Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

40
10
Medium Cost
LeanMCP icon

leanmcp-sdk

by LeanMCP

Sec9

Building production-ready Model Context Protocol (MCP) servers with TypeScript, supporting features like authentication, elicitation, and UI integration for AI agents.

Setup Requirements

  • ⚠️Requires Node.js 18+ and npm 9+.
  • ⚠️Requires specific environment variable configurations (e.g., OPENAI_API_KEY, GITHUB_CLIENT_ID, AUTH0_DOMAIN, COGNITO_USER_POOL_ID, SLACK_BOT_TOKEN) depending on the services and integrations used.
  • ⚠️Utilizing AI-powered features (e.g., OpenAI) will incur external API costs.
Verified SafeView Analysis
The SDK demonstrates robust security practices for authentication, including OAuth 2.0 flows, PKCE, JWT signing and encryption (using `crypto` module), and explicit handling of sensitive environment variables. Secrets are managed via `process.env` and the `@leanmcp/env-injection` package supports user-scoped environment variables, preventing cross-user data leakage. Dynamic module loading of services from the `mcp` directory is a core design feature; this is secure assuming the build/deployment pipeline is trusted and the `mcp` directory is not exposed to untrusted code injection. The system relies on proper management of API keys and secrets by the user.
Updated: 2026-01-17GitHub
40
16
Low Cost
outfitter-dev icon

blz

by outfitter-dev

Sec6

Provides fast, local documentation search and retrieval for AI agents, using llms.txt files for line-accurate citations.

Setup Requirements

  • ⚠️Requires Rust 1.85+ and Cargo to build from source.
  • ⚠️Requires `curl` and `tar` for the quick install script. For advanced JSON output in scripts, `jq` is recommended.
  • ⚠️The `source-add` functionality has a known Server-Side Request Forgery (SSRF) risk, allowing an agent to potentially query internal network services if provided a malicious URL. A fix is planned, but it's a critical consideration for autonomous agent integration.
Review RequiredView Analysis
The project exhibits a strong focus on security in its design and development practices, including explicit whitelisting for commands, robust input validation, path sanitization, and detailed dependency management (deny.toml). However, the documentation (docs/release/v1.3-risk-matrix.md) explicitly flags a 'Medium' severity SSRF (Server-Side Request Forgery) vulnerability via the `source-add` functionality. This means an attacker, or an autonomous AI agent, could potentially induce the server to make requests to internal IP addresses (e.g., 127.0.0.1, internal network services) if provided with a malicious URL. While this risk is mitigated in single-user local deployments and a fix is planned for v1.3.1, its presence means the server is not entirely safe for agentic use without strict input validation/sanitization by the agent itself, or in scenarios where the BLZ server is exposed in a multi-tenant environment (which is not its intended use case). No 'eval' or obfuscation was found, and sensitive tokens are handled via environment variables.
Updated: 2026-01-17GitHub
40
18
Medium Cost
MarcSkovMadsen icon

holoviz-mcp

by MarcSkovMadsen

Sec2

Enables AI assistants to build interactive dashboards and data visualizations with HoloViz libraries like Panel, hvPlot, Lumen, and Datashader, by providing intelligent access to documentation, component information, and a display server.

Setup Requirements

  • ⚠️Requires Python 3.11+.
  • ⚠️Initial documentation indexing can take 5-10 minutes and requires internet access for Git clones.
  • ⚠️Execution of arbitrary Python code (via `holoviz_display` tool) poses significant security risks; should only be run in trusted, isolated environments or with rigorous input validation.
  • ⚠️Chromium browser must be installed for `take_screenshot` functionality (`uvx holoviz-mcp install chromium`).
Review RequiredView Analysis
The server includes a `holoviz_display` tool that executes arbitrary Python code provided via the API or UI (e.g., using `exec()` in `display_mcp/utils.py`), which is a significant security risk. The `README.md` explicitly warns about this. The `take_screenshot` tool uses Playwright to visit arbitrary URLs, which could pose SSRF risks if the URL is not sanitized. While the default MCP server transport is STDIO, it can be configured for HTTP and exposed externally (e.g., via Docker on `0.0.0.0`), increasing network attack surface. No obvious hardcoded secrets were found in the truncated source.
Updated: 2026-01-18GitHub
40
11
Low Cost
matlab icon
Sec6

Provides a framework and utilities to expose MATLAB functions as Model Context Protocol (MCP) tools, enabling AI agents and LLMs to interact with and leverage MATLAB's computational capabilities for domain-specific tasks.

Setup Requirements

  • ⚠️Requires MATLAB R2025b or later.
  • ⚠️Requires MATLAB Compiler SDK compatible with your MATLAB version.
  • ⚠️Requires MATLAB Production Server R2022a or later, configured with `--enable-archive-management` for deployment.
  • ⚠️Python environment needs `requests`, `FastMCP`, and `matplotlib` for some utilities and helper servers.
Review RequiredView Analysis
The `file_persist` utility, crucial for external data handling, exposes direct file system operations (copy, create, delete, match, etc.) via command-line arguments. While `sanitizeURI` attempts path cleaning, direct use of `u.Path` with OS functions means that if the MATLAB Production Server's underlying operating system permissions are not strictly controlled, these operations could be exploited to access, modify, or delete files outside of intended directories. The framework relies on external MATLAB Production Server security features (HTTPS, OAuth2, OIDC) and proper OS-level access control for safe operation. No `eval`, obfuscation, or hardcoded secrets were identified.
Updated: 2026-01-17GitHub
40
9
Medium Cost
mcp-use icon

inspector

by mcp-use

Sec4

An interactive developer tool for testing, debugging, and monitoring MCP (Model Context Protocol) servers, including their tools, prompts, resources, and UI widgets.

Setup Requirements

  • ⚠️Requires an existing MCP server: The tool is designed to inspect already running MCP servers, not deploy them.
  • ⚠️LLM API Keys for chat/sampling (optional): For client-side AI features, users must manually configure API keys (OpenAI, Anthropic, Google) in the browser's local storage. These are not environment variables for the Inspector server itself.
  • ⚠️OAuth configuration (optional): If the target MCP server requires OAuth, users must provide Client ID, Redirect URL, and Scope within the Inspector's connection settings.
Review RequiredView Analysis
1. Server-Side Request Forgery (SSRF) via `devWidgetUrl`: The `/inspector/api/dev-widget/:toolId` endpoint fetches content from `widgetData.devWidgetUrl`. The `storeWidgetData` function (in `src/server/shared-utils.ts`) does not appear to validate or sanitize `devWidgetUrl` or `devServerBaseUrl` from the request body before storing and later using them. A malicious client could potentially supply an arbitrary URL, coercing the server to make requests to internal network resources, leading to information disclosure or unauthorized actions. This is a critical vulnerability. 2. Content Security Policy (CSP) with `unsafe-inline`: The `generateWidgetContentHtml` function dynamically constructs a CSP for rendering widgets, which includes `default-src 'self' 'unsafe-inline'` when `widgetCSP` metadata is present. `unsafe-inline` allows the execution of inline scripts and styles, posing a potential Cross-Site Scripting (XSS) risk if an attacker can inject malicious content into widget HTML. 3. Client-side exposure of LLM API keys: For client-side LLM-based chat and AI-powered sampling approval, API keys (e.g., OpenAI, Anthropic, Google) are stored in the user's browser `localStorage`. This means keys are accessible to any client-side script and are not protected by server-side mechanisms. This is a user security consideration.
Updated: 2026-01-17GitHub
40
18
Medium Cost
kukapay icon
Sec2

Aggregates real-time cryptocurrency and blockchain data for AI agents and developers, spanning DeFi, trading, market analytics, and Web3 services.

Setup Requirements

  • ⚠️Requires API keys for various crypto exchanges and data providers (e.g., Binance, Bybit, Cointelegraph, NewsData).
  • ⚠️Requires access to blockchain RPC nodes for on-chain interactions across multiple networks (e.g., Ethereum, Solana, BSC).
  • ⚠️Servers involving trading or wallet interactions (e.g., Uniswap Trader, Jupiter MCP, Token Minter) will likely require private keys or secure wallet integration, posing high financial risk if not managed with robust security practices.
Review RequiredView Analysis
The provided 'source code' is only the `README.md` file for the `kukapay-mcp-servers` repository, which serves as an aggregation of links to other individual MCP server repositories. The `README.md` itself is a benign documentation file and contains no executable code or malicious patterns. However, the repository describes a comprehensive suite of servers designed for sensitive financial operations in the cryptocurrency space, including automated trading, DeFi lending, cross-chain transfers, and wallet management. Without access to the actual source code of these individual MCP servers (e.g., `uniswap-trader-mcp`, `jupiter-mcp`, `token-revoke-mcp`), it is impossible to perform a security audit of their implementations. Engaging with real-time trading, DeFi protocols, and managing digital assets inherently carries significant financial risk if the underlying software is not meticulously developed, audited, and configured securely. Therefore, safety cannot be confirmed, and extreme caution is advised for any deployment or interaction with the described functionalities without thorough code review of the actual server implementations.
Updated: 2026-01-12GitHub
40
4
Medium Cost
human-re icon

Aline

by human-re

Sec6

Aline provides persistent, shared AI agent memory across sessions and teams, maintaining conversational context and facilitating seamless collaboration.

Setup Requirements

  • ⚠️Requires 'uv' (a Python package manager) to be installed; the server attempts automatic installation, but manual intervention might be necessary.
  • ⚠️Relies on a compatible Model Context Protocol (MCP) agent (e.g., Claude Code) for integration and interaction.
  • ⚠️Implicitly requires 'git' to be installed and configured for team sharing and context syncing with GitHub repositories.
Verified SafeView Analysis
The installation process involves automatically downloading and executing shell scripts from 'astral.sh' for 'uv' (a Python package manager) via `curl | sh` or `powershell | iex`. While 'astral.sh' is a legitimate source for 'uv', executing scripts directly from the internet introduces a supply chain risk if the source or download link were ever compromised. Furthermore, running `uvx --refresh` means the 'aline-ai' package is continuously downloaded and refreshed, which could also pose a risk if the package registry is compromised.
Updated: 2025-12-02GitHub
40
10
Medium Cost
hargata icon

lubelog_mcp

by hargata

Sec7

Integrates LubeLogger with AI agents to manage vehicle maintenance records using a RESTful API.

Setup Requirements

  • ⚠️Requires an AI agent capable of tool calling (e.g., Claude Desktop) to interact with the server.
  • ⚠️Requires Docker and Docker Compose for easy deployment.
  • ⚠️Local Authentication grants unfettered access to all vehicles in the LubeLogger instance, which may be a security concern for multi-user setups. Header Auth is more complex to configure but offers greater security.
Verified SafeView Analysis
The server offers two authentication methods: Header Auth (more secure) and Local Auth (less secure, granting unfettered access to all vehicles). The choice of Local Auth, while documented, presents a significant security consideration if not used carefully. Environment variables (LUBELOG_INSTANCE, LUBELOG_USER, LUBELOG_PASS) are indicated for configuration, promoting secure secret management. No 'eval', obfuscation, or hardcoded secrets were found in the provided snippets. The use of 'AllowedHosts: "*"' in appsettings.json is common but could be tightened for production deployments if strict origin control is needed.
Updated: 2026-01-12GitHub
40
5
Medium Cost
KSAklfszf921 icon

sverigesradio-mcp

by KSAklfszf921

Sec9

Accessing Swedish radio programs, podcasts, live streams, news, and traffic information for AI assistants.

Setup Requirements

  • ⚠️The underlying Sveriges Radio API is no longer actively maintained, which could lead to future data inconsistencies or unavailability.
  • ⚠️Optional Bearer token authentication (MCP_AUTH_TOKEN) can be configured, requiring an Authorization header for clients if enabled.
  • ⚠️Requires Node.js version 18 or higher.
Verified SafeView Analysis
The server uses environment variables (e.g., MCP_AUTH_TOKEN) for sensitive data, implements Zod for robust input validation, and includes CORS, rate limiting, and session management. It fetches data from Sveriges Radio's public API, which does not require authentication itself. No direct 'eval' usage, code obfuscation, or obvious malicious patterns were found in the provided source. Standard, well-vetted Node.js dependencies are used. The security measures primarily protect the MCP server endpoint and manage access to the public upstream API.
Updated: 2025-12-08GitHub
40
21
Low Cost
haroldadmin icon

fastify-mcp

by haroldadmin

Sec9

Integrates Model Context Protocol (MCP) server functionality into Fastify web applications, supporting streamable HTTP and legacy HTTP+SSE transports.

Setup Requirements

  • ⚠️In-memory session management in 'stateful' mode is not suitable for horizontally scaled production deployments and requires integration with a distributed session store.
  • ⚠️The HTTP+SSE transport (`fastifyMCPSSE` plugin) is deprecated by the MCP protocol; migration to Streamable HTTP (`streamableHttp` plugin) is recommended.
Verified SafeView Analysis
The codebase appears well-structured and follows good practices for a Fastify plugin. It correctly handles session management (add, remove, close events) and provides generic error responses for invalid requests, minimizing information leakage. There are no obvious signs of 'eval' usage, obfuscation, hardcoded secrets, or malicious patterns. The use of `reply.raw` is inherent to Fastify's low-level access and the underlying MCP SDK transport layer. The primary security consideration for deployment is the in-memory session management, which, while secure for single-node instances, would require a distributed session store for horizontally scaled applications to prevent state loss or unauthorized access across instances. This is a design choice inherent to how the MCP SDK handles sessions, not a vulnerability in the plugin itself.
Updated: 2025-12-10GitHub
40
18
High Cost
ScienceOL icon

Xyzen

by ScienceOL

Sec8

AI platform for multi-agent orchestration, real-time chat, and document processing.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose for setting up the development environment, including dependent services like PostgreSQL, Redis, Mosquitto, and Casdoor.
  • ⚠️Relies on external Large Language Model (LLM) providers (e.g., OpenAI, Azure OpenAI, Google), which are typically paid services and require valid API keys for full functionality.
  • ⚠️Web search functionality (used by agents like Deep Research) requires a running SearXNG instance (or compatible metasearch engine) to be configured and accessible.
  • ⚠️The default admin secret ('change-this-admin-secret-key-in-production') must be changed in production deployments to mitigate security risks.
Verified SafeView Analysis
The system leverages environment variables for most sensitive configurations like API keys and database credentials, which is a good practice. A default admin secret is provided for development, with explicit instructions to change it in production to prevent unauthorized access. External API interactions (e.g., with Bohrium, Smithery, SearXNG) are routed through a backend proxy, enhancing security by abstracting direct client-side requests and centralizing credential management. The `BOHRAPP_X_APP_KEY` serves as a fixed application identifier for a specific external service, not a sensitive secret. No 'eval' or other highly dangerous dynamic code execution patterns were identified in the provided source snippets.
Updated: 2026-01-19GitHub
40
8
Medium Cost
n24q02m icon
Sec8

Provides a Markdown-first MCP server for Notion, optimizing Notion API interactions for AI agents by consolidating endpoints into composite actions and reducing LLM token overhead for tool descriptions.

Setup Requirements

  • ⚠️A Notion integration token (NOTION_TOKEN) is strictly required as an environment variable.
  • ⚠️The Notion integration must be explicitly shared with the specific pages or databases it needs to access.
  • ⚠️Requires Node.js 24+ and pnpm for local development/build, or Docker for containerized deployment. For NPX, Node.js is still required.
  • ⚠️Only a subset of Notion blocks (headings, paragraphs, lists, code, quotes, dividers, and basic inline formatting) are supported for Markdown conversion; complex blocks like tables, toggles, embeds, or images are not.
Verified SafeView Analysis
The server handles a Notion API token, which is correctly sourced from an environment variable (NOTION_TOKEN) rather than being hardcoded. No 'eval' or obvious obfuscation is present. The project includes a SECURITY.md, indicating attention to security practices like dependency updates and the principle of least privilege. The underlying Notion client and MCP SDK are reputable, reducing intrinsic risks. However, as with any server handling sensitive API keys, secure deployment and environment management are crucial, and the large dependency tree (common in Node.js) always presents a broader attack surface.
Updated: 2026-01-12GitHub
PreviousPage 94 of 760Next