Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

40
8
Medium Cost
realloon icon

RIMCP

by realloon

Sec9

An MCP server enabling AI agents to search and browse RimWorld source code and Def definitions for modding and development purposes.

Setup Requirements

  • ⚠️Requires manual installation of Bun runtime and Ripgrep.
  • ⚠️Requires a local copy of the decompiled RimWorld source code and game asset XML definitions, which must be provided as paths during the indexing step.
  • ⚠️Initial indexing of game definitions and source code must be performed manually via `bun run src/scripts/import-defs` and `bun run src/scripts/import-csharp` followed by `bun run build` before the server is fully functional.
Verified SafeView Analysis
The server uses `bun.$` to execute `ripgrep` for source code searches. While external command execution inherently carries some risk, the arguments for `ripgrep` (query, file pattern, case sensitivity) are properly parameterized, mitigating common command injection vulnerabilities. The `PathSandbox` utility effectively prevents path traversal attacks by validating and resolving all file paths within a confined base directory (`dist/assets`). No 'eval', hardcoded secrets, or direct network listening (beyond stdio transport) are observed.
Updated: 2026-01-12GitHub
40
23
Medium Cost
GreptimeTeam icon

greptimedb-mcp-server

by GreptimeTeam

Sec9

Enables AI assistants to query and analyze GreptimeDB, an open-source, cloud-native, unified observability database, using SQL, TQL, and RANGE queries, with built-in security and data masking.

Setup Requirements

  • ⚠️Requires a running GreptimeDB instance.
  • ⚠️Authentication (user/password) is required for GreptimeDB connection and HTTP API calls for pipeline management.
  • ⚠️Requires Python 3.11+ and specific Python package versions (e.g., mysql-connector-python>=9.1.0, mcp>=1.8.0).
Verified SafeView Analysis
The server implements a robust `security_gate` to block dangerous SQL operations (DDL, DML, dynamic SQL, file system access, encoded content) and enforces read-only access for core query tools. Sensitive data masking is applied based on configurable column name patterns. Input validation functions are used for all tool parameters to prevent injection. HTTP API calls for pipeline management (create, dryrun, delete) require authentication. While `exec()` is used for dynamic prompt registration, it's highly controlled, constructing a fixed function template and only performing string replacement for variables, which mitigates typical `exec()` risks. DNS rebinding protection and audit logging are configurable.
Updated: 2026-01-19GitHub
40
19
High Cost
ms82119 icon

NiFiMCP

by ms82119

Sec2

Provides a natural language chat interface for interacting with Apache NiFi instances, enabling users to retrieve information, document flows, and perform creation, modification, and operational actions on NiFi components using Large Language Models and custom tools.

Setup Requirements

  • ⚠️Requires a running Apache NiFi instance (versions 1.23 or 1.28 tested).
  • ⚠️Requires API keys for at least one Large Language Model (e.g., OpenAI, Google, Anthropic, Perplexity), which are typically paid services.
  • ⚠️Default debug logging ('interface_debug_enabled: true') in 'logging_config.yaml' will expose sensitive data and must be explicitly disabled in production.
  • ⚠️Uses 'uv' for Python dependency management, which may be new to some users.
Review RequiredView Analysis
CRITICAL: Remote Code Execution (RCE) Vulnerability: The system allows the LLM to dynamically generate and deploy NiFi scripts (e.g., Groovy scripts for 'ExecuteScript' processors). This is a direct RCE vector on the NiFi instance, enabling the execution of arbitrary code. CRITICAL: Sensitive Data Exposure: The 'logging_config.yaml' sets 'interface_debug_enabled: true' by default. When active, this feature writes detailed JSON logs of all LLM requests/responses, MCP server calls, and NiFi API interactions. These logs can contain highly sensitive information, including LLM API keys, NiFi API credentials (username/password), and the full content of dataflows and payloads. This constitutes a critical data leak risk and MUST be disabled ('interface_debug_enabled: false') in any non-development environment. Weakened TLS Security: The 'config.example.yaml' suggests 'tls_verify: false' for local NiFi setups. Disabling TLS verification in production environments exposes the NiFi API to man-in-the-middle attacks. LLM-Mediated Operations Risk: The core functionality involves an LLM directly initiating modifications and deletions of NiFi components. Without robust LLM safety guardrails, prompt injection vulnerabilities could allow malicious actors to hijack the LLM's agency and perform unauthorized operations. Header Overrides for Feature Flags: Configuration settings (e.g., auto_stop_enabled) can be overridden via HTTP headers (e.g., 'X-MCP-Auto-Stop-Enabled'). If the MCP server is exposed without proper authentication/authorization, this could bypass safety mechanisms.
Updated: 2025-11-30GitHub
40
9
Low Cost
cooneycw icon
Sec8

Provides distributed locking and session coordination for Claude Code sessions via Redis, preventing conflicts during concurrent development activities.

Setup Requirements

  • ⚠️Requires Redis server installation and configuration.
  • ⚠️Requires `uv` for Python dependency management.
  • ⚠️Requires `jq` for shell scripts (JSON processing).
Verified SafeView Analysis
No direct code-level 'eval' or obvious command injection vulnerabilities were found in the Python server. The system relies on a local Redis instance; its security (e.g., authentication, network isolation) is crucial. Bash scripts use `jq` for JSON parsing and file-based operations, generally handled safely by expecting specific input formats. Lock and session metadata are stored in local files (`~/.claude/coordination`); unauthorized file system access could lead to manipulation. The server binds to `127.0.0.1:8082` by default, limiting network exposure. Shell scripts make calls to `git` and `gh` (GitHub CLI), assuming these external tools are secure.
Updated: 2026-01-11GitHub
40
19
High Cost
growthbook icon

growthbook-mcp

by growthbook

Sec7

The GrowthBook MCP server allows LLM clients to interact with the GrowthBook platform for managing feature flags, A/B tests (experiments), metrics, and SDK connections, including code integration.

Setup Requirements

  • ⚠️Requires GrowthBook API Key (GB_API_KEY) for authentication.
  • ⚠️Requires GrowthBook user email (GB_EMAIL) for attributing created resources.
  • ⚠️The 'wrapped' prompt can generate a very large React component, leading to high token usage.
Verified SafeView Analysis
The server uses environment variables for sensitive API keys, which is good practice. It includes `child_process.exec` in the `generate_flag_types` tool to run `npx growthbook` commands. While the commands are hardcoded to specific `growthbook` CLI operations and pinned to `@latest`, executing arbitrary `npx` commands, especially if the `currentWorkingDirectory` parameter is controlled by untrusted input, presents a potential command injection risk if the `growthbook` CLI itself were compromised or misused. However, in the context of an MCP server used by an expert developer, this risk is mitigated by the expectation of responsible client-side handling of `currentWorkingDirectory` and the fixed nature of the commands.
Updated: 2026-01-14GitHub
40
27
Medium Cost
jtsang4 icon

nettune

by jtsang4

Sec8

This server acts as an MCP (Model Context Protocol) stdio client wrapper for the 'nettune' TCP network optimization tool, enabling AI-assisted network diagnostics and configuration on Linux servers.

Setup Requirements

  • ⚠️The nettune server component requires root (sudo) privileges to modify system network settings (sysctl, qdisc, systemd).
  • ⚠️API keys are passed via command-line arguments, which can expose them in shell history. Secure management (e.g., using environment variables or a secure vault with custom setup, and shell history hygiene) is recommended.
  • ⚠️The nettune server functionality (actual network optimization and probing) is primarily designed for and dependent on Linux kernel features; Windows support for the server is experimental/limited.
Verified SafeView Analysis
The project uses a client-server architecture where the `nettune` server (Go application) runs with root privileges on the target Linux machine to modify kernel parameters and traffic control settings. The client wrapper (`@jtsang/nettune-mcp` npm package) downloads the `nettune` binary from GitHub releases and verifies it using SHA256 checksums, a good practice to prevent tampering. Communication between the client and server is HTTP with Bearer token authentication. The server implements robust security measures including client IP-based rate limiting, request body size limits, and constant-time comparison for API keys to mitigate timing attacks. The README provides critical security warnings regarding API key exposure via shell history (when passed as a command-line argument) and recommends using TLS termination for production deployments. The inherent risk of a tool modifying system network configurations is high due to requiring root privileges, but the project has implemented reasonable safeguards and transparently documented risks.
Updated: 2025-12-27GitHub
39
13
Low Cost

mockloop-mcp

by MockLoop

Sec8

Provides a comprehensive platform for generating and managing mock API servers with AI-driven test generation, scenario management, proxy capabilities, and robust monitoring and auditing features.

Setup Requirements

  • ⚠️Requires Docker for running generated mock servers.
  • ⚠️Python 3.10+ required, Python 3.11+ recommended.
  • ⚠️SchemaPin requires 'schemapin' library for full functionality (install optional dependency).
  • ⚠️Some advanced features like custom AI workflows or specific proxy configurations might require additional setup or understanding of underlying frameworks (e.g., LangGraph, CrewAI).
Verified SafeView Analysis
The project includes SchemaPin integration for cryptographic schema verification, which is a strong security feature against 'MCP Rug Pull' attacks. However, advanced security configurations like TLS/SSL for admin interfaces or specific security headers might require manual setup by the user. The code includes some basic input validation and error handling, but end-to-end security testing of generated mocks depends on user configuration. The presence of various scripts like `sign_all_schemas.py` and `validate_signatures.py` indicates a focus on security.
Updated: 2025-11-24GitHub
39
16
Low Cost

ig-mcp-server

by inspektor-gadget

Sec7

A Go-based server application likely implementing a specific network protocol or game logic, suggested by 'MCP Server' naming and project structure.

Setup Requirements

  • ⚠️Requires Go compiler and runtime for development or building locally.
  • ⚠️Docker is required to build and run the server using the provided Dockerfile.
  • ⚠️The purpose and configuration implications of 'glama.json' are unknown and may require specific understanding.
Verified SafeView Analysis
Server applications inherently involve network interfaces and potential exposure. No specific vulnerabilities, 'eval' usage, or obfuscation were identified from the file list alone. The presence of `.golangci.yml` suggests an adherence to good Go development practices, which often includes security linting.
Updated: 2025-11-18GitHub
39
11
Medium Cost
mdn icon

mcp

by mdn

Sec9

This MCP server provides a standardized API for accessing MDN Web Docs search results, detailed documentation, and browser compatibility data.

Setup Requirements

  • ⚠️Requires Node.js version 24 or higher.
  • ⚠️Recommends npm version 11.6.2 or higher.
Verified SafeView Analysis
The server's network requests are explicitly constrained to legitimate MDN domains (developer.mozilla.org and bcd.developer.mozilla.org), significantly mitigating Server-Side Request Forgery (SSRF) risks. No use of `eval` or similar dangerous functions was found. Sensitive environment variables like SENTRY_DSN are correctly loaded from `process.env`, preventing hardcoded secrets. Overall, the codebase appears to follow good security practices for its stated purpose.
Updated: 2026-01-19GitHub
39
17
Medium Cost
loonghao icon
Sec9

A Model Context Protocol (MCP) server for querying PyPI package information, dependencies, and compatibility checking, assisting AI agents in Python development workflows.

Setup Requirements

  • ⚠️The recommended installation method uses `uvx`, which needs to be installed separately.
  • ⚠️Statistics tools (`get_download_statistics`, `get_download_trends`, `get_top_downloaded_packages`) are currently affected by external PyPI statistics server errors (HTTP 502) or API limitations, leading to limited or unavailable functionality as per the test report.
  • ⚠️The `get_package_dependencies` tool has a critical limitation: it always returns dependencies for the latest package version, regardless of the specified `version` parameter, limiting its utility for historical analysis.
Verified SafeView Analysis
The codebase itself does not contain obvious security vulnerabilities like `eval` or hardcoded secrets. It correctly uses environment variables for sensitive private PyPI repository credentials. Network requests are handled asynchronously with `httpx` including retry logic and timeouts, which is robust. The primary security considerations involve the trustworthiness of external PyPI index sources and the secure configuration of private repositories by the user. Overall, the implementation adheres to good security practices for its domain.
Updated: 2026-01-15GitHub
39
12
Low Cost
bobmatnyc icon

kuzu-memory

by bobmatnyc

Sec8

KuzuMemory provides a lightweight, embedded graph-based memory system for AI applications, specifically designed to integrate with AI coding agents (like Claude Code) via the Model Context Protocol (MCP) for contextual prompt enhancement and learning from interactions.

Setup Requirements

  • ⚠️Requires the Kuzu database client library (python `kuzu` package).
  • ⚠️Initial run may trigger NLTK data downloads (`punkt`, `vader_lexicon`, `stopwords` etc.), which require an internet connection and can add to startup time.
  • ⚠️Git integration features (`GitSyncManager`) require the `git` executable to be available in the system's PATH and the `gitpython` Python library.
  • ⚠️Integration with specific AI systems (e.g., Claude Code, Cursor, VSCode) requires running `kuzu-memory install add <system-name>` to set up project-specific configuration files and hooks, which is an additional setup step beyond simple `pip install`.
Verified SafeView Analysis
The server primarily communicates over stdin/stdout, reducing external network attack surface. It utilizes `subprocess.run` in `KuzuCLIAdapter`, `MCPDiagnostics`, and `SelfUpdater` for CLI interactions and system-level operations. While input sanitization is used, `subprocess` calls are a common point for command injection if not handled perfectly. No direct `eval()` or obfuscation is observed. Hardcoded secrets are not evident; environment variables are used for sensitive paths.
Updated: 2026-01-18GitHub
39
14
Medium Cost
Winding2020 icon

superset-mcp

by Winding2020

Sec8

This server provides a Model Context Protocol (MCP) interface for programmatic management and interaction with Apache Superset data assets, including datasets, metrics, calculated columns, charts, and dashboards, along with SQL query execution.

Setup Requirements

  • ⚠️Requires Node.js 18+
  • ⚠️Requires access to a running Apache Superset instance
  • ⚠️Requires valid Superset credentials (username/password or access token) configured via environment variables
Verified SafeView Analysis
The server correctly uses environment variables for Superset credentials, avoiding hardcoded secrets. It implements authentication with access tokens or username/password and includes CSRF token handling for protected requests, which is good practice. Direct SQL execution is a core feature for the `execute_sql` tool, which inherently carries a risk if the MCP server or the AI agent using it is exposed to untrusted input, as it could enable SQL injection against the Superset's configured databases. However, this is a feature of the tool, not a vulnerability in the server's implementation of the Superset API, assuming the MCP server is deployed in a trusted environment and the AI agent's prompts are carefully managed.
Updated: 2025-12-10GitHub
PreviousPage 98 of 760Next