Security & Auth MCP Servers

app.thoughtspot/mcp-server

MCP Server for ThoughtSpot - provides OAuth authentication and tools for querying data

ai.smithery/Nekzus-npm-sentinel-mcp

Provide AI-powered real-time analysis and intelligence on NPM packages, including security, depend…

ai.aliengiraffe/spotdb

Ephemeral data sandbox for AI workflows with guardrails and security

ai.smithery/Hint-Services-obsidian-github-mcp

Connect AI assistants to your GitHub-hosted Obsidian vault to seamlessly access, search, and analy…

FedRAMP 20x Requirements

An MCP server that provides access to FedRAMP 20x security requirements and controls.

Arcjet

An MCP server for Arcjet - the runtime security platform that ships with your AI code.

qrcode

QR Code MCP — wraps api.qrserver.com (free, no auth)

io.github.chrischall/gogcli-mcp-drive

Google Drive via gogcli for Claude — search, upload, download, permissions

KeyCloak MCP

MCP server for KeyCloak Admin REST API via Service Account

DeFi MCP fleet: oracle, security audit, treasury yield, QA attestation, and compute tools on Base.

GhostFree

MCP server that scans your repo's dependencies for security vulnerabilities based on published CVEs.

SkillFM BYOK Vault

BYOK vault, provider API key guidance, usage visibility, and SkillFM Beacon checks for MCP agents.

io.github.duriantaco/skylos

Dead code, security, secrets detection and code quality for Python, TypeScript, Go.

io.github.wiserautomation/suprawall-mcp

SupraWall security gateway for AI agents. Provides deterministic guardrails for MCP agents.

io.github.theYahia/cloudpayments-mcp

MCP server for CloudPayments API — charge, auth, confirm, void, refund, find transaction. 6 tools.

io.github.mdfifty50-boop/secure-vault

Encrypted secrets and credential management for agents

Sentrik

Governance runtime for AI-generated code. Enforce compliance and security standards.

io.github.mythos-agent/mythos-agent

Open-source AI security agent: SAST, DAST, and policy-as-code over MCP.

npm

npm MCP — wraps the npm Registry API (free, no auth)

Hive Vault

A2A ZK wallet recovery — guardian swarm, no seed phrase, HiveLaw enforcement

io.github.matiasbattocchia/google-mcp

Streamable HTTP MCP server for Google Calendar and Sheets with OAuth login.

io.github.noblabs/lit-forge-mcp

Personal asset planning + market data + analysts + geopolitical calendar/pulse. 16 tools.

dictionary

Dictionary MCP — wraps Free Dictionary API (free, no auth)

AI-powered codebase analysis — call graphs, security, dead code, complexity. 150+ tools.

Bright Security

AI-powered application security testing — scan APIs, discover endpoints, and find vulnerabilities.

exchangerate

ExchangeRate MCP — wraps open.er-api.com (free, no auth)

io.github.BurtTheCoder/virustotal

MCP server for querying VirusTotal API with comprehensive security analysis tools.

httpcat

HTTP Cat MCP — wraps http.cat (free, no auth)

usgswater

USGS Water MCP — wraps USGS National Water Information System (NWIS) REST services (free, no auth)

wikipedia

Wikipedia MCP — wraps Wikipedia REST API (free, no auth)

Helixar Security

Security tools for AI agents: scan MCP servers, validate HDP delegation chains, audit releases.

Avanan

MCP server for Check Point Harmony Email & Collaboration (Avanan) email security.

Clinicaltrials

ClinicalTrials MCP — wraps ClinicalTrials.gov API v2 (free, no auth)

io.github.lozit/mcp-standardnotes

End-to-end encrypted access to a Standard Notes vault (protocol 004, local stdio only).

io.github.kingleosgold/troystack

Precious metals AI analyst with 12 tools — prices, portfolio, chat, receipts, and more.

io.github.kaael1/mcp-power-automate

Local MCP for Power Automate with browser-backed auth, target locking, review diff, and rollback.

Edgar

EDGAR MCP — SEC EDGAR public APIs (free, no auth)

io.github.Kzino/vorim-mcp-server

AI agent identity, permissions, trust scores, and tamper-evident audit trails via Vorim AI

nationalize

Nationalize MCP — nationality prediction from first name (nationalize.io, free, no auth)

Github_private

GitHub Private MCP Pack — access private repos, org data via OAuth.

AI Reasoning Commons

Search, reuse, verify AI reasoning. Task marketplace with leaderboard. Zero-barrier, no auth.

Gong

Gong MCP — wraps the Gong API v2 (OAuth)

Ansvar: German Law

German law via Ansvar Gateway. Cited, OAuth + paid tier. Free npm: german-law-mcp.

io.github.jnMetaCode/shellward

AI agent security: 7 MCP tools for injection detection, PII scanning, command safety, DLP.

Intercom

Intercom MCP Pack — contacts, conversations, companies via OAuth.

cnvs.app

Zero-auth real-time collaborative whiteboard with MCP — AI agents + humans edit the same board live.

Jsonplaceholder

JSONPlaceholder MCP — wraps JSONPlaceholder fake REST API (free, no auth)

catfacts

Cat Facts MCP — wraps Cat Facts API (free, no auth)

Congress

Congress MCP — US Congress data via GovTrack API (free, no auth required)

Linear MCP (multi-workspace, PAT auth)

Multi-workspace Linear MCP — PAT auth, 57 tools + 3 prompts, substrate enforcement, drop-in.

io.github.mbeato/apimesh

74 paid web-analysis APIs (SEO, security, TLS, DNS, email) as MCP tools. USDC via x402.

Epa Echo

EPA ECHO MCP — wraps EPA ECHO Web Services (free, no auth)

Google_docs

Google Docs MCP Pack — read, create, and edit Google Docs via OAuth.

Gate Exchange MCP

OAuth Gate exchange MCP for CEX trading, account, wallet, unified account, and sub-account.

Linear

Linear MCP — wraps the Linear GraphQL API (OAuth)

Asana

Asana MCP — wraps the Asana REST API (OAuth)

timezone

Timezone MCP — wraps WorldTimeAPI (free, no auth)

Openaq

OpenAQ MCP — wraps OpenAQ v2 API (free, no auth required)

Bis

BIS MCP — Bank for International Settlements statistics (no auth)

Openfda

OpenFDA MCP — wraps the openFDA API (free, no auth required)

Android Security Analyzer

MCP server for static security analysis of Android source code

io.github.rog0x/api

HTTP client, JWT decode, header analysis for AI agents

Pypi

PyPI MCP — wraps the PyPI JSON API (free, no auth)

Quotable

Quotable MCP — wraps Quotable API (free, no auth)

Sbir

SBIR MCP — wraps the SBIR.gov public API (free, no auth)

uooks

Books MCP — wraps Open Library API (free, no auth)

uored

Bored MCP — wraps Bored API (free, no auth)

SpamTitan

MCP server for SpamTitan email security — quarantine, allow/block lists, and policy management.

io.github.titus-civic/mcp-gateway

Identity, authorization, audit trails, and revocable permissions for AI agents accessing MCP tools.

Microsoft 365 Admin

Microsoft 365 administration via Graph API application permissions (read-only by default).

chess

Chess.com MCP — wraps the Chess.com public API (free, no auth)

Zendesk

Zendesk MCP Pack — tickets, users, organizations via OAuth.

Markdown Vault MCP

Markdown vault MCP server with FTS5 + semantic search and frontmatter indexing

stackexchange

StackExchange MCP — wraps the StackExchange API v2.3 (free, no auth required for read)

Datacite

DataCite MCP — DOIs for research datasets (free, no auth)

Audits other MCP servers for security risks. Returns safe / caution / unsafe / inconclusive.

MCPAmpel - MCP Security Scanner

Scan installed MCP servers for security vulnerabilities with 16 detection engines.

io.github.mishrasanjeev/grantex

OAuth 2.0 for AI agents — scoped delegation tokens, audit trails, and revocation.

MCP OpenClaw Extensions

138-tool MCP server for AI agent firms: security, A2A, Hebbian memory, fleet mgmt

archive

Archive MCP — wraps the Internet Archive APIs (free, no auth)

Dockerhub

Docker Hub MCP — wraps the Docker Hub v2 API (free, no auth required for public data)

sunrisesunset

Sunrise-Sunset MCP — wraps the sunrisesunset.io API (free, no auth)

io.github.RCOLKITT/vaspera-hardening

Enterprise certification for codebases with multi-agent security, reliability, and quality audits

Cinderfi — Retirement Planning

Retirement planning for Canada & US. CPP/OAS, Social Security, RRSP/TFSA, 401k/IRA, Monte Carlo.

Phantom Secrets

Stop AI coding agents from leaking API keys. Local proxy swaps real secrets for phm_ tokens.

dev.fentz.envcp/envcp

Encrypted environment variable vault with AI access policies, keeping secrets safe from AI agents.

Anilist

AniList MCP — wraps AniList GraphQL API (free, no auth)

Govtrack

GovTrack MCP — federal US Congress data (free, no auth)

uiule

Bible MCP — wraps the Bible API (free, no auth)

Grants Gov

Grants.gov MCP — open federal grant opportunities (free, no auth)

Meteostat

Meteostat MCP — historical weather from 11k+ stations (no auth)

dnd5e

D&D 5e MCP — wraps the D&D 5th Edition API (free, no auth)

guif

GBIF MCP — wraps the Global Biodiversity Information Facility API v1 (free, no auth)

io.github.afable702/vault-mcp-tools

Complete Obsidian vault MCP server. 35 tools: notes, search, graph, tags, canvas.

art

Art MCP — Metropolitan Museum of Art Collection API (free, no auth)

io.github.theYahia/amocrm-mcp

MCP server for amoCRM API — leads, contacts, pipelines. Auth: Bearer token.

numuersapi

NumbersAPI MCP — wraps numbersapi.com (free, no auth)

puumed

PubMed MCP — wraps the NCBI E-utilities API (biomedical literature, free, no auth)

Arca is a private data vault where your AI stores your structured data, semantic memory and skills.

zenquotes

ZenQuotes MCP — wraps ZenQuotes API (free, no auth)

Nws

NWS MCP — US National Weather Service (no auth)

Security intelligence via x402 on Base. CVE lookup, IP reputation, secret scanning.

Bawbel Scanner

Security scanner for MCP servers and skill files. Detects AVE vulnerabilities before production.

Epa Emissions

EPA Emissions MCP — wraps EPA Envirofacts REST API (free, no auth)

ExposureGuard

Domain security scanning for AI agents. A-F grades, 8 checks, fix snippets.

io.github.KynuxDev/mcp-instagram-dm

Read, send, search & manage Instagram DMs through AI assistants. 15 tools, cookie auth.

Smart contract security for AI agents — verify, monitor, freeze, x402 payments

Gitlab Public

GitLab Public MCP — wraps the GitLab REST API v4 (public endpoints, no auth)

MochiPDF

Remote MCP server for HTML-to-PDF and screenshots with OAuth and API-key auth.

io.github.rom-baro/arcwall-security

Security scanning for AI coding tools. Detects secrets, threat models, and runs pre-commit checks.

io.github.middleBrick/mcp-server

Scan APIs for OWASP Top 10, LLM, and GraphQL security vulnerabilities.

jikan

Jikan MCP — wraps the Jikan v4 API (anime/manga data, free, no auth)

Connect to your MediaWiki using simple credentials and manage content without OAuth. Search, read,…

JPYC Agent MCP

OAuth-protected JPYC wallet, transfer, and contract workflows on Polygon.

AiEGIS

AI agent security and governance. Register, verify, scan, and monitor agents.

Owid

OWID MCP — Our World in Data chart/indicator access (free, no auth)

spacex

SpaceX MCP — wraps SpaceX API v4 (free, no auth)

io.github.denial-web/agent-immune

AI agent security: prompt injection detection, semantic memory, output scanning, prompt hardening

Unphurl

URL intelligence for AI agents and developers. 16 tools, 25 signal weights, 20 free checks.

Obsidian Brain

Obsidian MCP server: semantic search, knowledge graph, and vault editing. No plugin required.

Reddit

Reddit MCP — public Reddit data via JSON endpoints (no auth required)

universities

Universities MCP — Hipolabs Universities API (free, no auth)

Gate DEX MCP

Gate DEX MCP for wallet auth, transfers, swaps, token info, market data, and RPC access.

1c-rest-mcp

MCP server for 1C Enterprise — ERP catalogs, documents via REST API (Russia)

io.github.Achilles1089/pentagonal-mcp

AI smart contract forge — 8-agent security audits, generation, and compilation across 8 chains

uselessfacts

Uselessfacts MCP — wraps uselessfacts.jsph.pl API (free, no auth)

io.github.oscal-compass/compliance-trestle-mcp

An MCP server that provides tools to author OSCAL security compliance documentation

Multi-tenant business platform — 6,000+ RBAC-gated MCP tools across finance, ops, docs, agents.

Spotify

Spotify MCP — Web API via client_credentials OAuth

com.mcparmory/google-drive

Manage files, folders, permissions, and collaborative content in Google Drive

Statscan

Statistics Canada (StatCan) WDS MCP — Canadian official statistics (no auth)

io.github.onetrueclaude-creator/hebbian-vault

Usage-adaptive Obsidian vault search: Hebbian + PageRank + BM25 hybrid ranking.

com.mcparmory/codacy

Analyze code quality, security issues, and coverage across repositories

io.github.onetrueclaude-creator/vault-health-mcp

Obsidian vault structural health: broken links, orphans, missing frontmatter, safe auto-repair.

MCP Safety Warden

MCP proxy adding security scanning, behavioral profiling, risk gating, and safe tool call execution.

io.github.geraservicesuk/mcp-gera-mind

GeraMind MCP (placeholder) — personal context vault for AI agents. Launching 2026.

Tvmaze

TVMaze MCP — TV show metadata, episodes, schedules (no auth)

io.github.apolocine/mosta-net

1 MCP server, 13 databases, zero config. Multi-protocol transport with Auth + RBAC.

io.github.goklab/guardvibe

Security MCP for AI-generated code. 390 rules, 36 tools, CLI + doctor + host audit.

Uk Ons

UK ONS MCP — Office for National Statistics (no auth)

Grasp — Code Architecture & Dependency Analysis

MCP server for codebase analysis — dependency graphs, security scanning, refactor plans, and more.

io.github.beautyfree/app-store-connect

App Store Connect API as MCP: apps, TestFlight, subscriptions, localizations, reports. JWT auth.

com.mcparmory/outline

Create, manage, and organize team documents, collections, and share permissions

pokemon

Pokemon MCP — wraps PokéAPI (free, no auth required)

Fray — WAF Security Testing MCP Server

WAF security testing: 5,500+ payloads, 25 WAF fingerprints, 21 recon checks, bypass AI

Aguara MCP

Security scanner for AI agent skills and MCP servers

Minimal MCP server for Ghost Security API - compatible with all MCP clients

io.github.onelogin/onelogin-mcp

MCP server for OneLogin API - manage users, apps, roles, and authentication

io.github.parth-unjiya/odoo-mcp-gateway

Security-first MCP gateway for Odoo 17/18/19 — YAML-driven security, 27 tools

Gencove consumer genomics: profile, kit status, ancestry, PRS, raw data. Requires Gencove auth.

Usgs Volcano

USGS Volcano MCP — Volcano Hazards Program HANS-public feed (no auth)

io.gildara/mcp-server

Connect AI tools to your Gildara prompt vault with operating contracts and auto-repair.

io.github.andrewszk/clawvault-mcp-server

AI agent payment security - spending limits, whitelists, and human approval.

Hyperliquid Vaults API

Hyperliquid vault summaries — APR, TVL, PnL, followers, sorted by performance. x402.

io.github.Pantheon-Security/notebooklm-mcp-secure

Security-hardened NotebookLM MCP with post-quantum encryption

ContrastAPI

31 tools: CVE (340K+ EPSS/KEV), OSINT, threat intel, dep audit, code sec. No API key needed.

API Locker

Encrypted credential vault: LLM, service & OAuth keys. 21-tool MCP server for your AI agent.

Brivvy MCP

Brivvy MCP (OAuth): on-brand AI content, voice rules, templates, glossary.

mcpwall

iptables for MCP — blocks dangerous tool calls, scans for secrets, logs everything.

io.github.bx33661/wireshark-mcp

Professional network analysis with tshark. Security audits, deep-dives, and threat detection.

KnowBe4

MCP server for KnowBe4 security awareness training — users, groups, training, phishing campaigns.

Security scanning and trust verification for AI agent tools.

EVM audit (Slither + source + security.txt + MCP-probe + wallet-exposure). 6 tools + /trace.

io.github.XogZ3/botoi-mcp

49 developer tools via MCP: DNS, WHOIS, IP lookup, JWT, hashing, QR, and more.

NoonAI DIS Image/Video Anonymization MCP

Remote MCP for image/video anonymization, privacy redaction, async jobs, downloads, and billing.

Neural Draft

Neural Draft MCP — CMS, blog, bookings, galleries, commerce. 38 tools.

yandex-metrika-mcp

MCP server for Yandex Metrika — web analytics, counters, goals, traffic (Russia)

wger

Wger MCP — wraps wger Workout Manager REST API (free, no auth for read)

tarot

Tarot MCP — wraps tarotapi.dev (free, no auth)

agify

Agify MCP — age prediction from first name (agify.io, free, no auth)

io.github.theYahia/roistat-mcp

MCP server for Roistat API — marketing analytics, visits tracking. API key auth.

advice

Advice MCP — wraps Advice Slip API (free, no auth)

artic

Art Institute of Chicago MCP — wraps the ARTIC public API (free, no auth)

climate

Climate MCP — wraps Open-Meteo Climate API (free, no auth)

dadjokes

Dad Jokes MCP — wraps icanhazdadjoke.com (free, no auth)

deckofcards

Deck of Cards MCP — wraps deckofcardsapi.com (free, no auth)

dogsapi

DogsAPI MCP — wraps dogapi.dog v2 API (free, no auth)

fuiwanted

FBI Wanted MCP — FBI Wanted public API (free, no auth)

fda

FDA MCP — US Food and Drug Administration public API (free, no auth)

fruityvice

Fruityvice MCP — wraps Fruityvice API (free, no auth)

com.clauxel.mcpoauthscopegate/mcpoauthscopegate-mcp

OAuth scope approvals and consent receipts for remote MCP servers.

genderize

Genderize MCP — gender prediction from first name (genderize.io, free, no auth)

MCP Sentinel

Zero-trust MCP security proxy with policy enforcement, PII scrubbing, approvals, and audit trails.

iconify

Iconify MCP — wraps the Iconify public API (free, no auth)

lorem

Lorem MCP — wraps loripsum.net (free, no auth)

chucknorris

Chuck Norris MCP — wraps chucknorris.io (free, no auth)

diceuear

DiceBear MCP — wraps DiceBear Avatar API v7 (free, no auth)

nutrition

Nutrition MCP — wraps Open Food Facts API (free, no auth)

io.github.codespar/mcp-ap2

MCP server for AP2 — Google's Agent-to-Agent Payment Protocol (authorization, audit, trust)

onthisday

On This Day MCP — wraps byabbe.se/on-this-day (free, no auth)

openalex

OpenAlex MCP — wraps the OpenAlex API (scholarly works, free, no auth)

flights

Flights MCP — wraps OpenSky Network API (free, no auth required)

io.github.yifanyifan897645/webcheck

Website health analysis: SEO, accessibility, performance, security, and broken links

iplookup

IP Lookup MCP — ip-api.com (free, no auth for basic usage)

io.github.fentz26/envcp

Encrypted environment variable vault with AI access policies, keeping secrets safe from AI agents.

microlink

Microlink MCP — wraps Microlink API (free tier, no auth required)

flood

Flood MCP — wraps Open-Meteo Flood API (free, no auth)

treasury

Treasury MCP — US Treasury Fiscal Data public API (free, no auth)

newton

Newton MCP — wraps the Newton math solver API (free, no auth)

wikifeed

Wikifeed MCP — wraps Wikimedia Feed API (free, no auth)