Directory
Free MCP servers
Free here means open-source MCP servers you self-host, typically over stdio. The server binary or npm package costs nothing. No managed-hosting subscription, no per-call API fees from a directory vendor.
What "free" actually covers
The server itself is free. If the server integrates with a paid SaaS (Notion, Salesforce, Slack, GitHub on a private repo), the underlying service may still need an account and an access token. Filesystem servers, local-database servers (SQLite, Postgres against your own instance), web-search servers, and most dev-tool servers (GitHub public-repo reads, GitLab) run end-to-end free.
Stdio transport spawns the server as a child process under your shell. Same threat model
as npm install or any other binary you run. Free does not mean low-risk.
The trust trade-off
Open source lets you read the code before you install. That visibility is real and worth using. Supply-chain risk is real too: postmark-mcp in September 2025 was the first confirmed malicious MCP server in the wild, published as a public npm package. The code was readable. The behavior was not what the description claimed.
Three inputs to weigh before installing a free server: source review (skim the Resources / Tools / Prompts the server exposes, look for hidden instructions in tool descriptions), publisher signal (npm install volume, GitHub stars, maintainer track record, last-commit recency), and behavioral scan (run it in a sandbox and watch the network and filesystem calls before letting it touch your real environment).