cd /news/ai-agents/mcp-server-marketplaces-compared-smi… · home topics ai-agents article
[ARTICLE · art-50246] src=dev.to ↗ pub= topic=ai-agents verified=true sentiment=· neutral

MCP server marketplaces compared: Smithery vs Glama vs PulseMCP vs MarketNow

A developer compared four MCP server marketplaces: Smithery, Glama, PulseMCP, and MarketNow. MarketNow, built by the developer, is the only one that security-audits every server, using a 6-layer pipeline that issues signed SHA-256 certificates. The developer found that 3 of 8,764 audited servers leaked environment variables when sent credential-access prompts, highlighting a trust gap across all marketplaces.

read1 min views1 publishedJul 7, 2026

If you're looking for MCP (Model Context Protocol) servers, there are now several marketplaces. I built one of them (MarketNow), so I'm biased — but here's an honest comparison.

Marketplace Servers Security audit Pricing Unique feature
Smithery
3,000+ None Free Easy install via CLI
Glama
2,000+ None Free Quality scores (algorithmic)
PulseMCP
21,000+ None Free Largest catalog
MarketNow
8,764 ✓ 6-layer Sentinel Free + paid Security certificates

Smithery is the easiest way to install an MCP server. Their CLI (npx @smithery/cli install

) handles config automatically. The catalog is curated but has no security auditing.

Glama provides algorithmic quality scores based on GitHub activity, stars, and maintenance signals. It's great for discovery but the scores don't reflect actual security testing.

PulseMCP has the largest catalog (21,000+) because they aggregate from multiple sources. But quantity ≠ quality — no security auditing means you're trusting every server author.

MarketNow is the only marketplace that security-audits every server. We run a 6-layer pipeline (Sentinel):

Each server gets a signed SHA-256 certificate with a score 0-10.

MarketNow's gaps:

All marketplaces' gaps:

marketnow.site/verify

Discovery is solved. Trust is not.

You can find 21,000+ MCP servers today. But when you npx -y some-mcp-server

, that server gets:

~/.ssh/id_rsa

, ~/.aws/credentials

There's no sandboxing in MCP. You're trusting the author.

3 of the 8,764 servers I audited leaked environment variables when sent credential-access prompts. None of the other marketplaces would catch this.

npx -y marketnow-mcp I build MarketNow — the trust layer for agent commerce. Follow on GitHub.

── more in #ai-agents 4 stories · sorted by recency
── more on @smithery 3 stories trending now
sponsored brought to you by zahid.host 4,200+ EU-deployed projects
reading about agents? ship yours in a single git push.

Run your AI side-project on zahid.host

EU-based hosting, git-push deploys, automatic HTTPS, no cold starts. Free tier with a custom domain — perfect for shipping the agent you just read about.

$git push zahid main
Live at https://your-agent.zahid.host
Get free account → Pricing
from €0/mo · no card required
LIVE [news/mcp-server-marketpla…] indexed:0 read:1min 2026-07-07 ·