MCPVet
🗂 26 popular MCP servers vetted

MCP Server
Security Directory

Before you wire an MCP server into your agent, see what it can actually do. Each report below is a real MCPVet scan of the server's source — shell execution, secret access, network calls, and prompt-injection risk — with a shareable verdict.

Official reference servers

Filesystem (official) This is the official Anthropic MCP server for filesystem access Low risk Memory (official) This is an official Anthropic MCP server for persistent knowledge graph memory Low risk Sequential Thinking (official) This is an official Anthropic MCP server for sequential thinking with no hidden instructions, data exfiltration, or deceptive tool descripti… Low risk Everything (official test server) This is an official Anthropic MCP example server designed to demonstrate protocol features Low risk modelcontextprotocol/servers The repository contains test code that accesses environment variables and performs filesystem operations, but these are isolated to test sui… Medium

Browser & web automation

Playwright MCP (Microsoft) This is a legitimate Microsoft Playwright MCP server extension with no deceptive or malicious intent Medium Firecrawl MCP This Firecrawl MCP server extension appears legitimate and focused on web scraping functionality Low risk Tavily MCP This is a legitimate MCP server for Tavily's web search API Low risk Browserbase MCP This is a legitimate MCP server for browser automation using Browserbase and Stagehand Low risk

Dev tools & code

GitHub MCP Server No prompt injection, hidden instructions, data exfiltration, or deceptive tool descriptions found Low risk Atlassian (Jira/Confluence) MCP This is a legitimate MCP server for Atlassian products that reads environment variables for configuration and authentication, which is expec… Low risk Serena (coding agent toolkit) The extension contains several patterns that could be risky in an AI agent context, but they are all standard development/build operations o… Medium Framelink Figma MCP This is a legitimate Figma MCP server with no hidden instructions or exfiltration mechanisms Medium Sentry MCP No prompt injection, hidden instructions, data exfiltration, or deceptive tool descriptions found Medium

Cloud, data & infra

Supabase MCP This is an official Supabase MCP server extension with no hidden instructions, prompt injection, or data exfiltration mechanisms Low risk Cloudflare MCP This is an official Cloudflare MCP server repository with no evidence of prompt injection, hidden instructions, or deceptive tool descriptio… Medium Elasticsearch MCP The extension itself is a legitimate Elasticsearch MCP server with no hidden instructions or data exfiltration mechanisms Low risk Grafana MCP No malicious or deceptive code found Medium MongoDB MCP This is a legitimate MongoDB MCP server with no deceptive or malicious intent Medium Qdrant MCP (vector DB) No safety risks found Clean Chroma MCP (vector DB) The extension is a legitimate MCP server for Chroma vector database operations with no hidden instructions or data exfiltration mechanisms Low risk Redis MCP This is an official Redis MCP server with no hidden instructions, prompt injection, or data exfiltration mechanisms Low risk PostHog MCP This is a legitimate PostHog MCP server implementation that provides analytics tools to AI agents Medium

Search & knowledge

Exa Search MCP This is a legitimate MCP server for Exa's search API Low risk Notion MCP (official) No prompt injection, hidden instructions, or deceptive tool descriptions found Low risk

Security & analysis

Semgrep MCP The extension reads environment variables for configuration (SEMGREP_APP_TOKEN, SEMGREP_PATH, SEMGREP_URL) and executes subprocess commands … Medium

Don't see the one you're about to install?

Scan any MCP server, skill, or plugin free — or vet them inside Claude Code in one step.

Use in Claude Code

Reports are automated heuristic + AI review of public source, not a verdict on the maintainers and not a security guarantee. A clean grade does not prove an extension is safe; always review code and instructions you don't trust.