Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

39
15
Medium Cost
linxule icon
Sec9

This MCP server provides a tool for multi-faceted problem-solving and contemplative reasoning, using a wisdom framework inspired by the Lotus Sutra to guide AI agents in structured thinking and insight generation.

Setup Requirements

  • ⚠️Requires Node.js 18.0.0 or higher.
  • ⚠️Designed to be used with an MCP client (e.g., Claude Desktop, smithery.ai) for proper interaction.
  • ⚠️The first call with `tag='begin'` incurs a higher token cost (~1,200 tokens) to deliver the full framework.
Verified SafeView Analysis
The codebase appears generally secure. Input validation is present for tool arguments. The 'content' parameter is logged to console output, which is generally safe, but should be noted as it can contain user-provided text. No 'eval' or direct arbitrary code execution, hardcoded secrets, or explicit network vulnerabilities were identified. The use of 'chalk' for console output is harmless. Session management for HTTP transport uses `randomUUID` for session IDs.
Updated: 2025-11-27GitHub
39
13
Medium Cost
oO icon
Sec4

Enables AI agents to programmatically create, modify, and manage design elements and properties within Figma via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Node.js for the server component.
  • ⚠️Requires Python 3.7+ for the client launcher.
  • ⚠️Requires Figma Desktop App with the 'Figma MCP Write Bridge' plugin installed and active for full functionality.
  • ⚠️Initial server setup requires running `npm install` and `npm run build` from the project root.
Review RequiredView Analysis
The server uses `corsOrigin: '*'` for its WebSocket connection, which is a major security vulnerability if the server is exposed beyond localhost, as it allows cross-origin requests from any domain. While intended for local client-plugin communication, this wide-open setting should ideally be restricted to known origins or 'localhost'. The server also executes `child_process.exec` commands (e.g., `lsof`, `ps`, `kill -9`) for port management and zombie process cleanup, which, while justified in context, introduce a reliance on shell execution. Furthermore, image and export handlers allow reading from and writing to the local filesystem (e.g., `outputDirectory`, `source` paths) with `path.resolve`, but without explicit sanitization against directory traversal (e.g., `../../../etc/passwd`), posing a risk for arbitrary file system access/manipulation if a malicious input path is provided.
Updated: 2025-11-25GitHub
39
14
Medium Cost

openhab-mcp

by tdeckers

Sec7

This project provides an MCP (Model Context Protocol) server to enable AI assistants like Claude and Cline to interact with and manage a real openHAB smart home system via its REST API.

Setup Requirements

  • ⚠️Requires Docker or Podman for deployment.
  • ⚠️Requires an existing and operational openHAB instance.
  • ⚠️Requires an openHAB API token and URL (and optional credentials) for configuration.
Verified SafeView Analysis
The server connects to a real openHAB instance using an API token and potentially username/password, granting extensive control over the smart home system (items, things, rules, scripts). While not inherently malicious, a compromised AI assistant or MCP server could perform significant actions (e.g., turn off critical devices, modify rules). The security relies heavily on safeguarding the OpenHAB API token and ensuring the AI assistant's integrity. There are no obvious signs of 'eval' or obfuscation in the provided information, but the power it wields necessitates careful deployment and monitoring.
Updated: 2025-11-17GitHub
39
17
High Cost
OpenCageData icon

opencage-geocoding-mcp

by OpenCageData

Sec9

Provides geocoding and reverse geocoding capabilities using the OpenCage geocoding API via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Node.js v20 or higher.
  • ⚠️Requires an OpenCage geocoding API Key (a free-trial is available, but high usage may incur costs).
  • ⚠️The TypeScript project needs to be built (`npm run build`) before execution.
Verified SafeView Analysis
The server correctly handles the OpenCage API key via environment variables and exits if not set. It does not use 'eval' or similar dangerous patterns and communicates over standard I/O (stdio) via the MCP SDK, limiting direct network exposure by the server itself. All external API calls are made to the legitimate OpenCage geocoding service.
Updated: 2026-01-13GitHub
39
16
Low Cost
reportportal icon
Sec9

Provides an HTTP interface for AI chat assistants (e.g., GitHub Copilot, Cursor) to interact with and query ReportPortal instances using natural language.

Setup Requirements

  • ⚠️Requires a running ReportPortal instance to connect to.
  • ⚠️Requires a ReportPortal API Token for authentication, provided either via environment variable (for 'stdio' MCP_MODE) or as a 'Bearer' token in the HTTP Authorization header (for 'http' MCP_MODE).
  • ⚠️Requires a ReportPortal Project Name for most operations, provided via environment variable (for 'stdio' MCP_MODE) or 'X-Project' HTTP header (for 'http' MCP_MODE).
  • ⚠️If deploying via Helm, Kubernetes 1.30+ and Helm 3.0+ are prerequisites.
Verified SafeView Analysis
The server correctly handles sensitive credentials (ReportPortal API tokens) by expecting them via environment variables or per-request HTTP Authorization headers, rather than hardcoding them. Project names are also handled dynamically via environment variables or X-Project HTTP headers. It implements standard security practices like CORS, request throttling, and configurable HTTP timeouts. Analytics configuration includes hardcoded constants (Measurement ID and User ID) for Google Analytics 4, but the GA4 API Secret must be provided via an environment variable. These analytics details are for tracking usage, not for ReportPortal authentication. Test data explicitly uses generic placeholders and warns against committing real credentials.
Updated: 2026-01-16GitHub
39
12
Medium Cost
brenoepics icon

prometheus-mcp

by brenoepics

Sec9

A Model Context Protocol (MCP) server that enables AI agents and CLI users to query and discover metrics from Prometheus, with built-in features like retries, caching, and an optional metrics exporter.

Setup Requirements

  • ⚠️Requires a running Prometheus server to connect to, configured via `--prometheus-url` or `PROMETHEUS_URL`.
  • ⚠️When running in Docker, specific `--network host` (Linux) or `--add-host=host.docker.internal:host-gateway` configurations may be needed for the container to reach a Prometheus instance on the host machine.
  • ⚠️If the Prometheus server requires basic authentication, `PROMETHEUS_USERNAME` and `PROMETHEUS_PASSWORD` environment variables or CLI flags are necessary.
Verified SafeView Analysis
The project is written in Rust, providing strong memory safety. It uses standard HTTP client practices with `reqwest`, including basic authentication via environment variables or CLI flags (recommended over hardcoding). JSON-RPC parsing occurs from `stdin`, and outputs are written to `stdout` and a fixed log file path (`/tmp/mcp.jsonl`). There is no usage of `eval` or similar dangerous dynamic code execution patterns. Security risks are primarily related to misconfiguration (e.g., exposing the server publicly without additional authentication) or vulnerabilities in the Prometheus instance it connects to.
Updated: 2026-01-12GitHub
39
14
Low Cost
ActiveCampaign icon

postmark-mcp

by ActiveCampaign

Sec9

Provides a Model Context Protocol (MCP) server to enable AI assistants to send emails and manage templates via Postmark.

Setup Requirements

  • ⚠️Requires Node.js v16 or higher.
  • ⚠️Requires an active Postmark account and server API token.
  • ⚠️Requires configuration of `POSTMARK_SERVER_TOKEN`, `DEFAULT_SENDER_EMAIL`, and `DEFAULT_MESSAGE_STREAM` environment variables.
Verified SafeView Analysis
The server correctly uses environment variables for sensitive data like the Postmark server token, and the README explicitly warns against storing secrets in version control. It employs Zod for input validation, which helps prevent malformed requests. Logging practices appear secure, avoiding direct exposure of sensitive information in console outputs. Network requests are limited to the official Postmark API. There is no usage of 'eval' or similar dangerous patterns. The main point of caution, common to any tool that manages external credentials, is securing the environment where the server runs and ensuring proper access controls for the `.env` file.
Updated: 2025-12-01GitHub
39
14
Low Cost
shuymn icon

gh-mcp

by shuymn

Sec9

A GitHub CLI extension to seamlessly run the github-mcp-server in a Docker container using existing `gh` authentication.

Setup Requirements

  • ⚠️GitHub CLI (`gh`) must be installed and authenticated (`gh auth login`).
  • ⚠️Docker must be installed and running.
Verified SafeView Analysis
Leverages GitHub CLI for authentication, ensuring tokens are handled by the trusted `gh` CLI and not stored by the extension. The Docker container runs with `--rm` for automatic cleanup, preventing data persistence. Credentials are passed to the container via environment variables. Crucially, the Docker image for the MCP server is pinned to a specific SHA256 digest (`ghcr.io/github/github-mcp-server@sha256:744cf8e42ded1c9bb6cdbd9d64fc66bd898cf4093cb3674febc000a9f64c35c0`), which prevents supply chain attacks via mutable tags. The primary security consideration outside of this extension's direct control is the trust in the official `github-mcp-server` Docker image itself.
Updated: 2026-01-18GitHub
39
7
Medium Cost
gmitch215 icon

MyMCP

by gmitch215

Sec6

Dynamically convert any OpenAPI v3 specification into a fully-functional Model Context Protocol (MCP) server, exposing external APIs as MCP tools.

Setup Requirements

  • ⚠️Requires a Cloudflare Workers account for deployment.
  • ⚠️Needs a valid OpenAPI 3.x specification URL for conversion, which must start with 'https://'.
Verified SafeView Analysis
The server fetches and executes API calls against arbitrary HTTPS OpenAPI specifications provided by the user, which introduces a potential Server-Side Request Forgery (SSRF) risk if not properly mitigated at the network layer. While insecure HTTP URLs are explicitly rejected, there's no specific validation against private IP ranges or internal networks. No explicit rate limiting or abuse prevention is implemented within the application itself, relying on the Cloudflare Workers platform for such controls. No hardcoded secrets or obvious malicious patterns were found. Robust OpenAPI schema validation and secure headers are in place, contributing positively to security.
Updated: 2025-11-24GitHub
39
13
Low Cost
hyprmcp icon
Sec6

Generates installation instructions for Model Context Protocol (MCP) servers across various client applications and formats.

Setup Requirements

  • ⚠️Requires Node.js (v24+) and pnpm for local execution.
  • ⚠️The local MCP server runs on port 3000, which might conflict with other services.
Review RequiredView Analysis
The web component (src/component/index.ts) uses `allowDangerousHtml: true` for rendering markdown generated from user-provided URLs. This poses a potential Cross-Site Scripting (XSS) risk if malicious content can be injected via the URL or derived name attribute into the rendered HTML. Additionally, several instruction generators embed user-provided URL and name directly into shell commands or deep links (e.g., for `claude-code`, `codex`, `vscode`, `cursor`). While URL validation (using `z.string().url()`) is present, there is a potential for client-side command injection or deep-link exploitation if the input contains shell-specific special characters or carefully crafted payloads that are not adequately escaped by the target client environment when executing the generated instructions. No direct hardcoded secrets or 'eval' usage was found in the provided code.
Updated: 2026-01-19GitHub
39
15
Medium Cost
Garblesnarff icon

gemini-mcp-server

by Garblesnarff

Sec2

An MCP server providing a suite of 7 AI-powered tools (Image Gen/Edit, Chat, Audio Transcribe, Code Execute, Video/Image Analysis) powered by Google Gemini, featuring a self-learning "Smart Tool Intelligence" system for prompt enhancement and user preference adaptation.

Setup Requirements

  • ⚠️Requires Google Gemini API key (can incur costs; hardcoded fallbacks are present in code and should be removed/secured).
  • ⚠️Requires Node.js v16.0.0 or higher.
  • ⚠️Tools accessing local files (`file_path`) require the server process to have read/write access to those paths. Path traversal vulnerabilities exist for these tools.
  • ⚠️Advanced/Nano Banana Pro image generation features require an optional OpenRouter API key and rely on OpenRouter's free tier, which may have rate limits or usage restrictions.
Review RequiredView Analysis
CRITICAL: The `config.js` file contains hardcoded fallback Google Gemini API keys. If the `GEMINI_API_KEY` environment variable is not set, these exposed keys will be used, posing a severe security risk (e.g., unauthorized access, quota abuse). CRITICAL: Several tools (e.g., Image Analysis, Audio Transcription, Image Editing, Video Analysis, File Upload) take `file_path` as a direct argument and use it in file system operations without sufficient path sanitization or validation for absolute paths. This creates a significant path traversal vulnerability, potentially allowing an attacker to read, write, or delete arbitrary files on the server. Network risks involve outbound calls to Google Gemini and OpenRouter APIs. While these are generally trusted, the lack of robust input validation could allow crafted file content to be processed by AI models in unintended ways.
Updated: 2025-12-02GitHub
39
25
Medium Cost
DollhouseMCP icon

mcp-server

by DollhouseMCP

Sec9

Manages AI customization and persistent context through modular, reusable elements (Personas, Skills, Agents, Templates, Memories).

Setup Requirements

  • ⚠️Requires GitHub authentication (OAuth or PAT) for portfolio and collection features.
  • ⚠️Operates on local filesystem, requiring appropriate read/write permissions in the configured portfolio directory (`~/.dollhouse/portfolio` by default).
  • ⚠️Node.js 18+ and npm are required. Performance may vary depending on Node.js version and hardware.
  • ⚠️Auto-load memory features are constrained by a configurable token budget (default 5000 tokens), potentially requiring user adjustment for extensive context.
Verified SafeView Analysis
The project demonstrates exceptional security practices with comprehensive input validation (sanitization, Unicode normalization, explicit type checks), robust protection against YAML injection (SecureYamlParser with FAILSAFE_SCHEMA), path traversal, and ReDoS attacks (SafeRegex library with timeouts). It implements memory limits to prevent DoS, enforces content trust levels (especially for AI-generated memories), and maintains extensive audit logs via SecurityMonitor. Hardcoded secrets were not found, and network requests are directed to trusted domains. The codebase explicitly references and resolves numerous security fixes (e.g., PR #319, #1187, #1269, #1314, #1400) and security audits, indicating a proactive and mature approach to security.
Updated: 2026-01-07GitHub
PreviousPage 99 of 760Next