Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

99
982
High Cost
openops-cloud icon

openops

by openops-cloud

Sec7

OpenOps is a No-Code FinOps automation platform that helps organizations reduce cloud costs, streamline financial operations, and automate key FinOps processes through customizable workflows and AI capabilities.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose for local or self-hosted deployments.
  • ⚠️Critical: For self-hosted deployments, manual generation and configuration of sensitive environment variables (e.g., OPS_ENCRYPTION_KEY, OPS_JWT_SECRET, admin passwords) are required, as placeholders are provided.
  • ⚠️Requires Node.js versions 18 or 20 for development setup.
  • ⚠️Cloud provider (AWS, Azure, GCP) credentials/service accounts are necessary for activating respective integration blocks.
Verified SafeView Analysis
The platform inherently executes external commands for integrations (e.g., `gcloud`, `az`, `aws`) using `child_process.spawn` and `execFile`. `eval` is utilized for dynamic module loading of blocks in development mode, which is a potential risk but restricted to that context. Hardcoded secrets in `deploy/helm/openops/values.yaml` are explicitly marked as placeholders (`please-change-this-secret`) requiring user replacement, which is a good practice. `docker-entrypoint.sh` and `tools/link-packages.sh` perform sensitive actions like `npm install` and `rm -rf node_modules`, typically executed in trusted build/deployment environments.
Updated: 2026-01-19GitHub
99
1008
Medium Cost
containers icon
Sec9

Facilitates AI agent interaction with Kubernetes and OpenShift clusters by exposing management and observability tools via the Model Context Protocol.

Setup Requirements

  • ⚠️Requires access to a Kubernetes or OpenShift cluster with `kubectl` installed and configured.
  • ⚠️Initial setup of a dedicated ServiceAccount and RBAC (requiring cluster-admin permissions) is highly recommended for secure operation.
  • ⚠️If enabling the Kiali toolset, a Kiali instance must be running and its URL (and optionally a CA certificate path) must be configured.
  • ⚠️ServiceAccount tokens are time-bound and will require periodic renewal for long-running operations.
Verified SafeView Analysis
The server is implemented in Go, directly interacting with the Kubernetes API, which is generally more secure than shell-based wrappers. It features robust OAuth/OIDC authentication with token exchange capabilities, can enforce read-only operation, and allows disabling destructive tools. A critical security feature is the `AccessControlRoundTripper` which enables fine-grained denial of specific Kubernetes resources at the API proxy level, regardless of the ServiceAccount's broader permissions. Deployment guides recommend using dedicated, least-privileged ServiceAccounts. Sensitive data redaction in logs is also implemented. The main binaries are distributed via npm/PyPI wrappers that `spawn` the native Go executable, which is a common and acceptable pattern for such distributions. No direct 'eval' or obvious malicious patterns were found.
Updated: 2026-01-19GitHub
99
809
Medium Cost
microsoft icon

wassette

by microsoft

Sec9

A security-oriented runtime that runs WebAssembly Components via the Model Context Protocol (MCP), enabling AI agents to securely extend their capabilities with sandboxed tools.

Setup Requirements

  • ⚠️Requires Rust toolchain (1.75.0+ with wasm32-wasip2 target) for building Rust components.
  • ⚠️Python components require `uv` and `componentize-py` tooling.
  • ⚠️Go components require `TinyGo` (0.32+) and `wit-bindgen-go` tooling.
  • ⚠️Components run with deny-by-default permissions; explicit policies for network, storage, and environment variables must be granted (via CLI, manifest, or AI agent interaction) for components to access host resources.
Verified SafeView Analysis
Wassette is designed with a strong security model, leveraging WebAssembly sandboxing, deny-by-default fine-grained permissions (filesystem, network, environment variables), and runtime policy enforcement. It supports OCI digest verification for component integrity. Built-in tools for permission management promote least privilege. Structured logging with sensitive data redaction further enhances auditability. The core runtime itself is very secure. The main security caveat noted in the documentation is that certain example components, like 'eval-py', use inherently dangerous functions (e.g., `eval()`) which, if used with overly permissive policies or untrusted inputs, could lead to arbitrary code execution *within the component's sandbox*. Users are explicitly warned about this, emphasizing the importance of carefully vetting components and their granted permissions.
Updated: 2026-01-13GitHub
99
870
Low Cost
inkeep icon

agents

by inkeep

Sec3

This MCP (Model Context Protocol) Server acts as a proxy for the Inkeep Agent Framework's Management API. It exposes administrative functionalities (e.g., CRUD operations for agents, projects, tools, and credentials) via the MCP protocol, allowing other clients or agents to interact with the Inkeep Management API through a standardized interface.

Setup Requirements

  • ⚠️Requires a running Inkeep Management API backend (configured via `SDK_DEFAULT_BASE_URL`).
  • ⚠️Requires appropriate authentication credentials (e.g., API keys, Nango secrets) for its upstream calls to the Inkeep Management API to be supplied via environment variables.
  • ⚠️No built-in authentication for incoming HTTP requests; must be secured by an external proxy or gateway.
  • ⚠️Requires Node.js runtime and build environment for compilation and execution.
Review RequiredView Analysis
This MCP server exposes highly privileged administrative functionalities (e.g., creating, updating, deleting projects, agents, credentials). When configured to run as an HTTP server (`--transport=http`), the source code does not implement built-in authentication or authorization for *incoming* requests. It relies entirely on external security measures (e.g., being deployed as a trusted internal service, or behind an API Gateway/Load Balancer that enforces authentication and authorization). If exposed directly to the internet without such external safeguards, it would grant any caller full administrative control over the Inkeep Agent Framework instance it connects to via its configured upstream API keys and URLs. This is a critical security risk if not deployed correctly within a secured ecosystem.
Updated: 2026-01-19GitHub
99
922
Low Cost
rohitg00 icon
Sec10

A curated list of Model Context Protocol (MCP) servers focused on DevOps tools and capabilities, enabling AI models to discover and interact with various local and remote resources.

Verified SafeView Analysis
The provided source code consists solely of Markdown documentation files (README.md, CONTRIBUTING.md) which are not executable. Therefore, there are no inherent security risks such as 'eval', obfuscation, network vulnerabilities, hardcoded secrets, or malicious patterns within this repository's own code.
Updated: 2026-01-13GitHub
99
813
Low Cost
mcpjungle icon

MCPJungle

by mcpjungle

Sec3

MCPJungle is a self-hosted Model Context Protocol (MCP) Gateway that allows developers to register and manage various MCP servers and their tools from a central location, enabling AI agents to discover and consume these tools from a single gateway.

Setup Requirements

  • ⚠️Requires Homebrew for MacOS installation due to binary not being notarized.
  • ⚠️Custom Docker images are needed if STDIO-based MCP servers rely on tools other than `npx` or `uvx`.
  • ⚠️Running STDIO-based filesystem MCP servers in Docker requires explicit host filesystem volume mounting (e.g., `- .:/host:ro`).
  • ⚠️When creating MCP clients or users from a configuration file, a custom access token MUST be provided, as the CLI cannot display an auto-generated one.
  • ⚠️Tool Groups do not currently support prompts or updates, requiring deletion and recreation for changes.
Review RequiredView Analysis
The server allows registration and execution of STDIO-based MCP servers, meaning it can execute arbitrary commands on the host machine if an attacker can register an MCP server. This is a critical risk unless strict isolation (e.g., Docker with restricted volumes) and robust access control (Enterprise mode) are properly configured. The `docker-compose.prod.yaml` includes hardcoded default credentials for PostgreSQL and pgAdmin ('mcpjungle' / 'mcpjungle' and 'admin@admin.com' / 'admin' respectively), which are highly insecure for production deployment and must be changed immediately.
Updated: 2026-01-19GitHub
99
837
Low Cost
hyper-mcp-rs icon

hyper-mcp

by hyper-mcp-rs

Sec9

A fast, secure Model Context Protocol (MCP) server that extends its capabilities through WebAssembly plugins, enabling AI agents to access tools, resources, and prompts.

Setup Requirements

  • ⚠️Requires `hyper-mcp` executable to be built or downloaded for execution.
  • ⚠️Docker is required for building and distributing plugins as OCI images.
  • ⚠️S3 plugin loading requires AWS credentials (`AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, etc.) to be set in the environment.
  • ⚠️OCI image loading performs signature verification by default; custom Sigstore trust roots (Rekor/Fulcio keys) may be needed if not using the default TUF data. System keyring integration for auth requires specific OS tools (e.g., `security` on macOS, `secret-tool` on Linux, `cmdkey` on Windows) to be installed and configured.
Verified SafeView Analysis
Plugins run in a WebAssembly sandbox provided by Extism, with configurable resource limits (memory, execution time), allowed network hosts, and allowed filesystem paths. OCI plugin images are cryptographically verified by Sigstore by default upon loading, adding a strong layer of supply chain security. An explicit `--insecure-skip-signature` flag exists but is clearly labeled as insecure. Host functions exposed to plugins (e.g., for logging, progress, eliciting user input) are controlled, minimizing direct plugin access to the host system. Authentication details, including sensitive credentials, can be loaded from configuration files, environment variables, or system keyrings (macOS, Linux, Windows), avoiding hardcoding.
Updated: 2026-01-19GitHub
99
875
Medium Cost

mcp-framework

by QuantGeekDev

Sec8

This repository provides a framework for integrating and managing OAuth authentication within a server application, potentially involving HTTP streaming.

Setup Requirements

  • ⚠️Requires Node.js and npm/yarn for development and execution.
  • ⚠️External API keys for services like Claude AI (if enabled via .env.claude-ai) and AWS Cognito (if enabled via .env.example.cognito) may be required.
  • ⚠️Extensive configuration and understanding of OAuth flows and security best practices will be necessary for proper setup and deployment.
Review RequiredView Analysis
The project extensively documents OAuth implementation and includes a 'SECURITY_AUDIT.md', suggesting a strong focus on security. However, without direct code access, deeper analysis for 'eval', obfuscation, or specific network vulnerabilities is not possible. OAuth frameworks are inherently security-critical and require careful implementation.
Updated: 2025-11-18GitHub
99
936
High Cost
robotmcp icon

ros-mcp-server

by robotmcp

Sec4

Enables large language models (LLMs) to bidirectionally control and observe robots operating on ROS or ROS2 by translating natural language commands into robot actions and providing real-time sensor data feedback.

Setup Requirements

  • ⚠️Requires ROS1 or ROS2 installation and a running `rosbridge_server` on the target robot/machine.
  • ⚠️Requires Python 3.10+ and pip 23.0+ for installation and operation.
  • ⚠️Requires specific configuration in the LLM client (e.g., Claude Desktop, Gemini CLI, Cursor IDE, ChatGPT Desktop) to integrate with the MCP server.
Review RequiredView Analysis
The server's core functionality relies on connecting to `rosbridge_server`, which by default lacks authentication, potentially allowing unauthorized command execution on the robot. The MCP server itself can expose an unauthenticated HTTP/Streamable-HTTP interface, especially when configured with `--host 0.0.0.0` or used with tunneling services like `ngrok` (as shown in examples), leading to high network exposure risks. The project explicitly states that 'Permission controls' are 'soon-to-be-implemented,' indicating a known missing security feature for safer deployments. Image data is saved to a fixed, overwritten local file (`./camera/received_image.jpeg`), which could be a denial-of-service vector if extremely large images are repeatedly streamed, though limited by the overwrite mechanism.
Updated: 2026-01-19GitHub
99
918
Medium Cost

mcp-server-mysql

by benborla

Sec6

A backend server application for a Modular Control Platform (MCP) or Microservice Control Plane, likely built with Node.js/TypeScript and integrating with MySQL, potentially featuring AI/LLM evaluation capabilities.

Setup Requirements

  • ⚠️Requires a running MySQL database instance.
  • ⚠️Requires Node.js and pnpm for local development.
  • ⚠️Potentially requires an LLM API key (e.g., Claude) if LLM integration is active.
Review RequiredView Analysis
The presence of 'evals.ts' indicates potential dynamic code execution, which poses a significant security risk if not rigorously sandboxed and input-validated. As a server application, it also faces inherent network exposure and requires secure handling of database credentials.
Updated: 2025-11-18GitHub
99
758
High Cost
chunkhound icon

chunkhound

by chunkhound

Sec8

Provides local-first codebase intelligence, extracting architecture, patterns, and institutional knowledge for AI assistants.

Setup Requirements

  • ⚠️Requires Python 3.10+ and 'uv' package manager.
  • ⚠️API keys are required for cloud-based embedding (VoyageAI, OpenAI) and LLM (Anthropic, OpenAI) providers, incurring costs.
  • ⚠️Integration with local LLMs (Ollama, LM Studio) requires a running local server.
  • ⚠️The 100% AI-generated codebase may imply unique contribution and debugging workflows for human developers.
  • ⚠️May encounter DuckDB-specific database corruption issues, requiring WAL file cleanup.
Verified SafeView Analysis
The project emphasizes 'local-first' to keep code on the user's machine, enhancing privacy. It integrates with various external LLM/embedding providers (OpenAI, Anthropic, VoyageAI) and local CLI tools (Claude Code CLI, Codex CLI, Ollama), which inherently introduces dependencies on external services. The use of `subprocess` for CLI tools appears to be managed with sanitization and validation, mitigating risks of arbitrary code execution from untrusted input. The '100% AI-generated codebase' claim is unusual but the project states a focus on production quality and human guidance.
Updated: 2026-01-19GitHub
99
891
Medium Cost
mongodb-js icon

mongodb-mcp-server

by mongodb-js

Sec9

Provides a robust AI agent interface for interacting with MongoDB databases and MongoDB Atlas cloud services, enabling tool-calling for data management, monitoring, and search operations.

Setup Requirements

  • ⚠️Requires Azure CLI (2.55.0+) for Bicep deployment on Azure.
  • ⚠️Requires MongoDB MCP server container image (e.g., mongodb/mongodb-mcp-server:1.2.0) if deploying to Azure Container Apps or via Docker.
  • ⚠️Requires Docker daemon to be running for 'atlas-local' tools.
  • ⚠️Requires MongoDB Atlas API credentials (MDB_MCP_API_CLIENT_ID, MDB_MCP_API_CLIENT_SECRET) for 'atlas' category tools.
  • ⚠️Requires VoyageAI API Key (MDB_MCP_VOYAGE_API_KEY) for vector search text-to-embedding conversions.
Verified SafeView Analysis
The server implements several security measures including: explicit warnings for untrusted data in responses, configurable read-only mode, confirmation for destructive tools, temporary database user creation for Atlas connections, and validation of Atlas API credentials. It also warns about insecure HTTP host bindings. Secrets are handled via a Keychain for redaction in logs. However, inherent risks of exposing an API exist, and client-side handling of `postMessage` (for UI iframes) is critical for full security, which is outside the server's direct control. Query parameter overrides are explicitly blocked for secret fields, enhancing security.
Updated: 2026-01-19GitHub
PreviousPage 9 of 760Next