Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

40
20
Medium Cost
alaturqua icon

mcp-trino-python

by alaturqua

Sec6

The MCP Trino Server provides seamless integration with Trino and Iceberg for advanced data exploration, querying, and table maintenance capabilities through a standard interface.

Setup Requirements

  • ⚠️Requires a running Trino server, either locally (e.g., via Docker Compose) or remotely.
  • ⚠️Python 3.12 or higher is required for local execution.
  • ⚠️Essential Trino connection details (TRINO_HOST, TRINO_PORT, TRINO_USER) must be configured via environment variables (e.g., in a .env file).
Verified SafeView Analysis
The server executes SQL queries provided by tools or constructed using f-strings for identifiers (table/schema/catalog names). This design poses a SQL injection risk if the inputs to the MCP tools are not adequately sanitized by the calling client or AI model. Specifically, the `execute_query` tool accepts raw SQL, and other tools embed string parameters directly into queries. Environment variables are correctly used for sensitive configuration (e.g., TRINO_PASSWORD) via python-dotenv. HTTP transports expose network ports, requiring proper network security if deployed publicly. The server itself is not inherently malicious, but its interaction with Trino requires careful input validation from upstream consumers.
Updated: 2025-12-01GitHub
40
17
Low Cost
wrenchpilot icon

it-tools-mcp

by wrenchpilot

Sec1

Provides a comprehensive Model Context Protocol (MCP) server offering over 100 IT tools and utilities for developers, system administrators, and IT professionals.

Setup Requirements

  • ⚠️Requires Node.js (via npx) or Docker to run.
  • ⚠️Network access from the server is required for network-related tools (ping, curl, ssh, etc.).
  • ⚠️File system permissions on the host must be managed carefully, especially given the arbitrary file reading capabilities of certain tools.
Review RequiredView Analysis
CRITICAL: The server's 'cat', 'head', 'tail', and 'grep' tools allow arbitrary file reading from the host filesystem based on user-provided paths, without apparent sanitization or access control. This is a severe information disclosure vulnerability. Additionally, the 'curl' tool makes external network requests based on user input (URL string), which presents a potential Server-Side Request Forgery (SSRF) risk due to a lack of strict URL validation using a URL schema. The 'ssh' and 'scp' tools facilitate remote command execution and file transfer, which are powerful operations that require high trust in the input and can be abused if the MCP server itself is compromised. While robust input validation, rate limiting, and cryptographic library usage are present for other tools, the direct file access vulnerability significantly compromises the server's security posture.
Updated: 2026-01-19GitHub
40
20
High Cost
lrstanley icon

context7-http

by lrstanley

Sec9

An MCP server that supports HTTP streaming for the Context7 project, enabling remote utilization without local installation.

Setup Requirements

  • ⚠️Requires careful configuration of `TRUSTED_PROXIES` if deployed behind a reverse proxy to ensure correct client IP handling and prevent spoofing.
  • ⚠️Relies on external `context7.com/api` for its data sources, necessitating internet connectivity and the upstream API's availability.
  • ⚠️The `BASE_URL` flag should be configured if using SSE endpoints for correct client communication.
Verified SafeView Analysis
The server uses robust Go web frameworks (chi, chix) with security-conscious middleware for logging, IP handling, and security headers. Debug endpoints are restricted to private IPs, which is a good practice. No obvious hardcoded secrets or malicious patterns were found in the provided source code. Proper configuration of `TrustedProxies` is crucial for security if deployed behind a reverse proxy to prevent IP spoofing.
Updated: 2026-01-19GitHub
40
5
High Cost
alparn icon

agentxsuite

by alparn

Sec8

A unified open-source platform for connecting, managing, and monitoring AI agents and tools across various Model Context Protocol (MCP) servers.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose for the recommended setup.
  • ⚠️Critical environment variables (e.g., `SECRET_KEY`, `SECRETSTORE_FERNET_KEY`) must be set for production and should not rely on insecure defaults.
  • ⚠️Integrating with clients like Claude Desktop via `mcp-http-bridge.js` requires Node.js runtime.
  • ⚠️The backend is built with Python 3.11+.
Verified SafeView Analysis
The project demonstrates a strong focus on security, implementing a default-deny policy engine, Fernet-encrypted secret storage, and comprehensive audit logging. JWT tokens are used for authentication with explicit handling of claims and replay protection. The Docker setup correctly distinguishes development (debug=True) from production. Potential areas requiring continuous vigilance include: ensuring input validation for dynamically loaded tool schemas effectively prevents injection vulnerabilities for `sql` type resources, and rigorously managing access control to the `SecretStore` (though `check_permissions=False` is noted for internal service calls). The `mcp-http-bridge.js` is a client-side bridge for integration, not a server vulnerability. The use of `signal.SIGALRM` for timeouts in the main thread is a common pattern but not a direct security vulnerability.
Updated: 2025-11-22GitHub
40
16
Medium Cost

mcp-server

by launchdarkly

Sec7

Provides AI clients access to LaunchDarkly's Model Context Protocol (MCP) services, enabling them to interact with feature flags, AI configurations, and other resources.

Setup Requirements

  • ⚠️Requires a LaunchDarkly API Key for authentication, which typically implies a paid LaunchDarkly account.
  • ⚠️Requires an AI client that is compatible with and configured for the Model Context Protocol (MCP).
  • ⚠️Installation from a local clone requires Node.js/npm for dependency installation and building (`npm install`, `npm run build`).
Verified SafeView Analysis
Requires secure handling of the LaunchDarkly API key, which is used for authentication and should be protected (e.g., via environment variables). The server is designed to be run locally or within a controlled environment and exposes an endpoint (e.g., on port 8080 for Docker). Trust in the `@launchdarkly/mcp-server` npm package and GitHub releases for standalone binaries is assumed. General server-side input validation and network security best practices should be followed by the deployer.
Updated: 2025-11-18GitHub
40
12
Low Cost
reboot-dev icon

durable-mcp-python

by reboot-dev

Sec2

A framework for building durable and fault-tolerant Model Context Protocol (MCP) servers in Python, enabling stateful operations and graceful recovery from disconnections or reboots.

Setup Requirements

  • ⚠️Requires macOS or Linux operating system.
  • ⚠️Requires Python >= 3.12.11.
  • ⚠️Requires Docker to be installed and running for the underlying Reboot application.
Review RequiredView Analysis
CRITICAL: The server uses `pickle.loads(request.message_bytes)` in `reboot/mcp/servicers/session.py` to deserialize client-provided data. Deserializing untrusted pickled data can lead to arbitrary code execution, making this a severe vulnerability if `message_bytes` originates directly from external, untrusted client input. While authentication is implemented, the `pickle.loads` operation itself from untrusted source is a fundamental risk.
Updated: 2025-12-12GitHub
40
3
Medium Cost
alanse-inc icon
Sec8

Provides programmatic control over Google Workspace applications (Sheets, Docs, Drive, Gmail, Calendar, Slides) through a Model Context Protocol (MCP) server for AI automation.

Setup Requirements

  • ⚠️Requires a Google Cloud Project with OAuth 2.0 Client ID and Client Secret configured, saved as `gcp-oauth.keys.json` in the working directory (or a custom `CREDS_DIR`).
  • ⚠️Initial authentication requires an interactive browser-based login, which is not suitable for headless server deployments without manual pre-authentication or an alternative auth flow.
  • ⚠️Requires `npm` and `typescript` for building (`npm run build`).
Verified SafeView Analysis
The project utilizes standard `googleapis` client libraries and `@google-cloud/local-auth` for OAuth 2.0 authentication. The `dotenv` package is used for configuration, implying secrets are externalized. No `eval` or direct command injection vulnerabilities are immediately apparent in the provided code snippets. `nodemailer` is used for MIME message construction, not direct sending. The primary security consideration for production deployment is the `local-auth` mechanism, which typically requires an interactive browser-based login for initial authentication. This method is not suitable for headless servers and would necessitate switching to a different Google Cloud authentication flow (e.g., service accounts) for unattended operation, which is not directly implemented in the current main authentication flow.
Updated: 2026-01-16GitHub
40
23
Low Cost
IAmAlexander icon

readwise-mcp

by IAmAlexander

Sec9

Provides AI assistants with programmatic access to Readwise libraries for reading, managing, searching, and tracking highlights, books, documents, and videos.

Setup Requirements

  • ⚠️Requires a Readwise API key, obtainable from https://readwise.io/access_token. The server includes a setup wizard to guide this process.
  • ⚠️Requires Node.js runtime version 18.0.0 or higher.
Verified SafeView Analysis
The project demonstrates strong security practices: API keys are handled securely via environment variables or a local config file with restrictive permissions (0o600 for files, 0o700 for directory) and are not logged. All tool parameters undergo robust input validation using JSON Schema and custom functions to prevent common attacks. Destructive operations (e.g., delete, bulk actions) require explicit confirmation strings from the AI assistant as a human-in-the-loop safety mechanism. Built-in rate limiting and exponential backoff enhance resilience. Comprehensive error handling prevents sensitive data leakage. CORS is configurable to meet platform-specific requirements. No 'eval' or code obfuscation was detected. The primary implementation (`src/server.ts` and `src/smithery.ts`) relies on the `@modelcontextprotocol/sdk` for secure interaction. A minor potential concern is the presence of `simple-server.ts` and related files (which are explicitly excluded from the main build via `tsconfig.json`), as they might have less robust security compared to the main implementation if deployed incorrectly.
Updated: 2026-01-12GitHub
40
8
High Cost
DennySORA icon

Ops-Tools

by DennySORA

Sec7

A Rust-based command-line interface (CLI) toolset designed for DevOps workflows, offering features like infrastructure-as-code cache cleanup, AI code assistant management, system package installation, security scanning, LLM prompt generation, container image building, and Kubernetes configuration management.

Setup Requirements

  • ⚠️Requires pre-installed AI CLI tools (e.g., Claude Code, OpenAI Codex, Google Gemini CLI) and their respective API keys/authentication for LLM-related features.
  • ⚠️Many features necessitate the presence of common system utilities like `curl`, `git`, `tar`, `unzip`, and a supported system package manager (`brew`, `apt`, `dnf`, `pacman`, etc.).
  • ⚠️The Container Builder feature requires either `Docker` (with Buildx enabled) or `Buildah` to be installed.
  • ⚠️The Kubeconfig management feature is dependent on `tmux` for window isolation functionality.
Verified SafeView Analysis
The project is a CLI utility, not a server itself, though it manages and interacts with external MCP servers. It extensively relies on downloading and installing various external tools (e.g., NVM, pnpm, Rustup, Go, kubectl, k9s, security scanners) from diverse online sources (GitHub releases, raw scripts, package managers). While some downloads include checksum verification, a universal strong verification mechanism (like PGP signatures) is not consistently implemented across all external fetches, introducing a potential supply chain risk if any upstream source is compromised. Command execution is primarily handled through `std::process::Command` with explicit arguments, mitigating risks associated with direct `eval` calls. User-provided secrets (API keys, tokens) are designed to be set via environment variables and are either directly used as such or written to local configuration files (e.g., `~/.codex/config.toml`), preventing hardcoding in the distributed binary. System-wide installations and removals leverage `sudo` and incorporate checks for its availability.
Updated: 2026-01-19GitHub
40
23
Medium Cost
tony-42069 icon

solana-mcp

by tony-42069

Sec7

A comprehensive Solana MCP (Model Context Protocol) server for analyzing memecoins, tracking trends, and providing AI-powered insights using cultural analysis and on-chain data.

Setup Requirements

  • ⚠️Requires a Solana RPC URL, for stable and rate-limit-free operation a custom (potentially paid) one is recommended over the public default.
  • ⚠️Full social signal analysis requires Twitter API keys (API Key, API Secret, Access Token, Access Secret), which may involve developer account setup and rate limits.
  • ⚠️The `puppeteer` dependency will download a Chromium browser instance during installation, which can be a large file and add to installation time.
Verified SafeView Analysis
The server uses environment variables for sensitive API keys, which is good practice. However, the `allowedOrigins: ['*']` CORS configuration is a security risk if the server is exposed publicly on the internet without additional protective measures (e.g., a proxy enforcing stricter CORS). Additionally, features involving web scraping with `puppeteer` could potentially be vulnerable if not carefully secured against malicious content on crawled pages.
Updated: 2026-01-17GitHub
40
15
Medium Cost
stacklok icon
Sec5

Connect to and query your Elasticsearch data, enabling AI assistants to perform searches, retrieve mappings, list indices, and get shard information.

Setup Requirements

  • ⚠️Requires an existing Elasticsearch instance (ES_URL must be provided).
  • ⚠️Requires Docker to run locally.
  • ⚠️Network permissions are set to `insecure_allow_all: true` for outbound connections, posing a security risk if not adequately isolated or understood.
Review RequiredView Analysis
The server's network permissions include `insecure_allow_all: true` for outbound connections, which is a significant security risk, allowing the container to connect to any external host. While explicit ports (443, 9200) are listed, the `insecure_allow_all` flag overrides specific host restrictions. Additionally, the `ES_SSL_SKIP_VERIFY` environment variable allows bypassing SSL certificate verification, which could expose data to man-in-the-middle attacks if enabled. Authentication relies on API keys, username/password, which are handled as secrets but must be managed securely by the user.
Updated: 2026-01-19GitHub
40
20
High Cost
alti3 icon

stk-mcp

by alti3

Sec7

Enables Large Language Models or other Model Context Protocol clients to programmatically interact with Ansys/AGI STK for digital mission engineering and simulation, supporting both Desktop and Engine modes.

Setup Requirements

  • ⚠️Requires Ansys/AGI STK (version 12.x Desktop or Engine) to be installed.
  • ⚠️Requires the `agi.stk12` Python API wheel, corresponding to your STK installation, to be manually added as a local dependency.
  • ⚠️STK Desktop mode is only available on Windows; STK Engine mode is available on Windows and Linux.
Verified SafeView Analysis
The server exposes STK Connect commands via its tools, which could be a vector for command injection within the STK environment if user inputs (potentially from an LLM) are not thoroughly sanitized before being passed to `stk_root.ExecuteCommand`. This risk is limited to arbitrary execution of STK's internal commands, not arbitrary code execution on the host OS. While the core tools primarily use the STK Object Model, some fall back to `ExecuteCommand`. The default binding to localhost (`127.0.0.1`) mitigates external network risks, but the host is configurable. No `eval` or `os.system` calls were found, and `tenacity` is used for robustness rather than security.
Updated: 2026-01-19GitHub
PreviousPage 93 of 760Next