Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(7756)

40
5
High Cost
alparn icon

agentxsuite

by alparn

Sec8

A unified open-source platform for connecting, managing, and monitoring AI agents and tools across various Model Context Protocol (MCP) servers.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose for the recommended setup.
  • ⚠️Critical environment variables (e.g., `SECRET_KEY`, `SECRETSTORE_FERNET_KEY`) must be set for production and should not rely on insecure defaults.
  • ⚠️Integrating with clients like Claude Desktop via `mcp-http-bridge.js` requires Node.js runtime.
  • ⚠️The backend is built with Python 3.11+.
Verified SafeView Analysis
The project demonstrates a strong focus on security, implementing a default-deny policy engine, Fernet-encrypted secret storage, and comprehensive audit logging. JWT tokens are used for authentication with explicit handling of claims and replay protection. The Docker setup correctly distinguishes development (debug=True) from production. Potential areas requiring continuous vigilance include: ensuring input validation for dynamically loaded tool schemas effectively prevents injection vulnerabilities for `sql` type resources, and rigorously managing access control to the `SecretStore` (though `check_permissions=False` is noted for internal service calls). The `mcp-http-bridge.js` is a client-side bridge for integration, not a server vulnerability. The use of `signal.SIGALRM` for timeouts in the main thread is a common pattern but not a direct security vulnerability.
Updated: 2025-11-22GitHub
40
16
Medium Cost

mcp-server

by launchdarkly

Sec7

Provides AI clients access to LaunchDarkly's Model Context Protocol (MCP) services, enabling them to interact with feature flags, AI configurations, and other resources.

Setup Requirements

  • ⚠️Requires a LaunchDarkly API Key for authentication, which typically implies a paid LaunchDarkly account.
  • ⚠️Requires an AI client that is compatible with and configured for the Model Context Protocol (MCP).
  • ⚠️Installation from a local clone requires Node.js/npm for dependency installation and building (`npm install`, `npm run build`).
Verified SafeView Analysis
Requires secure handling of the LaunchDarkly API key, which is used for authentication and should be protected (e.g., via environment variables). The server is designed to be run locally or within a controlled environment and exposes an endpoint (e.g., on port 8080 for Docker). Trust in the `@launchdarkly/mcp-server` npm package and GitHub releases for standalone binaries is assumed. General server-side input validation and network security best practices should be followed by the deployer.
Updated: 2025-11-18GitHub
40
2
Medium Cost
blakazulu icon

search-mcp

by blakazulu

Sec9

Provides semantic search capabilities for codebases to be used by AI agents.

Setup Requirements

  • ⚠️Requires initial download of embedding models (~384MB for code, ~768MB for docs) on first use, which requires an internet connection and can take time.
  • ⚠️The native SQLite FTS5 engine (`better-sqlite3`) may require platform-specific build tools to install. If unavailable, it falls back to a JavaScript engine (natural), but installation itself can be a friction point for projects preferring native performance.
  • ⚠️Indexing large projects can consume significant disk space. The server checks for sufficient disk space during indexing and will abort if critically low.
Verified SafeView Analysis
The server demonstrates a strong focus on security. It includes robust path traversal prevention (safeJoin, secureResolvePath, isPathSafeToDelete), SQL injection prevention (escapeSqlString), and Denial-of-Service (DoS) protection (MAX_QUERY_LENGTH, MAX_GLOB_PATTERN_LENGTH, MAX_JSON_FILE_SIZE, GLOB_TIMEOUT_MS, MAX_TOP_K clamping in LanceDB search). Concurrency issues are mitigated with an IndexingLock to prevent race conditions during indexing operations (SMCP-057). It handles embedding security by only inserting successful embeddings and includes model compatibility checks (SMCP-074). Stale lockfile cleanup is implemented with TOCTOU mitigation. Hardcoded secrets are avoided by relying on environment variables. Overall, the codebase shows a proactive approach to common web application and file system interaction vulnerabilities.
Updated: 2025-12-14GitHub
40
37
Medium Cost
AterDev icon

ater.dry.cli

by AterDev

Sec8

An intelligent code assistance tool for ASP.NET Core and EF Core development, offering CLI, Web UI, and MCP server for code generation and LLM-powered business logic creation.

Setup Requirements

  • ⚠️Requires .NET SDK 10 (or a compatible preview version like 10.0.100-rc.2.25502.107).
  • ⚠️PowerShell 7.0 or higher is needed to run project scripts (installTemplate.ps1, PublishToLocal.ps1).
  • ⚠️NPM is required for frontend development (if building/running the Web UI client separately).
Verified SafeView Analysis
The provided code snippets do not show any 'eval', obfuscation, hardcoded secrets, or explicit malicious patterns. The `AterStudio` application (which hosts the MCP server) is configured to run on `localhost` during development (`https://localhost:19160;http://localhost:19160`), limiting direct network exposure in its default setup. The `AllowedHosts: "*"` in `appsettings.json` is a standard development configuration but should be restricted in production deployments. The `openapi.json` defines various API endpoints that use Bearer token authentication, which is a common security practice. The mention of 'LLM technology' implies potential interactions with LLMs; however, the specific implementation details for this are not provided in the truncated source code, so risks related to prompt injection or data privacy cannot be fully assessed from this snippet alone.
Updated: 2025-12-14GitHub
40
12
Low Cost
reboot-dev icon

durable-mcp-python

by reboot-dev

Sec2

A framework for building durable and fault-tolerant Model Context Protocol (MCP) servers in Python, enabling stateful operations and graceful recovery from disconnections or reboots.

Setup Requirements

  • ⚠️Requires macOS or Linux operating system.
  • ⚠️Requires Python >= 3.12.11.
  • ⚠️Requires Docker to be installed and running for the underlying Reboot application.
Review RequiredView Analysis
CRITICAL: The server uses `pickle.loads(request.message_bytes)` in `reboot/mcp/servicers/session.py` to deserialize client-provided data. Deserializing untrusted pickled data can lead to arbitrary code execution, making this a severe vulnerability if `message_bytes` originates directly from external, untrusted client input. While authentication is implemented, the `pickle.loads` operation itself from untrusted source is a fundamental risk.
Updated: 2025-12-12GitHub
40
22
Medium Cost
IAmAlexander icon

readwise-mcp

by IAmAlexander

Sec9

Provides AI assistants with access to Readwise content (highlights, books, documents, videos), enabling reading, management, advanced searching, and progress tracking within the Readwise library via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires a Readwise API Key, which can be obtained from https://readwise.io/access_token.
  • ⚠️Requires Node.js version 18.0.0 or higher.
  • ⚠️When using the MCP Inspector for testing, specific ports (e.g., 3000, 3002, 5175) are utilized, which could conflict with other local services.
Verified SafeView Analysis
The server demonstrates strong security practices: no 'eval' or similar dangerous patterns were found. The Readwise API key is securely handled via environment variables or a local configuration file with restrictive permissions (0o600). Destructive operations (e.g., delete, bulk operations) require explicit confirmation strings, preventing accidental data loss. Comprehensive input validation is implemented for all tool and prompt parameters, mitigating common vulnerabilities like injection attacks. CORS is configured to allow specific origins, and API/transport errors are caught and normalized, avoiding the exposure of sensitive internal details. Retry logic for API calls enhances resilience.
Updated: 2025-12-11GitHub
40
20
Medium Cost
martin-papy icon

qdrant-loader

by martin-papy

Sec8

Provides intelligent Retrieval-Augmented Generation (RAG) capabilities by connecting a QDrant knowledge base with AI development tools like Cursor, Windsurf, and Claude Desktop, offering semantic, hierarchy-aware, and attachment-focused search for contextual code assistance and documentation lookup.

Setup Requirements

  • ⚠️Requires a running QDrant vector database instance (local Docker, self-hosted, or cloud).
  • ⚠️Requires an LLM API key (e.g., OpenAI, Azure OpenAI, Ollama), which may incur costs based on usage.
  • ⚠️Requires Python 3.12+.
  • ⚠️For seamless integration with AI tools like Cursor, setting the `MCP_DISABLE_CONSOLE_LOGGING='true'` environment variable is highly recommended to prevent console output interference.
Verified SafeView Analysis
The project strongly emphasizes secure configuration practices, using environment variables for all sensitive API keys (e.g., LLM_API_KEY, QDRANT_API_KEY, source credentials). Documentation explicitly recommends setting secure file permissions (`chmod 600 .env`) and excluding `.env` files from version control. External API calls (OpenAI, Jira) are rate-limited with retry logic, and HTTPS is used for external connections. The MCP server defaults to binding on `127.0.0.1` and supports HTTP transport with security features like origin validation. No direct `eval` or obfuscation is apparent in the provided source code snippets. Potential risks lie in misconfiguration or accidental exposure of environment variables/API keys.
Updated: 2025-12-15GitHub
40
22
Medium Cost
jasonjgardner icon

blockbench-mcp-plugin

by jasonjgardner

Sec3

This plugin transforms Blockbench into a Model Context Protocol (MCP) server, enabling external AI agents to programmatically create, modify, and animate 3D models within Blockbench.

Setup Requirements

  • ⚠️Requires Blockbench desktop application to function.
  • ⚠️Requires an external MCP client (e.g., VS Code Copilot, Claude Desktop) configured to connect to the Blockbench instance via `http://localhost:3000/bb-mcp` (default endpoint).
  • ⚠️The `risky_eval` tool introduces a significant security risk, allowing arbitrary JavaScript execution within Blockbench's context.
  • ⚠️The server component is embedded within Blockbench; there is no standalone command to run it as a separate process.
Review RequiredView Analysis
The server includes a `risky_eval` tool that allows arbitrary JavaScript code execution, despite attempts to filter out console commands and comments. This is a critical security vulnerability, as an exploited or malicious client could execute arbitrary code within the Blockbench Electron application's context, potentially accessing native Node.js APIs (even with Blockbench's permission model) or local resources. The server also manually creates a TCP server to handle HTTP requests, which could introduce subtle network vulnerabilities if not perfectly implemented. While it defaults to localhost, the port and endpoint are configurable, increasing the attack surface if exposed.
Updated: 2025-11-22GitHub
40
18
Low Cost
zed-extensions icon

mcp-server-brave-search

by zed-extensions

Sec9

Integrates Brave Search functionality into the Zed editor as a Model Context Protocol server, providing search results and context.

Setup Requirements

  • ⚠️Requires a Brave Search API Key (Free tier available for 2,000 queries/month, usage beyond this costs money).
  • ⚠️Relies on Node.js runtime to be available, as the underlying server is a Node.js process managed by Zed.
Verified SafeView Analysis
The extension itself is a Rust wrapper that securely passes an API key from Zed settings as an environment variable to an upstream Node.js server. It manages the upstream Node.js package (`@brave/brave-search-mcp-server`) via npm. No direct 'eval' or malicious patterns are observed in the Rust code. The overall security relies on the integrity of the upstream Node.js package.
Updated: 2025-12-03GitHub
40
14
Medium Cost
stonehill-2345 icon

lite-mcp

by stonehill-2345

Sec2

A framework for developing and managing various testing-related MCP (Model Context Protocol) servers, including Android device automation, stability testing, desktop mouse/keyboard control, filesystem operations, and integration of external MCP services.

Setup Requirements

  • ⚠️Requires ADB (Android Debug Bridge) installed and configured in system PATH for Android-related services (e.g., Fastbot, Android tools).
  • ⚠️Requires Python packages like `uiautomator2`, `Pillow`, `pyautogui`, and `apkutils2`. Some tools also require `uv` (for Python MCPs) or Node.js/npm (for `npx` MCPs).
  • ⚠️The `MouseMCPServer` is specifically stated to support Windows devices, implying potential compatibility issues or different setup for other operating systems.
Review RequiredView Analysis
The system inherently exposes powerful host-level operations as 'tools', which pose significant security risks if not strictly protected by authentication and authorization. Critical concerns include: 1. **Arbitrary Command Execution**: The `ExternalMCPServer` allows launching external MCP services by executing commands and arguments from configuration files (`config/external_mcp.json`). If these configurations can be modified by an untrusted entity, it leads to arbitrary code execution on the host machine. 2. **Direct Filesystem Manipulation**: The `FileSystemMCPServer` provides direct access to create, read, write, delete, copy, and move files/directories. This can lead to full filesystem compromise if exposed to untrusted input. 3. **Device Control**: `AndroidMCPServer` and `MouseMCPServer` enable direct control of Android devices (via ADB) and the host's mouse/keyboard (via `pyautogui`), respectively. These are high-privilege operations. 4. **Client-Side Code Execution (Frontend)**: The `CodeExecutorTool.js` (client-side) attempts to sandbox code execution, but client-side sandboxing is not foolproof and still introduces risk if malicious code can bypass it. These features, while powerful for automation, make the server unsafe to run in an untrusted environment or without robust access control mechanisms.
Updated: 2025-11-25GitHub
40
9
Medium Cost
ragieai icon

mcp-gateway

by ragieai

Sec9

A multi-tenant secure proxy for AI clients to access Ragie MCP services with organization-based authentication and routing.

Setup Requirements

  • ⚠️Requires a WorkOS account and application setup with API keys and an authorization server URL.
  • ⚠️Requires a JSON mapping file (`MAPPING_FILE`) configured with organization-to-Ragie-partition mappings and per-organization/collection Ragie API keys.
  • ⚠️Requires Node.js 18+ to run.
Verified SafeView Analysis
The server implements robust security features including JWT verification via WorkOS JWKS, organization membership validation, and role-based access control. Secrets (API keys, WorkOS credentials) are managed through environment variables or a mapping file, preventing hardcoding. It acts as a secure proxy, carefully routing and authenticating requests. The only minor point is a 'FIXME' in the `authMiddleware` related to WorkOS JWT not directly containing organization ID, which is addressed with a separate API call, maintaining security but indicating a potential area for future optimization in the authentication flow. No 'eval' or other obviously dangerous patterns were found.
Updated: 2025-12-12GitHub
40
20
Low Cost
bmen25124 icon
Sec2

Manages and interfaces with external Multi-Tool Communication Protocol (MCP) servers, allowing SillyTavern to discover and execute various tools.

Setup Requirements

  • ⚠️Requires installation within a specific SillyTavern folder structure (`{SillyTavern_Folder}/plugins`).
  • ⚠️Requires `enableServerPlugins: true` in `config.yaml` of the SillyTavern server.
  • ⚠️Enables execution of arbitrary system commands and network connections based on API-configured MCP server settings, posing a significant security risk if the API is not secured or if untrusted MCP servers are configured.
Review RequiredView Analysis
The server can execute arbitrary commands (`child_process.spawn`) and connect to arbitrary URLs (`node-fetch`, `eventsource`) based on configurations received via its API (`router.post('/servers')`). This means a compromised SillyTavern instance or an attacker gaining access to this plugin's API could execute malicious code on the host system or make malicious network requests. The `README` explicitly warns users to 'only install trusted MCP servers', highlighting this significant risk. While the core functionality involves executing user-defined tools, the API exposure for configuring these tools requires extreme caution and robust access controls from the embedding application (SillyTavern).
Updated: 2025-12-01GitHub
PreviousPage 91 of 647Next