Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(7756)

100
4253
High Cost
u14app icon

deep-research

by u14app

Sec3

An AI-powered research assistant that generates comprehensive reports, leverages various LLMs and web search engines, and offers integration as a SaaS or MCP service.

Setup Requirements

  • ⚠️Requires API Keys for multiple Large Language Models (LLMs) and search providers, most of which are paid services.
  • ⚠️Requires `ACCESS_PASSWORD` environment variable for authentication, particularly in proxy mode.
  • ⚠️If using Ollama, a local Ollama instance must be running at `http://localhost:11434`.
Review RequiredView Analysis
**CRITICAL SSRF VULNERABILITY**: The `/api/crawler` endpoint (in `src/app/api/crawler/route.ts`) directly fetches arbitrary URLs provided in the request body without any validation. This allows an attacker to perform Server-Side Request Forgery (SSRF) to scan internal networks, access sensitive internal services, or trigger actions on other external systems. This is a severe security flaw. **Potential XSS**: `rehypeRaw` is used in `src/components/MagicDown/View.tsx`, which processes raw HTML within markdown. If untrusted input (e.g., from AI models or user edits) contains malicious HTML, it could lead to Cross-Site Scripting (XSS). API key handling via environment variables and signature verification in `middleware.ts` are positive security practices, but do not mitigate the aforementioned critical flaws.
Updated: 2025-12-06GitHub
100
4266
Medium Cost
CoplayDev icon

unity-mcp

by CoplayDev

Sec6

Enables AI assistants (LLMs) to interact directly with the Unity Editor to manage assets, control scenes, edit scripts, and automate tasks.

Setup Requirements

  • ⚠️Requires Python 3.10 or newer.
  • ⚠️Requires Unity Hub & Editor 2021.3 LTS or newer.
  • ⚠️Requires the `uv` Python toolchain manager.
  • ⚠️When running in Docker or with `--http-host 0.0.0.0`, the server is exposed on all network interfaces (not just localhost) without authentication, posing a security risk on untrusted networks.
  • ⚠️Optional Roslyn setup is required for advanced C# script validation beyond basic structural checks.
Review RequiredView Analysis
The default Docker command and manual launch instructions (`uvx` or `uv run`) expose the HTTP server on `0.0.0.0` (all network interfaces) on port 8080. This means the server, which can execute commands in Unity, is publicly accessible on the local network without any authentication or access control. This poses a significant security risk if run in an untrusted network environment. The `manage_asset` tool uses `ast.literal_eval` as a fallback for parsing properties; while safer than `eval`, it can still be vulnerable to arbitrary code execution if malicious, complex Python objects can be crafted and injected into this input. Telemetry data is sent to a remote endpoint, but it is described as privacy-focused and can be disabled.
Updated: 2025-12-13GitHub
100
1129
Medium Cost
MicrosoftDocs icon

mcp

by MicrosoftDocs

Sec9

Provides AI assistants with secure, direct access to official Microsoft documentation and code samples to eliminate hallucinations and ensure accurate information.

Setup Requirements

  • ⚠️The Microsoft Learn MCP Server URL (https://learn.microsoft.com/api/mcp) does not support direct access from a web browser and will return a '405 Method Not Allowed' error.
  • ⚠️Custom clients must dynamically discover tools ('tools/list') and handle schema evolution, rather than hard-coding tool names or parameters.
  • ⚠️For legacy client configurations requiring a local proxy ('mcp-remote'), Node.js and npm are prerequisite dependencies.
Review RequiredView Analysis
The provided source code consists solely of documentation files (README, SECURITY.md, ThirdPartyNotices.md) and does not contain the executable server code for the Microsoft Learn MCP Server. Therefore, a security audit of the server's implementation (e.g., for 'eval', obfuscation, direct network risks, or hardcoded secrets) cannot be performed. The documentation itself is free of such patterns. The remote server is advertised as '100% Trusted & Safe' and operating without authentication, accessing only official Microsoft documentation. The SECURITY.md file outlines a robust vulnerability reporting process.
Updated: 2025-12-11GitHub
100
1710
Medium Cost
bytebase icon

dbhub

by bytebase

Sec8

Provides a universal database gateway for AI coding agents and monitoring tools via the Model Context Protocol (MCP) and a RESTful API.

Setup Requirements

  • ⚠️Requires a database connection configured via DSN environment variable, command-line argument (--dsn), or a 'dbhub.toml' file. Without configuration, the server will not start.
  • ⚠️For database types other than in-memory SQLite, a running database server (e.g., PostgreSQL, MySQL, SQL Server) must be accessible.
  • ⚠️SSH tunneling requires correct configuration of 'ssh_host', 'ssh_user', and either 'ssh_password' or 'ssh_key' (with optional 'ssh_passphrase'), which can be complex to set up.
Verified SafeView Analysis
The server implements application-level read-only mode for SQL execution and correctly redacts sensitive DSN/SSH information in logs and API responses. CORS is configured to restrict origins. Direct execution of SQL via the 'execute_sql' tool, while functional, presents an inherent risk if not coupled with strict read-only enforcement, as it can be used for arbitrary SQL commands (including destructive ones). Listening on '0.0.0.0' by default exposes the server on all network interfaces, requiring external network security measures.
Updated: 2025-12-12GitHub
100
7927
Low Cost
modelcontextprotocol icon

inspector

by modelcontextprotocol

Sec2

A UI client for inspecting and interacting with Model Context Protocol (MCP) servers, allowing users to view resources, prompts, tools, manage connections, configure authentication (OAuth), and debug server interactions.

Setup Requirements

  • ⚠️MCP Inspector Proxy authentication requires manually copying a `sessionToken` from the proxy server's console output and entering it into the client's configuration.
  • ⚠️Direct connections to an MCP server (bypassing the proxy) require the MCP server to have Cross-Origin Resource Sharing (CORS) configured to allow requests from the Inspector's origin (e.g., `http://localhost:6274`).
  • ⚠️Requires a Node.js environment with `npm` or `npx` to run, as it manages both a client-side Vite application and a Node.js proxy server.
Review RequiredView Analysis
CRITICAL: The MCP Inspector Proxy (server component) has a remote code execution (RCE) vulnerability. When configured to use 'stdio' transport and 'proxy' connection type, it executes commands and arguments received directly from client query parameters (`req.query.command`, `req.query.args`) using `spawn-rx`. This allows any client (authenticated or unauthenticated if `DANGEROUSLY_OMIT_AUTH` is set) to execute arbitrary commands on the server where the proxy is running. While intended for local development, this capability is extremely dangerous if the proxy is exposed to untrusted networks or if client-side malicious scripts are injected. The `X-MCP-Proxy-Auth` session token offers some protection, but it's dynamically generated and printed to the console, making it susceptible to leakage. The `DANGEROUSLY_OMIT_AUTH` environment variable can completely bypass this authentication.
Updated: 2025-12-14GitHub
100
9534
High Cost
hangwin icon

mcp-chrome

by hangwin

Sec1

Turns a Chrome browser into an AI-controlled automation tool, enabling complex browser automation, content analysis, and semantic search via a Model Context Protocol (MCP) server.

Setup Requirements

  • ⚠️Requires Node.js 18.19.0+ and pnpm/npm.
  • ⚠️Requires a Chrome/Chromium browser to install and run the extension.
  • ⚠️pnpm users may need manual Native Messaging Host registration (`mcp-chrome-bridge register`) if postinstall scripts are disabled by default for security.
  • ⚠️System-level Native Messaging Host registration requires administrator/sudo privileges, which users might be hesitant to grant given the identified security risks.
Review RequiredView Analysis
CRITICAL VULNERABILITY: The native Fastify server (`app/native-server/src/server/index.ts`) sets `cors: true` for all origins (`SERVER_CONFIG.CORS_ORIGIN`). This allows any website to send requests to the native server's HTTP endpoints (`/ask-extension`, `/mcp`), which then relays these requests to the Chrome extension to execute powerful browser automation tools (e.g., inject scripts, capture network, control browser tabs, manage history/bookmarks). This bypasses Chrome's Native Messaging security model and creates a severe Cross-Site Request Forgery (CSRF) vulnerability, allowing malicious websites to control the user's browser. Furthermore, the `chrome_inject_script` tool can inject arbitrary JavaScript into any URL if an attacker gains control, potentially leading to widespread compromise. The `file-handler.ts` allows arbitrary file downloads/saves to a temporary directory without file type validation, which could be exploited in conjunction with other vulnerabilities.
Updated: 2025-12-15GitHub
100
16717
Medium Cost
ChromeDevTools icon

chrome-devtools-mcp

by ChromeDevTools

Sec7

Allows AI coding agents to control, inspect, and debug a live Chrome browser for automation, performance analysis, and in-depth debugging.

Setup Requirements

  • ⚠️Requires Node.js v20.19 (or newer LTS) and a current stable Chrome browser installed.
  • ⚠️Running in sandboxed environments (e.g., macOS Seatbelt, Linux containers) may prevent Chrome from starting, requiring `--browser-url` to connect to a manually launched browser outside the sandbox.
  • ⚠️For `--autoConnect` or `--browserUrl` (manual connection), remote debugging must be manually enabled in Chrome (chrome://inspect/#remote-debugging), which requires user interaction or specific Chrome launch flags.
Verified SafeView Analysis
The `evaluate_script` tool allows arbitrary JavaScript execution within the context of the selected browser page. While this execution is sandboxed by the browser, a malicious AI client could exploit this to perform browser-based attacks (e.g., data exfiltration from visited websites, phishing). The server also supports connecting to externally controlled Chrome instances via `--browserUrl` or `--wsEndpoint`, and the `--acceptInsecureCerts` option can weaken TLS security. The project's README explicitly disclaims that it 'exposes content of the browser instance to the MCP clients allowing them to inspect, debug, and modify any data in the browser or DevTools', implying a trust requirement in the MCP client.
Updated: 2025-12-14GitHub
100
11776
Medium Cost
googleapis icon

genai-toolbox

by googleapis

Sec7

MCP Toolbox for Databases is an open-source server that enables AI agents to interact with various databases by providing a centralized control plane for connection pooling, authentication, and simplified tool development.

Setup Requirements

  • ⚠️Requires a `tools.yaml` configuration file to define data sources and tools.
  • ⚠️Specific database instances (e.g., PostgreSQL, MySQL, BigQuery) with appropriate credentials and schemas must be set up beforehand.
  • ⚠️For Google Cloud services, IAM permissions must be granted to the service account running Toolbox.
  • ⚠️Running with `npx` requires Node.js to be installed.
Verified SafeView Analysis
The project uses environment variables for sensitive configurations, which is good practice. It explicitly warns about SQL injection risks when using `templateParameters` in SQL-based tools and recommends safer `parameters`. The `--allowed-origins` flag for preventing DNS rebinding defaults to `*` (allowing all origins), which is a security risk in production environments and requires explicit configuration.
Updated: 2025-12-15GitHub
100
76618
Low Cost
punkpeye icon
Sec10

A curated list and web-based directory of Model Context Protocol (MCP) servers, acting as a resource for discovering AI model integrations and capabilities.

Verified SafeView Analysis
This repository itself is an 'awesome list' of MCP servers and primarily contains markdown documentation. It does not include executable server code, therefore it presents no inherent security risks from running its content. Any security concerns would pertain to individual MCP server implementations listed within the repository, which would require separate and specific security audits.
Updated: 2025-12-12GitHub
100
3570
High Cost
opensumi icon

core

by opensumi

Sec7

Build AI-native IDE products with rich UI interaction, including AI agents and tool integration.

Setup Requirements

  • ⚠️Requires Node.js version >= 18.12.0.
  • ⚠️Requires Yarn package manager for dependency installation and script execution.
  • ⚠️May require system-level development dependencies (e.g., `build-essential`, `libsecret-1-dev` on Linux) for native module compilation.
  • ⚠️Git command-line tools are required for SCM features and some development scripts.
Verified SafeView Analysis
The server uses dynamic code execution via `new Function()` within its extension host architecture (`packages/extension/src/hosted/worker.host.ts`, `packages/extension/src/hosted/ext.host.ts`) to load extensions. This is a common and necessary pattern for extensible IDEs but requires robust sandboxing and vetting of third-party extensions to mitigate potential risks. No direct hardcoded secrets or malicious patterns were found in the provided snippets. The system uses `libsecret` for secure credential storage for specific modules.
Updated: 2025-12-08GitHub
100
2930
High Cost
laravel icon

boost

by laravel

Sec2

Laravel Boost is an MCP server designed to accelerate AI-assisted development by providing context and specialized tools for Laravel-specific code generation.

Setup Requirements

  • ⚠️Requires an existing Laravel application for installation via Composer.
  • ⚠️Requires configuration in a supported IDE/AI agent (e.g., Cursor, Claude Code, PhpStorm, VS Code).
  • ⚠️External API calls to `boost.laravel.com` for documentation search and feedback (requires internet access).
Review RequiredView Analysis
The 'Tinker' tool (`src/Mcp/Tools/Tinker.php`) explicitly uses `eval()` to execute arbitrary PHP code. While this is an intended feature to allow AI agents to interact with the Laravel application's runtime, it poses a critical security risk. If an untrusted AI agent or malicious input is passed to this tool, it can lead to arbitrary code execution, including data exfiltration, system modification, or denial of service. The 'SearchDocs' and 'ReportFeedback' tools (`src/Mcp/Tools/SearchDocs.php`, `src/Mcp/Tools/ReportFeedback.php`) make external HTTP requests to `boost.laravel.com`, which could be a privacy or data exfiltration risk if the remote endpoint is compromised.
Updated: 2025-12-12GitHub
100
9395
Low Cost
JoeanAmier icon

XHS-Downloader

by JoeanAmier

Sec7

A content collection and download tool for XiaoHongShu (RedNote), allowing users to extract links, collect post information, and download watermark-free images and videos.

Setup Requirements

  • ⚠️Requires Python 3.12 (specifically <3.13).
  • ⚠️Reading browser cookies on Windows requires administrator privileges.
  • ⚠️Dependencies like 'gettext' (for translations) and 'pyperclip' (for clipboard functionality) may require additional OS-level package installations (e.g., xclip/xsel on Linux).
Verified SafeView Analysis
The Python server code uses established libraries (FastAPI, httpx, aiosqlite, pyyaml's safe_load) and appears reasonably structured for its stated purpose. However, the project repository contains a highly obfuscated JavaScript file (`static/20250619.js`) whose purpose and functionality are unclear and cannot be verified without deobfuscation. Its presence raises a significant trust issue for the overall project, though it does not appear to be directly executed by the Python MCP server. Additionally, the feature to read browser cookies using `rookiepy` requires elevated privileges (admin on Windows) and accesses sensitive user data, which is a known security implication, albeit disclosed functionality.
Updated: 2025-12-12GitHub
PreviousPage 1 of 647Next