Secure Model Context Protocol (MCP) servers with automated security validation, vulnerability scanning, and tool poisoning detection. Browse 16+ vetted MCP servers for building secure agentic AI systems.
Find secure MCP servers for your agentic AI applications with confidence. Model Context Protocol is the USB-C of building agentic systems - providing standardized, secure connections between AI agents and external tools. Each server undergoes automated security scanning including dependency vulnerability checks, static analysis, and MCP-specific threat detection (tool poisoning, cross-origin attacks).
- Browse servers by category below
- Check security status - look for π‘οΈ Verified Secure or
β οΈ Conditional ratings - Review scores - higher scores indicate better security posture
- Follow repository links for installation instructions
- π‘οΈ Verified Secure (85-100): Comprehensive validation passed
β οΈ Conditional (70-84): Secure with specific configuration requirements- β³ Awaiting Scan: Repository currently inaccessible for scanning
- β Not Recommended (0-49): Known security issues
- π’ Official Servers - Anthropic-maintained MCP servers
- π Enterprise Servers - Company-backed integrations
- π‘οΈ Security Tools - Cybersecurity & vulnerability scanning
- π₯ Community Servers - Open source community projects
- π Under Review - Servers currently being assessed
- π About This Project - Methodology & contributing
Last Updated: 2025-07-28 06:03 UTC
Total Servers: 16
| Server | Version | Security Status | Description |
|---|---|---|---|
| Everything (Reference Server) | 0.5.0 | Reference server demonstrating all MCP features | |
| Fetch Server | 0.3.2 | Web content fetching and conversion for efficient LLM usage | |
| Filesystem Server | 0.4.1 | Secure file operations with configurable access controls | |
| Git Server | 0.2.1 | Tools to read, search, and manipulate Git repositories | |
| Memory Server | 0.1.3 | Persistent memory using a local knowledge graph | |
| Sequential Thinking Server | 0.1.0 | Dynamic and reflective problem-solving through thought sequences | |
| Time Server | 0.1.2 | Time and timezone conversion capabilities |
| Server | Version | Security Status | Description |
|---|---|---|---|
| AWS MCP Server | 1.2.0 | π‘οΈ Verified Secure (π Score: 89/100) | AWS service integration with IAM controls |
| Docker Server | 1.5.2 | π‘οΈ Verified Secure (π Score: 91/100) | Docker container management with security controls |
| GitHub MCP Server | 1.0.0 | GitHub's official MCP Server for repository management | |
| Notion MCP Server | 0.3.1 | Notion official MCP server for workspace integration | |
| Stripe MCP Server | 0.2.0 | π‘οΈ Verified Secure (π Score: 91/100) | Interact with Stripe API for payments and financial data |
| Server | Version | Security Status | Description |
|---|---|---|---|
| Nuclei Security Scanner | 0.2.0 | π‘οΈ Verified Secure (π Score: 92/100) | Template-based vulnerability scanner with extensive security checks |
| Server | Version | Security Status | Description |
|---|---|---|---|
| PostgreSQL MCP Server | 0.4.2 | π‘οΈ Verified Secure (π Score: 86/100) | PostgreSQL database operations and query execution |
| Slack MCP Server | 1.0.3 | Slack workspace integration for messaging and collaboration |
| Server | Version | Security Status | Description |
|---|---|---|---|
| Anthropic Computer Use | 0.1.0 | β³ Awaiting Scan | Desktop automation with screen capture and input control |
Click on server scores above to jump to detailed security breakdowns:
AWS MCP Server Security Assessment
π MCP-Specific Security: 90/100 β Scans for MCP-specific threats like tool poisoning attacks
β No issues found
- No tool poisoning indicators found (basic check)
π¦ Third-Party Dependencies: 100/100 β Scans package.json, requirements.txt, etc. for known CVEs
β Not applicable
- No recognized dependency files found
π Code Security Analysis: 70/100
- Bandit completed but output could not be parsed
Docker Server Security Assessment
π MCP-Specific Security: 90/100 β Scans for MCP-specific threats like tool poisoning attacks
β No issues found
- No tool poisoning indicators found (basic check)
π¦ Third-Party Dependencies: 100/100 β Scans package.json, requirements.txt, etc. for known CVEs
β Not applicable
- No recognized dependency files found
π Code Security Analysis: 85/100
- Found 1 critical security issue(s)
Everything (Reference Server) Security Assessment
π MCP-Specific Security: 90/100 β Scans for MCP-specific threats like tool poisoning attacks
β No issues found
- No tool poisoning indicators found (basic check)
π¦ Third-Party Dependencies: 60/100
- Found 4 vulnerability/vulnerabilities in dependencies
π Code Security Analysis: 100/100 β Static analysis for common security vulnerabilities in source code
β No issues found
- No critical security vulnerabilities found
Fetch Server Security Assessment
π MCP-Specific Security: 90/100 β Scans for MCP-specific threats like tool poisoning attacks
β No issues found
- No tool poisoning indicators found (basic check)
π¦ Third-Party Dependencies: 60/100
- Found 4 vulnerability/vulnerabilities in dependencies
π Code Security Analysis: 100/100 β Static analysis for common security vulnerabilities in source code
β No issues found
- No critical security vulnerabilities found
Filesystem Server Security Assessment
π MCP-Specific Security: 90/100 β Scans for MCP-specific threats like tool poisoning attacks
β No issues found
- No tool poisoning indicators found (basic check)
π¦ Third-Party Dependencies: 60/100
- Found 4 vulnerability/vulnerabilities in dependencies
π Code Security Analysis: 100/100 β Static analysis for common security vulnerabilities in source code
β No issues found
- No critical security vulnerabilities found
Git Server Security Assessment
π MCP-Specific Security: 90/100 β Scans for MCP-specific threats like tool poisoning attacks
β No issues found
- No tool poisoning indicators found (basic check)
π¦ Third-Party Dependencies: 60/100
- Found 4 vulnerability/vulnerabilities in dependencies
π Code Security Analysis: 100/100 β Static analysis for common security vulnerabilities in source code
β No issues found
- No critical security vulnerabilities found
GitHub MCP Server Security Assessment
π MCP-Specific Security: 90/100 β Scans for MCP-specific threats like tool poisoning attacks
β No issues found
- No tool poisoning indicators found (basic check)
π¦ Third-Party Dependencies: 50/100 β Scans package.json, requirements.txt, etc. for known CVEs
β Not applicable
- Go dependency scanning not yet implemented
π Code Security Analysis: 100/100 β Static analysis for common security vulnerabilities in source code
β No issues found
- No critical security vulnerabilities found
Memory Server Security Assessment
π MCP-Specific Security: 90/100 β Scans for MCP-specific threats like tool poisoning attacks
β No issues found
- No tool poisoning indicators found (basic check)
π¦ Third-Party Dependencies: 60/100
- Found 4 vulnerability/vulnerabilities in dependencies
π Code Security Analysis: 100/100 β Static analysis for common security vulnerabilities in source code
β No issues found
- No critical security vulnerabilities found
Notion MCP Server Security Assessment
π MCP-Specific Security: 90/100 β Scans for MCP-specific threats like tool poisoning attacks
β No issues found
- No tool poisoning indicators found (basic check)
π¦ Third-Party Dependencies: 40/100 β Scans package.json, requirements.txt, etc. for known CVEs
β 4 critical issues found
- Found 4 vulnerability/vulnerabilities in dependencies
π Code Security Analysis: 70/100 β Static analysis for common security vulnerabilities in source code
β Not applicable
- ESLint security scanning not available
Nuclei Security Scanner Security Assessment
π MCP-Specific Security: 95/100 β Scans for MCP-specific threats like tool poisoning attacks
β No issues found
- MCP-scan found no security issues in 2 configuration file(s)
π¦ Third-Party Dependencies: 100/100 β Scans package.json, requirements.txt, etc. for known CVEs
β Not applicable
- No recognized dependency files found
π Code Security Analysis: 70/100 β Static analysis for common security vulnerabilities in source code
β Not applicable
- ESLint security scanning not available
PostgreSQL MCP Server Security Assessment
π MCP-Specific Security: 90/100 β Scans for MCP-specific threats like tool poisoning attacks
β No issues found
- No tool poisoning indicators found (basic check)
π¦ Third-Party Dependencies: 100/100 β Scans package.json, requirements.txt, etc. for known CVEs
β Not applicable
- No recognized dependency files found
π Code Security Analysis: 50/100 β Static analysis for common security vulnerabilities in source code
β 9 critical issues found
- Found 9 critical security issue(s)
Sequential Thinking Server Security Assessment
π MCP-Specific Security: 90/100 β Scans for MCP-specific threats like tool poisoning attacks
β No issues found
- No tool poisoning indicators found (basic check)
π¦ Third-Party Dependencies: 60/100
- Found 4 vulnerability/vulnerabilities in dependencies
π Code Security Analysis: 100/100 β Static analysis for common security vulnerabilities in source code
β No issues found
- No critical security vulnerabilities found
Slack MCP Server Security Assessment
π MCP-Specific Security: 90/100 β Scans for MCP-specific threats like tool poisoning attacks
β No issues found
- No tool poisoning indicators found (basic check)
π¦ Third-Party Dependencies: 50/100 β Scans package.json, requirements.txt, etc. for known CVEs
β Not applicable
- Go dependency scanning not yet implemented
π Code Security Analysis: 70/100 β Static analysis for common security vulnerabilities in source code
β Not applicable
- ESLint security scanning not available
Stripe MCP Server Security Assessment
π MCP-Specific Security: 90/100 β Scans for MCP-specific threats like tool poisoning attacks
β No issues found
- No tool poisoning indicators found (basic check)
π¦ Third-Party Dependencies: 100/100 β Scans package.json, requirements.txt, etc. for known CVEs
β Not applicable
- No recognized dependency files found
π Code Security Analysis: 85/100
- Found 1 critical security issue(s)
Time Server Security Assessment
π MCP-Specific Security: 90/100 β Scans for MCP-specific threats like tool poisoning attacks
β No issues found
- No tool poisoning indicators found (basic check)
π¦ Third-Party Dependencies: 60/100
- Found 4 vulnerability/vulnerabilities in dependencies
π Code Security Analysis: 100/100 β Static analysis for common security vulnerabilities in source code
β No issues found
- No critical security vulnerabilities found