Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

41
25
Medium Cost
pratikjadhav2726 icon

Unified-MCP-Tool-Graph

by pratikjadhav2726

Sec4

The Unified MCP Tool Graph aggregates and structures tool APIs from diverse Model Context Protocol (MCP) servers into a centralized Neo4j graph database, enabling LLMs and agentic AI systems to dynamically retrieve the most relevant tools for any task.

Setup Requirements

  • ⚠️Requires Neo4j database (Docker recommended) for full dynamic tool retrieval capabilities; otherwise, it runs in fallback mode.
  • ⚠️Requires `uv` (modern Python package manager) for easy dependency installation and running scripts.
  • ⚠️Requires `mcp-proxy` for exposing stdio-based MCP servers as HTTP endpoints.
  • ⚠️Requires `GROQ_API_KEY` for agent examples utilizing Groq models (paid API usage).
  • ⚠️Requires Python 3.12+.
Review RequiredView Analysis
The system dynamically fetches and executes server configurations from potentially arbitrary GitHub repositories for new tools. The `MCPServerManager` uses `subprocess.Popen` with commands and arguments derived from these configurations. While `extract_config_from_github_async` attempts to filter commands (to 'npx' or 'python'), these can still execute arbitrary code if a malicious configuration is provided (e.g., from a compromised GitHub repository or a crafted JSON in a README). This introduces a significant supply chain and remote code execution risk, as the integrity of external configurations cannot be fully guaranteed. No direct `eval()` or `os.system()` with unsanitized user input was found, but the dynamic execution of external commands is a high-risk pattern.
Updated: 2025-12-02GitHub
41
10
Low Cost
Sec9

Demonstrates building Model Context Protocol (MCP) servers in TypeScript and Java for integrating with developer platforms and services like GitHub, specifically for a workshop using Visual Studio Code and GitHub Copilot.

Setup Requirements

  • ⚠️Requires Node.js 24.
  • ⚠️Requires Java 25.
  • ⚠️Full workshop experience leveraging Visual Studio Code and GitHub Copilot may require a GitHub Copilot subscription (though the README states 'free tier is more than enough').
Verified SafeView Analysis
The provided content is a workshop README, not executable code. It outlines how to build and run MCP servers locally for learning purposes. Security risks are minimal from the documentation itself but depend on the specific implementation of the servers. Interactions described are local (localhost) or with external services (GitHub API) when implemented.
Updated: 2025-11-17GitHub
41
22
Medium Cost
jentic icon

jentic-sdks

by jentic

Sec7

The Jentic MCP Plugin enables AI-agent builders to discover, load, and execute external APIs and workflows via the Model Configuration Protocol (MCP), generating LLM-compatible tool definitions.

Setup Requirements

  • ⚠️Requires `JENTIC_AGENT_API_KEY` (obtained from Jentic dashboard).
  • ⚠️Requires `uv` installed (`brew install uv` or `pip install uv`).
  • ⚠️Requires Python 3.11+.
Verified SafeView Analysis
The server explicitly handles `JENTIC_AGENT_API_KEY` from environment variables, which is good practice. However, the `submit_feedback` tool, while attempting to remove sensitive data, also explicitly includes the `JENTIC_AGENT_API_KEY` in the feedback payload if present. This is a potential security risk as the agent API key is sensitive and its inclusion in feedback could lead to compromise if the feedback endpoint or its handling is insecure. The server relies on the security of the remote Jentic API Knowledge Hub for its core functionality. No 'eval' or obvious malicious code patterns were found.
Updated: 2025-11-26GitHub
41
49
Medium Cost
AterDev icon

Perigon.CLI

by AterDev

Sec8

A development assistance tool for quickly building front-end and back-end services with code generation and LLM technology, providing CLI, WebUI, and MCP Server modes.

Setup Requirements

  • ⚠️Requires .NET SDK 10 (or 9.0 for contribution/dev builds) to be installed.
  • ⚠️PowerShell 7.0 or higher is needed to run included scripts.
  • ⚠️Likely requires an external LLM API Key (e.g., OpenAI) for LLM-assisted features, which may incur costs.
Verified SafeView Analysis
Based on the truncated source code provided, there are no immediate glaring security vulnerabilities like hardcoded secrets or direct 'eval' usage. Configuration files use standard practices. However, the tool relies on 'code generation' and 'LLM technology,' which inherently carry risks (e.g., prompt injection, insecure code generation from LLM output, or code injection if user input isn't sanitized during generation). The actual implementation of these critical generation and LLM integration components is not visible in the provided snippets, preventing a full assessment of those specific risks. Running locally via HTTP is standard for development but HTTPS should be enforced if deployed publicly.
Updated: 2026-01-19GitHub
41
6
Medium Cost

ifc-bonsai-mcp

by Show2Instruct

Sec3

Connects AI language models with Blender's Bonsai add-on to read, create, and edit IFC models directly via high-level tool calls and RAG-powered knowledge.

Setup Requirements

  • ⚠️Requires specific Blender 4.4+ and Bonsai Add-on 0.8.2+ versions.
  • ⚠️Requires Claude Desktop (or other MCP-compatible client) and manual configuration of its JSON settings, including potentially an absolute path to the Python executable.
  • ⚠️An additional local embedding server (Sentence Transformers) must be run continuously in a separate process for the RAG knowledge base to function.
  • ⚠️Initial setup involves installing `uv` package manager and potentially manual installation of Python packages into Blender's isolated Python environment.
Review RequiredView Analysis
The server explicitly includes a tool `execute_blender_code` which allows the execution of 'arbitrary Python code in Blender context' driven by the LLM. The `README` also warns about the general `execute_code` tool behaving 'unpredictably' and potentially producing 'unsafe results'. While running locally, this grants significant control to the LLM over the user's machine within the Blender environment, posing a high risk for unintended or malicious code execution based on LLM output.
Updated: 2025-11-17GitHub
41
13
Medium Cost
GravityKit icon

GravityMCP

by GravityKit

Sec9

Manage Gravity Forms data (forms, entries, feeds, fields) via Model Context Protocol, enabling programmatic interaction with WordPress forms.

Setup Requirements

  • ⚠️Requires Node.js 18+ (though `scripts/check-env.js` recommends 20+).
  • ⚠️Requires an active WordPress installation with Gravity Forms 2.5+.
  • ⚠️Requires an HTTPS-enabled WordPress site if using Basic Authentication (OAuth 1.0a is a fallback for HTTP).
  • ⚠️Requires Gravity Forms REST API Consumer Key and Secret, generated in WordPress settings.
  • ⚠️For local development with self-signed SSL certificates, `MCP_ALLOW_SELF_SIGNED_CERTS=true` must be set in your `.env` file.
Verified SafeView Analysis
The server enforces HTTPS for Basic Authentication, falling back to OAuth 1.0a for HTTP connections. Sensitive data (keys, secrets, passwords) is obfuscated in logs using a dedicated sanitization utility (`sanitize.js`). Destructive operations (delete) are disabled by default and require explicit `GRAVITY_FORMS_ALLOW_DELETE=true` configuration. A `MCP_ALLOW_SELF_SIGNED_CERTS=true` option is available for local development with self-signed certificates, which carries an explicit security warning against its use in production.
Updated: 2025-12-05GitHub
41
15
Low Cost
ethanolivertroy icon

fedramp-docs-mcp

by ethanolivertroy

Sec8

A Model Context Protocol (MCP) server for querying FedRAMP compliance documentation and NIST controls, designed to be used by AI agents and developers.

Setup Requirements

  • ⚠️Requires Node.js 18+ and npm 9+.
  • ⚠️Requires 'git' command-line tool to be installed and available in PATH.
  • ⚠️Requires network access for initial cloning of the FedRAMP/docs repository (~50MB) and for automatic updates.
  • ⚠️Requires an MCP-compatible client (e.g., Claude Desktop, Cursor, LM Studio) to interact with its tools.
Verified SafeView Analysis
The server uses 'simple-git' to clone and update the official 'FedRAMP/docs' GitHub repository. While 'simple-git' is a well-established library for Git operations, any execution of external commands ('git') inherently introduces a potential attack surface. However, the repository source and branch are configurable via environment variables, not directly by user input to tools, which mitigates command injection risks. The Docker setup provides strong security hardening (e.g., non-root user, read-only filesystem, dropped capabilities, no-new-privileges, network isolation) which significantly enhances security in containerized deployments. No direct 'eval' or intentional obfuscation is observed.
Updated: 2026-01-14GitHub
41
5
Low Cost
andrewmat32 icon
Sec8

An AI-powered code generator for Apostrophe CMS modules, operating as a local Model Context Protocol (MCP) server that can be integrated with Claude Code.

Setup Requirements

  • ⚠️Requires Node.js v18 or higher.
  • ⚠️Requires Claude Code CLI (@anthropic-ai/claude-code) installed globally.
  • ⚠️Requires an Anthropic API key configured via `claude configure` (this is a paid service, token usage applies).
  • ⚠️Apostrophe CMS projects must be located in the parent directory of this tool and configured for ES Modules (`"type": "module"` in their `package.json`).
Verified SafeView Analysis
The server runs locally and explicitly states no API keys are required for its own operation, relying on the `claude` CLI for AI interaction. It executes the `claude` CLI via `child_process.spawn` and passes prompts securely via `stdin`, mitigating direct command injection through prompts. File system operations (read, write, delete) are confined to discovered Apostrophe projects (which must be in the parent directory and meet specific `app.js` criteria) and a local `history/` folder. A specific safety measure is appending to `modules/asset/ui/src/index.js` rather than overwriting. The primary risks involve trusting the security of the `claude` CLI itself and potential (though mitigated) malicious manipulation of discovered project paths.
Updated: 2025-12-11GitHub
41
43
Medium Cost
groq icon
Sec9

Provides a Model Context Protocol (MCP) server for interacting with Groq models, including compound/meta models, exposing tools for real-time information and code execution capabilities from the Groq AI.

Setup Requirements

  • ⚠️Requires Node.js >= 18.0.0.
  • ⚠️Requires a Groq API key set in the `GROQ_API_KEY` environment variable (this is a paid service).
  • ⚠️For Vercel deployments and SSE transport, a Redis instance URL (`REDIS_URL` environment variable) is recommended.
Verified SafeView Analysis
The server correctly handles sensitive information (Groq API key, Redis URL) via environment variables. Input validation is performed using Zod schemas for tool arguments, mitigating common injection risks. There is no direct `eval` or arbitrary code execution exposed by the server itself; the 'code execution' capability is a feature of the underlying Groq AI models this server interfaces with. The use of `@vercel/mcp-adapter` and `express-rate-limit` (via `@modelcontextprotocol/sdk` dependency) suggests good practices for web endpoint security and abuse prevention.
Updated: 2026-01-07GitHub
41
4
Medium Cost
jtalk22 icon
Sec7

Integrate an AI assistant (like Claude) with full Slack workspace access, including DMs, channels, search, and history, without requiring admin approval.

Setup Requirements

  • ⚠️Automatic token refresh from Chrome is only available on macOS; Linux/Windows users must manually extract and update tokens.
  • ⚠️Requires Chrome browser to be running with app.slack.com logged in for automatic token extraction/refresh.
  • ⚠️Session tokens expire every 1-2 weeks, requiring periodic refresh (manual or automatic).
  • ⚠️Uses unofficial Slack APIs, which may break or lead to account issues if Slack changes its policies or internal mechanisms.
Verified SafeView Analysis
The server's core functionality relies on extracting highly privileged 'xoxc-' (token) and 'xoxd-' (cookie) browser session tokens from Chrome (macOS only) via AppleScript executing JavaScript within the browser. This grants the server the same access you have in your web browser. While powerful, this is a high-privilege operation and requires significant trust in the application. The project implements several good security practices: - Tokens are stored locally (file, macOS Keychain) with strict 'chmod 600' permissions. - Atomic writes prevent file corruption during token/cache updates. - The REST API server (`slack-mcp-web`) generates a secure, random API key and binds exclusively to localhost (`127.0.0.1`), preventing external network access by default. CORS is also restricted to localhost origins. - Filename sanitization is implemented for exports to prevent path traversal vulnerabilities. - No obvious hardcoded secrets or malicious 'eval' patterns (the JavaScript execution is explicit and part of the core design).
Updated: 2026-01-17GitHub
41
24
Medium Cost
goern icon

forgejo-mcp

by goern

Sec9

Connects AI assistants to Forgejo repositories, enabling natural language management of issues, pull requests, files, and more.

Setup Requirements

  • ⚠️Requires a Forgejo instance URL and a personal access token with appropriate permissions.
  • ⚠️Requires Go 1.24+ for installation and execution.
  • ⚠️Requires an MCP-compatible AI assistant to interact with the server's tools.
Verified SafeView Analysis
The server's Go source code shows good security practices, including handling sensitive data (access tokens) via environment variables or CLI flags, and sanitizing URLs and redacting tokens in logs. It primarily acts as a proxy to the Forgejo API via a standard SDK, limiting its attack surface. No 'eval', obfuscation, or direct malicious patterns were identified. The primary security consideration for users is to ensure the Forgejo access token is granted only the necessary permissions.
Updated: 2026-01-19GitHub
41
26
Medium Cost
olaservo icon

mcp-advisor

by olaservo

Sec8

Provides LLMs and humans with structured access to the Model Context Protocol (MCP) specification and documentation for understanding and compliance evaluation.

Setup Requirements

  • ⚠️The server currently depends on the official `LLMS.txt` file which no longer matches the format expected by this server, potentially leading to functional issues or incorrect link fetching.
  • ⚠️Requires outbound network access to `https://modelcontextprotocol.io` and `https://raw.githubusercontent.com` to fetch specifications and documentation; without this, it will rely on (potentially expired) cache or fail.
Verified SafeView Analysis
The server acts as a documentation provider, fetching content from external URLs (`modelcontextprotocol.io`, `raw.githubusercontent.com`). No direct code execution vulnerabilities (like 'eval' on untrusted input) were found. The `evaluate_server_compliance` prompt takes a 'path' argument, but the server only passes this string to the LLM for evaluation, without attempting to read or execute code from that path on its host system. The primary security considerations are the integrity of the external content sources and how the consuming LLM client handles the provided documentation. The README's warning about `LLMS.txt` format is a functional issue, not a direct security flaw in the server's execution.
Updated: 2026-01-16GitHub
PreviousPage 90 of 760Next