokens/keys, as is standard practice for observability tools.
Updated: 2025-12-10GitHub
40
12
Low Cost
hyprmcp icon
Sec8

Generates installation instructions for Model Context Protocol (MCP) servers across various client applications and development tools.

Setup Requirements

  • ⚠️Requires Node.js (version 24 recommended by mise.toml, dependencies specify >=18).
  • ⚠️Generated instructions for 'Codex' target explicitly require Docker for manual installation, though not for running the generator itself.
Verified SafeView Analysis
The web component's markdown processing uses `allowDangerousHtml: true`, which carries inherent risks if user-provided input were directly rendered as raw HTML. However, the application's design appears to mitigate this by generating markdown from templates where user inputs (URL, name) are either URL-encoded, JSON.stringified, or embedded as literal text within markdown code blocks or inline code, reducing the likelihood of malicious HTML injection. Direct text insertion into manual config snippets (e.g., Codex TOML) could theoretically allow injection if malicious inputs are crafted, but this is presented for manual copy-pasting, not executed by the server itself. URLs are validated with `z.string().url()` in the MCP server context.
Updated: 2025-12-14GitHub
PreviousPage 89 of 647Next