Install commands are being verified. Only servers with the Verified badge have been checked against the real package registry. Unverified commands may 404 -- always inspect the source repo before running. Submit corrections on GitHub.
10 curated servers
Security work is tedious but critical. This collection brings together MCP servers for vulnerability scanning, secrets management, threat intelligence, and compliance auditing. Run Semgrep for static analysis, check dependencies with Snyk, scan networks with Shodan, analyze suspicious files with VirusTotal, manage secrets in HashiCorp Vault and 1Password, and perform memory forensics with Volatility. Integrating these tools into your AI workflow means security checks become part of your natural development process instead of a separate chore.
by Semgrep
Static analysis security scanning with Semgrep. Find vulnerabilities, enforce code patterns, and audit codebases.
npx -y semgrep-mcpby nicepkg
Scan dependencies for vulnerabilities with Snyk. Check for known CVEs, license issues, and security risks.
npx -y snyk-mcp-serverby BurtTheCoder
Search Shodan for internet-connected devices and services. Scan IPs, discover open ports, and assess network exposure.
npx -y mcp-shodanby BurtTheCoder
Scan files, URLs, and domains with VirusTotal. Check for malware, analyze threat intelligence, and verify file safety.
npx -y mcp-virustotalby nicepkg
Access HashiCorp Vault secrets. Read, write, and manage secrets, encryption keys, and dynamic credentials.
npx -y hashicorp-vault-mcpby dkvdm
Secure credential retrieval from 1Password for AI agents. Access secrets, passwords, and API keys stored in your 1Password vaults without exposing them in plaintext.
npx -y @dkvdm/onepassword-mcp-serverby StacklokLabs
Query the OSV vulnerability database. Look up CVEs, check package vulnerabilities, and assess security risks across ecosystems.
npx -y osv-mcpby Gaffx
Memory forensics analysis powered by Volatility 3.x. Run plugins like pslist and netscan through AI assistants to investigate memory dumps without manual CLI work.
npx -y @gaffx/volatility-mcpby BurtTheCoder
Detect domain squatting and phishing with dnstwist. Find typosquatting domains, homoglyph attacks, and lookalike URLs.
npx -y mcp-dnstwistby LaurieWired
Reverse engineering with Ghidra through AI. Analyze binaries, decompile functions, and explore program structures.
pip install ghidramcpQuery databases, analyze datasets, search papers, and run experiments from your AI assistant.
10 servers
Ship faster with servers for GitHub, Vercel, databases, browser testing, and error tracking.
10 servers
Build AI-powered apps with servers for LLMs, RAG, memory, code execution, and web search.
10 servers