Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

40
5
Medium Cost
isakskogstad icon

Sveriges.Radio-MCP

by isakskogstad

Sec9

Provide a Model Context Protocol server to allow AI assistants to interact with Sveriges Radio's public API for programs, podcasts, live streams, music playlists, news, and traffic information.

Setup Requirements

  • ⚠️Requires Node.js 18.0.0 or higher.
  • ⚠️The 'search_programs' tool performs client-side relevance ranking by fetching up to 200 programs per request, which can result in larger JSON payloads for processing.
  • ⚠️Optional Bearer token authentication via 'MCP_AUTH_TOKEN' environment variable requires manual setup for local development or deployment if desired.
Verified SafeView Analysis
The underlying Sveriges Radio API is public and does not require authentication, minimizing credential exposure risk. The MCP server itself implements optional Bearer token authentication, rate limiting, session management, and ETag-based caching, which are good security and efficiency practices. CORS is set to '*' by default, but this is acceptable given the public nature of the data accessed. No 'eval' or other malicious code patterns were found in the provided source.
Updated: 2025-12-08GitHub
40
13
Medium Cost
configcat icon

mcp-server

by configcat

Sec9

The ConfigCat MCP server allows AI agents and code editors to manage feature flags and configurations using ConfigCat's public management API and provides SDK documentation.

Setup Requirements

  • ⚠️Requires ConfigCat Management API basic authentication username (CONFIGCAT_API_USER) and password (CONFIGCAT_API_PASS) as environment variables.
  • ⚠️This server is designed for management operations only; it explicitly warns against using it for evaluating feature flag values in production applications.
  • ⚠️Fetching full SDK documentation via `update-sdk-documentation` can consume a significant number of LLM tokens due to the content size.
Verified SafeView Analysis
The server correctly uses environment variables for sensitive API credentials (CONFIGCAT_API_USER, CONFIGCAT_API_PASS), preventing hardcoding. It employs Zod for robust input validation on all tool arguments, mitigating common injection risks. Network requests are made to the ConfigCat API and documentation site, which are legitimate external services. No 'eval' or other directly dangerous dynamic code execution patterns are evident. The primary security consideration is the secure management of the provided API credentials by the user.
Updated: 2025-12-05GitHub
40
19
Medium Cost
rafaljanicki icon

x-twitter-mcp-server

by rafaljanicki

Sec8

An MCP server for interacting with Twitter (X) via AI tools, allowing natural language commands to fetch, post, search, and manage tweets and user data.

Setup Requirements

  • ⚠️Requires a Twitter Developer Account and obtaining API Key, API Secret, Access Token, Access Token Secret, and Bearer Token.
  • ⚠️For desktop integration with Claude, requires Node.js installed.
  • ⚠️API credentials must be configured via a '.env' file or passed per-request (e.g., via Smithery's base64-encoded config parameter).
Verified SafeView Analysis
The server uses environment variables for all Twitter API credentials, which is good practice. It explicitly uses Twitter API v2 with proper authentication, avoiding insecure username/password methods. In-memory rate limiting is implemented to prevent API abuse. The SmitheryConfigMiddleware decodes base64-encoded credentials from URL query parameters and sets them as environment variables, which relies on the security of the transport layer and the handling of URLs by clients (e.g., logging). The CORS configuration allows all origins (`allow_origins=["*"]`), which is broad but common for local/private MCP deployments. No 'eval' or obvious malicious patterns were found.
Updated: 2026-01-18GitHub
40
2
Medium Cost
kiki830621 icon

che-apple-mail-mcp

by kiki830621

Sec8

Programmatic management and automation of Apple Mail functionalities on macOS.

Setup Requirements

  • ⚠️Requires macOS 13.0+ (Ventura or later).
  • ⚠️Requires Xcode Command Line Tools for compilation ('swift build').
  • ⚠️Requires explicit user permission for 'Automation' in System Settings > Privacy & Security to control Mail.app.
  • ⚠️Apple Mail must be running and have at least one account configured.
Verified SafeView Analysis
The server primarily executes AppleScript commands on the local machine via `NSAppleScript`. User-provided inputs for these commands are passed through an `escapeForAppleScript` function to mitigate script injection risks. However, direct AppleScript execution from constructed strings, even with escaping, inherently carries a risk, though this risk is contained to Mail.app functionality. The server explicitly requires macOS 'Automation' permissions for Mail.app, which the user must grant manually, providing a clear security gate. The `PRIVACY.md` explicitly states no data is stored outside Apple Mail and no data is transmitted to external services.
Updated: 2026-01-19GitHub
40
2
Low Cost
taylorsatula icon

phone-a-friend-mcp

by taylorsatula

Sec9

Enables real-time communication between multiple Claude Code instances, allowing one to listen and others to initiate conversations with specific intents.

Setup Requirements

  • ⚠️The 'paf-hub' server (started via `paf-hub`) must be running as a separate process before any Claude instances can use the 'phone-a-friend' MCP.
  • ⚠️Requires Python 3.10 or newer to run, as specified in `pyproject.toml`.
Verified SafeView Analysis
The central 'paf-hub' TCP server binds exclusively to localhost (127.0.0.1:7777) by default, significantly limiting network exposure. The system relies on standard JSON parsing for client-hub communication, and no dynamic code execution functions (like `eval` or `exec`) or hardcoded secrets were identified in the provided source code. Overall, the design prioritizes local interaction and safe data handling.
Updated: 2025-12-02GitHub
40
20
Medium Cost
fastomop icon

omcp

by fastomop

Sec3

The server enables Large Language Models (LLMs) to securely query and analyze healthcare data stored in the OMOP Common Data Model format through a standardized Model Context Protocol interface.

Setup Requirements

  • ⚠️Requires Python 3.13 or higher.
  • ⚠️Requires `uv` for package installation.
  • ⚠️Requires Git LFS for retrieving the synthetic DuckDB database file.
  • ⚠️Requires Docker Desktop for integration with Librechat.
  • ⚠️DuckDB does not allow multiple processes with write access to the database file simultaneously.
Review RequiredView Analysis
CRITICAL: The `lookup_drug` and `lookup_condition` functions in `src/omcp/main.py` are vulnerable to SQL injection. User input for the `term` parameter is directly interpolated into SQL queries using f-strings without proper sanitization or parameterization. This allows a malicious user to inject arbitrary SQL commands, potentially leading to unauthorized data access, modification, or other database compromises, even with the `SQLValidator` in place, as the validator acts *after* the injection occurs. The system also bypasses validation for 'system queries' which could be a nuanced risk depending on the specific database backend. While there are good intentions with `SQLValidator` and `ibis`, the direct f-string interpolation of user input in the lookup functions creates a severe vulnerability.
Updated: 2026-01-12GitHub
40
15
Low Cost
SPANDigital icon

mcp-server-dump

by SPANDigital

Sec8

A command-line tool to extract, analyze, and document the capabilities (tools, resources, prompts) of MCP (Model Context Protocol) servers in various formats, including Markdown, JSON, HTML, PDF, and Hugo sites.

Setup Requirements

  • ⚠️Requires Go 1.25.0+ for direct installation/building from source.
  • ⚠️Requires a running MCP server (Node.js, Python, Go, etc.) or a command to start one.
  • ⚠️For generating/building Hugo documentation sites, `Hugo v0.133.0+` (extended version with modules support) is required to be installed locally if you want to build the generated site, not just generate its source files.
Verified SafeView Analysis
The tool's core functionality involves executing user-provided commands (e.g., `node server.js`) to interact with MCP servers. While this is an intended feature, it introduces a significant security risk if the input `server-command` is untrusted or malicious. The code explicitly acknowledges this with `#nosec G204`. Other sensitive operations, such as file I/O for context files and Hugo output, include explicit path traversal protection and file size limits (`maxContextFileSize`). OAuth tokens are cached with restricted file permissions (`0o600`). Network interactions include timeouts and structured header parsing. No obvious hardcoded secrets or malicious patterns were found in the provided source code, making the tool itself reasonably secure, provided users supply trusted commands.
Updated: 2026-01-14GitHub
40
17
Low Cost
aimasteracc icon

tree-sitter-analyzer

by aimasteracc

Sec9

An enterprise-grade code analysis tool for AI assistants, providing deep AI integration, powerful search, and intelligent analysis across 17 programming languages. It's designed for developers working with large codebases, enabling token optimization and structured code understanding for AI interactions.

Setup Requirements

  • ⚠️Requires 'uv' (Python package manager) for installation.
  • ⚠️Requires external command-line tools 'fd' and 'ripgrep' for search features.
  • ⚠️Requires Python 3.10+.
Verified SafeView Analysis
The project demonstrates a high level of security awareness with explicit security policies (`SECURITY.md`), dedicated security components (`SecurityValidator`, `ProjectBoundaryManager`, `RegexSafetyChecker`), and robust input validation. It implements project boundary protection, path traversal prevention, null byte injection prevention, and obfuscation of sensitive information in error responses. All subprocess commands are run safely without shell execution. This significantly reduces common attack vectors.
Updated: 2026-01-19GitHub
40
20
Medium Cost
Vaiz icon
Sec9

Acts as a bridge for Large Language Models (LLMs) like GitHub Copilot to interact with and perform actions on local Rust development environments, automating tasks like building, testing, and analyzing code.

Setup Requirements

  • ⚠️Requires `rustup` and `cargo` (Rust toolchain) to be pre-installed on the system.
  • ⚠️Many advanced features require installation of additional cargo subcommands (e.g., `cargo-machete`, `cargo-deny`, `cargo-hack`) which are not bundled with the server.
  • ⚠️Requires specific JSON configuration in `.vscode/mcp.json` and potentially `.github/copilot-instructions.md` for seamless integration with GitHub Copilot Coding Agent or VS Code.
  • ⚠️The `--workspace` command-line argument is crucial for defining the Rust project context, especially when running the server from a different directory.
Verified SafeView Analysis
The server primarily executes well-known Rust CLI tools (`cargo`, `rustup`, `rustc`) via `std::process::Command`. Arguments are constructed using `.arg()` which robustly prevents typical shell injection vulnerabilities. The server operates within a designated workspace directory, limiting its scope. Communication with the LLM is over stdio, not open network ports, reducing direct network attack surface. Input validation within tool request structs further constrains potential misuse.
Updated: 2026-01-19GitHub
40
16
Low Cost
vitorbari icon

mcp-operator

by vitorbari

Sec9

Kubernetes operator for deploying, managing, and validating Model Context Protocol (MCP) servers.

Setup Requirements

  • ⚠️Requires a Kubernetes cluster (Kind, Minikube, or cloud-based).
  • ⚠️Requires `kubectl` to interact with the cluster.
  • ⚠️Full monitoring features (Prometheus metrics, Grafana dashboards) require Prometheus Operator to be installed in the cluster.
Verified SafeView Analysis
The project is a Kubernetes operator and includes a sidecar proxy. It leverages standard Kubernetes security mechanisms (Pod Security Standards, RBAC, configurable security contexts) for deployed MCP servers. The sidecar proxy handles TLS termination and standard HTTP forwarding headers (X-Forwarded-For) safely. It explicitly loads TLS certificates from files rather than relying on hardcoded secrets. No `eval` or dynamic code execution patterns were found. Given its nature as an operator, it requires elevated Kubernetes permissions, but this is managed through standard RBAC. The project is marked as 'Alpha Software', which implies potential API changes or incomplete features, but not inherent security vulnerabilities in the current code structure.
Updated: 2026-01-15GitHub
40
5
Medium Cost
KSAklfszf921 icon

Sveriges_Radio-MCP

by KSAklfszf921

Sec9

Connects an AI assistant to Sveriges Radio's API to retrieve information on programs, podcasts, live streams, playlists, news, and traffic in natural language.

Setup Requirements

  • ⚠️Requires Node.js >=18.0.0.
  • ⚠️Optional `MCP_AUTH_TOKEN` environment variable for authentication, which requires client-side configuration to pass the token.
  • ⚠️The underlying Sveriges Radio API is no longer actively maintained (though still functional), posing a long-term risk of eventual deprecation or breaking changes.
Verified SafeView Analysis
The server employs robust security practices including Zod for input validation, environment variables for secrets (`MCP_AUTH_TOKEN`), and a fixed external API endpoint. It correctly handles network errors and implements caching to respect external API rate limits. There's no direct `eval` or arbitrary code execution found. The client-side relevance ranking for search queries mitigates potential server-side injection risks by processing on already retrieved data. CORS configuration, session management, and rate limiting are also implemented, enhancing overall security and stability.
Updated: 2025-12-08GitHub
40
2
Medium Cost
philogicae icon
Sec8

This project aggregates French torrent providers (YggTorrent, La Cale) and provides a programmatic interface (Python wrapper, MCP, and FastAPI server) for searching and downloading torrents.

Setup Requirements

  • ⚠️Requires credentials (username/password for YggTorrent, passkey for LaCale) for active providers.
  • ⚠️YggTorrent functionality requires a separate local API bridge (ygege) to be running, typically via Docker Compose.
  • ⚠️Python 3.10+ is required.
Verified SafeView Analysis
The server uses environment variables for credentials, which is good practice. It handles external network requests and torrent files. While the server itself doesn't execute torrents, users should be aware of the inherent risks associated with torrent content. The `eval` function or similar dangerous patterns are not found.
Updated: 2026-01-18GitHub
PreviousPage 97 of 760Next