Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(7756)

40
9
High Cost
NewToolAI icon

imgenx

by NewToolAI

Sec8

AI image and video generation and processing, functioning as a command-line tool or MCP server.

Setup Requirements

  • ⚠️Requires API keys for Doubao (Volcengine) and/or Aliyun (Tongyi Qianwen) services (paid).
  • ⚠️Python 3.10+ is required.
  • ⚠️Specific environment variables (e.g., IMGENX_TEXT_TO_IMAGE, IMGENX_DOUBAO_API_KEY) must be configured for chosen providers and tasks.
Verified SafeView Analysis
API keys are handled via environment variables or HTTP headers, which is good practice. Network requests for external AI services and image/video downloads are performed, which inherently involves data transmission over the network. Input validation is present for some image operations but could be more robust. No 'eval' or obvious malicious patterns found.
Updated: 2025-11-24GitHub
40
21
Medium Cost
OctoMind-dev icon

octomind-mcp

by OctoMind-dev

Sec9

Enables AI agents to programmatically create, execute, and manage end-to-end tests on the Octomind platform.

Setup Requirements

  • ⚠️Requires `APIKEY` environment variable for Octomind API access.
  • ⚠️Node.js version 20.0.0 or higher is required.
  • ⚠️If using Redis for session storage, the `redis` npm package must be manually installed (`pnpm add redis`).
Verified SafeView Analysis
The server uses `zod` for robust input validation on all tool parameters, which is a strong security practice. API keys are managed through environment variables or request headers and are redacted from error logs. Session management supports both in-memory and Redis storage with optional expiration. A `PUBLIC_MINTLIFY_API_KEY` is hardcoded, but it's explicitly labeled as public and used for a search service, not for sensitive operations on the Octomind platform itself. No `eval` or obvious malicious code patterns were found.
Updated: 2025-12-12GitHub
40
16
Low Cost
ravitemer icon

mcp-registry

by ravitemer

Sec9

Manages, validates, and builds a centralized registry of Model Context Protocol (MCP) server configurations for client integration.

Setup Requirements

  • ⚠️Requires Node.js to run build/validation scripts.
  • ⚠️GitHub Personal Access Token (GITHUB_TOKEN or GITHUB_PAT) is highly recommended for the 'enrich' script to avoid strict GitHub API rate limits when fetching repository metadata.
  • ⚠️All server definition YAML files must strictly adhere to the defined Zod schema; validation failures will prevent the registry from building.
Verified SafeView Analysis
The repository's scripts (`build.js`, `validate.js`, `enrich.js`) primarily perform file parsing, schema validation, and data aggregation. The `js-yaml.load` function is used for internal YAML files, which are assumed to be trusted (as they are part of the repository itself, managed via pull requests). The `config` field within server definitions, while containing commands for clients to execute, is treated as a string and validated as valid JSON; these commands are not executed by the registry's scripts. The `enrich.js` script makes controlled network requests to the GitHub API and handles rate limiting. No `eval` or intentional obfuscation was found. The main security consideration is for consumers of the generated `registry.json` to safely execute the `command` and `args` specified in server configurations.
Updated: 2025-12-14GitHub
40
18
Low Cost
i-dot-ai icon

lex

by i-dot-ai

Sec8

Provides a UK legal research API with advanced search capabilities for legislation, caselaw, explanatory notes, and amendments, designed for integration with AI agents via the MCP protocol.

Setup Requirements

  • ⚠️Requires Azure OpenAI API Key and Endpoint (paid service for embeddings and LLM features, significant costs for ingestion pipeline)
  • ⚠️Requires a running Qdrant instance (local or cloud) for vector database storage and search
  • ⚠️Requires a Redis instance (local or Azure Cache for Redis) for caching and rate limiting
  • ⚠️Docker is highly recommended for local development and deployment due to dependencies (Qdrant, Redis, Python environment)
Verified SafeView Analysis
The server uses environment variables for sensitive credentials (API keys, passwords), which is a good practice. External API calls (legislation.gov.uk, caselaw.nationalarchives.gov.uk, Azure OpenAI/Qdrant) are handled by a custom HTTP client with caching and retry logic, indicating an attempt at robustness. Input URLs for external content fetching appear to be from trusted, specific domains. JSON deserialization is used for incoming MCP requests, but the general FastAPI/Pydantic structure helps mitigate common deserialization risks by enforcing schemas. No direct 'eval' or obvious shell injection vulnerabilities from user input were found in the provided server code snippets. Client-side execution of 'npx mcp-remote@latest' could pose a client-side supply chain risk, but this is outside the server's direct security posture.
Updated: 2025-12-07GitHub
40
21
Medium Cost
SylphxAI icon

rag-server-mcp

by SylphxAI

Sec4

Provides Retrieval Augmented Generation (RAG) capabilities to Model Context Protocol (MCP) clients by indexing project documents and retrieving relevant content for LLMs.

Setup Requirements

  • ⚠️Project is explicitly DEPRECATED and unmaintained; migration to CodeRAG is strongly recommended.
  • ⚠️Requires a running ChromaDB instance (default: localhost:8000).
  • ⚠️Requires a running Ollama instance (default: localhost:11434), and the 'nomic-embed-text' model must be pulled manually.
  • ⚠️Known E2E test failures indicate potential instability or bugs in Genkit's ChromaDB and Ollama plugin integrations.
Review RequiredView Analysis
CRITICAL: This project is explicitly marked as DEPRECATED in its README, with a recommendation to migrate to CodeRAG. Deprecated software is unmaintained and inherently poses significant security risks due to unpatched vulnerabilities. Additionally, the server interacts directly with the file system (indexing/deleting files relative to its current working directory) based on input from MCP clients. While intended for project RAG, a malicious MCP client could potentially manipulate or delete arbitrary files within the server's CWD. E2E tests indicate integration issues with ChromaDB and Ollama plugins, which might lead to unexpected behavior.
Updated: 2025-12-10GitHub
40
18
Medium Cost
tektoncd icon

mcp-server

by tektoncd

Sec7

This server provides a Model Context Protocol (MCP) interface for Tektoncd projects, primarily focusing on Tekton Pipelines objects to allow programmatic interaction.

Setup Requirements

  • ⚠️Requires a running Kubernetes cluster with Tekton Pipelines installed.
  • ⚠️Requires proper Kubernetes RBAC permissions to be applied (defined in `config/300-rbac/role.yaml` and `config/300-rbac/rolebinding.yaml`).
  • ⚠️Relies on Knative's client injection for Kubernetes API interaction, requiring specific setup if not deployed within a Knative-aware environment.
Verified SafeView Analysis
The server's Kubernetes deployment uses good container security practices (runAsNonRoot, readOnlyRootFilesystem, drop all capabilities, no privilege escalation). However, the `ClusterRole` associated with the server grants extensive permissions, including `create`, `update`, `patch`, `delete` on all Tekton Pipeline resources (Pipelines, Tasks, PipelineRuns, TaskRuns, StepActions) and `get`, `list`, `watch` on core Kubernetes resources such as `pods`, `namespaces`, `configmaps`, and critically, `secrets`. This broad access is inherent to the server's function of managing Tekton resources, but it means a compromised MCP server would have significant control over the Tekton CI/CD system and read access to sensitive cluster information.
Updated: 2025-12-10GitHub
40
18
Medium Cost
noditlabs icon

nodit-mcp-server

by noditlabs

Sec9

Facilitates AI agents and developers interacting with structured, multi-chain blockchain data via Nodit's Web3 APIs using the Model Context Protocol.

Setup Requirements

  • ⚠️Requires Node.js 18+
  • ⚠️Requires a Nodit API Key (obtained from Nodit Console, potentially for paid plans)
  • ⚠️Potential Node.js version/PATH conflicts when running via npx, especially with Claude Desktop, as detailed in troubleshooting.
Verified SafeView Analysis
The server loads API specifications from local YAML/JSON files, preventing dynamic loading from untrusted sources. API keys are correctly sourced from environment variables, avoiding hardcoding. API calls made via `fetch` include a timeout. Error handling is comprehensive, providing detailed feedback for various API response statuses (e.g., 400, 403, 404, 429, 500, 503). There are no direct `eval` calls or similar dynamic code execution vulnerabilities identified. The primary security consideration is ensuring the `NODIT_API_KEY` is kept secure and that AI agents are not prompted to maliciously abuse the exposed APIs (e.g., exceeding rate limits or requesting large, expensive data).
Updated: 2025-12-02GitHub
40
27
Medium Cost
pkdindustries icon

soulshack

by pkdindustries

Sec2

Soulshack is an IRC chatbot powered by LLMs, designed to bridge traditional chat with modern AI capabilities.

Setup Requirements

  • ⚠️Requires Go 1.23+ to build from source.
  • ⚠️Requires an API key for a commercial LLM provider (OpenAI, Anthropic, Google Gemini) for non-Ollama models, incurring usage costs.
  • ⚠️Requires a local Ollama server running if an `ollama/` model is selected.
  • ⚠️Shell tools (`datetime.sh`, `system.py`) require `jq` to be installed.
  • ⚠️The `system.py` tool's 'docker' resource requires Docker to be installed and accessible.
Review RequiredView Analysis
CRITICAL: The `examples/tools/datetime.sh` tool is vulnerable to command injection through its `format` argument. While there's an attempt at sanitization, the regex is insufficient to prevent malicious commands from being executed by the underlying `date` command. CRITICAL: The `internal/irc/parsing.go` `CheckAdmin` function allows anyone to be an admin if the `admins` list is empty in the configuration. This means, by default, an unconfigured bot grants full administrative control to all users. CRITICAL: The `examples/tools/news.py` tool uses `verify=False` for HTTPS requests, disabling SSL/TLS certificate verification and exposing the bot to man-in-the-middle attacks. HIGH: The `examples/tools/system.py` tool executes various system commands (`free`, `df`, `ps`, `docker ps`, `uptime`) based on LLM input. While currently constrained by an enum, exposing direct system command execution to an LLM agent is an inherent risk and requires robust sandboxing beyond what is evident. Potential for hardcoded secrets exists if API keys are directly placed in `chatbot.yml` instead of environment variables, though the system supports env vars.
Updated: 2025-12-14GitHub
40
17
Medium Cost
bivex icon

kanboard-mcp

by bivex

Sec9

This server integrates AI assistants with Kanboard, allowing natural language management of projects, tasks, users, and workflows.

Setup Requirements

  • ⚠️Requires Go 1.21+ installed locally.
  • ⚠️Requires a running Kanboard instance with API access.
  • ⚠️Critical environment variables (KANBOARD_API_ENDPOINT, KANBOARD_API_KEY/USERNAME/PASSWORD) must be correctly configured.
  • ⚠️RBAC configuration can be complex; misconfiguration can lead to 'access denied' errors, potentially requiring enabling KANBOARD_DEBUG or KANBOARD_SKIP_RBAC for troubleshooting (with caution).
Verified SafeView Analysis
The server uses environment variables for sensitive credentials (API key, username/password), which is a good practice. It implements role-based access control (RBAC) to enforce permissions at both application and project levels, with a clear hierarchy and access maps defined internally. Debugging flags (`KANBOARD_DEBUG`, `KANBOARD_SKIP_RBAC`) are provided for troubleshooting, with a warning for `KANBOARD_SKIP_RBAC` which, if enabled in production, would bypass all permission checks. API calls include retry mechanisms and handle various authentication methods (global token, user token, bearer, username/password). There are no signs of code obfuscation or direct 'eval'-like constructs. The primary security considerations are the secure configuration of the Kanboard instance itself and the environment variables where credentials are stored.
Updated: 2025-12-12GitHub
40
21
Medium Cost
OEvortex icon

ddg_search

by OEvortex

Sec8

Provides an MCP server for web search via DuckDuckGo and AI-powered answers from IAsk AI and Monica.

Setup Requirements

  • ⚠️Reliance on web scraping means vulnerability to changes in DuckDuckGo, IAsk AI, or Monica AI website structures or APIs, potentially breaking functionality.
  • ⚠️Frequent or aggressive usage may lead to IP blocking by target services (DuckDuckGo, IAsk AI, Monica AI).
Verified SafeView Analysis
The server performs web scraping, which is inherently susceptible to changes in target website structures (DuckDuckGo, IAsk AI, Monica AI) or potential IP blocking. The code mitigates this risk by rotating user agents. No hardcoded secrets, 'eval', or direct arbitrary code execution vulnerabilities were found. Input validation is present in the tool schemas for parameters like 'numResults' and 'mode'.
Updated: 2025-12-03GitHub
40
16
Medium Cost
RedHatInsights icon

insights-mcp

by RedHatInsights

Sec8

The server acts as a unified Model Context Protocol (MCP) interface for Red Hat Insights services, enabling AI agents to interact with Advisor, Image Builder, Inventory, Planning, Remediations, and Vulnerability APIs.

Setup Requirements

  • ⚠️Requires a Red Hat Insights Service Account with appropriate RBAC roles and credentials (`INSIGHTS_CLIENT_ID`, `INSIGHTS_CLIENT_SECRET`) configured via environment variables or a client-specific method.
  • ⚠️The recommended setup involves running the server as a container, requiring Podman or Docker to be installed.
  • ⚠️Requires Python 3.10 or newer if running directly from source.
Verified SafeView Analysis
The codebase generally follows good security practices, including obtaining credentials via environment variables. However, `jwt.decode` is used without signature verification (`options={'verify_signature': False}`) when extracting claims like `rh-org-id` or `rh-user-id` from access tokens. This is noted as being 'for reading claims, not validating' in the code. While potentially acceptable if actual authorization decisions are made by downstream Red Hat APIs, it means the MCP server itself does not verify the integrity of the token claims it reads, which is a noteworthy point for a security audit.
Updated: 2025-12-15GitHub
40
20
Medium Cost
alaturqua icon

mcp-trino-python

by alaturqua

Sec6

The MCP Trino Server provides seamless integration with Trino and Iceberg for advanced data exploration, querying, and table maintenance capabilities through a standard interface.

Setup Requirements

  • ⚠️Requires a running Trino server, either locally (e.g., via Docker Compose) or remotely.
  • ⚠️Python 3.12 or higher is required for local execution.
  • ⚠️Essential Trino connection details (TRINO_HOST, TRINO_PORT, TRINO_USER) must be configured via environment variables (e.g., in a .env file).
Verified SafeView Analysis
The server executes SQL queries provided by tools or constructed using f-strings for identifiers (table/schema/catalog names). This design poses a SQL injection risk if the inputs to the MCP tools are not adequately sanitized by the calling client or AI model. Specifically, the `execute_query` tool accepts raw SQL, and other tools embed string parameters directly into queries. Environment variables are correctly used for sensitive configuration (e.g., TRINO_PASSWORD) via python-dotenv. HTTP transports expose network ports, requiring proper network security if deployed publicly. The server itself is not inherently malicious, but its interaction with Trino requires careful input validation from upstream consumers.
Updated: 2025-12-01GitHub
PreviousPage 90 of 647Next