{"slug": "mcp-server-marketplaces-compared-smithery-vs-glama-vs-pulsemcp-vs-marketnow", "title": "MCP server marketplaces compared: Smithery vs Glama vs PulseMCP vs MarketNow", "summary": "A developer compared four MCP server marketplaces: Smithery, Glama, PulseMCP, and MarketNow. MarketNow, built by the developer, is the only one that security-audits every server, using a 6-layer pipeline that issues signed SHA-256 certificates. The developer found that 3 of 8,764 audited servers leaked environment variables when sent credential-access prompts, highlighting a trust gap across all marketplaces.", "body_md": "If you're looking for MCP (Model Context Protocol) servers, there are now several marketplaces. I built one of them ([MarketNow](https://marketnow.site)), so I'm biased — but here's an honest comparison.\n\n| Marketplace | Servers | Security audit | Pricing | Unique feature |\n|---|---|---|---|---|\nSmithery |\n3,000+ | None | Free | Easy install via CLI |\nGlama |\n2,000+ | None | Free | Quality scores (algorithmic) |\nPulseMCP |\n21,000+ | None | Free | Largest catalog |\nMarketNow |\n8,764 | ✓ 6-layer Sentinel | Free + paid | Security certificates |\n\nSmithery is the easiest way to install an MCP server. Their CLI (`npx @smithery/cli install`\n\n) handles config automatically. The catalog is curated but has no security auditing.\n\nGlama provides algorithmic quality scores based on GitHub activity, stars, and maintenance signals. It's great for discovery but the scores don't reflect actual security testing.\n\nPulseMCP has the largest catalog (21,000+) because they aggregate from multiple sources. But quantity ≠ quality — no security auditing means you're trusting every server author.\n\nMarketNow is the only marketplace that security-audits every server. We run a 6-layer pipeline (Sentinel):\n\nEach server gets a signed SHA-256 certificate with a score 0-10.\n\n**MarketNow's gaps:**\n\n**All marketplaces' gaps:**\n\n`marketnow.site/verify`\n\nDiscovery is solved. Trust is not.\n\nYou can find 21,000+ MCP servers today. But when you `npx -y some-mcp-server`\n\n, that server gets:\n\n`~/.ssh/id_rsa`\n\n, `~/.aws/credentials`\n\nThere's no sandboxing in MCP. You're trusting the author.\n\n**3 of the 8,764 servers I audited leaked environment variables** when sent credential-access prompts. None of the other marketplaces would catch this.\n\n`npx -y marketnow-mcp`\n\n*I build MarketNow — the trust layer for agent commerce. Follow on GitHub.*", "url": "https://wpnews.pro/news/mcp-server-marketplaces-compared-smithery-vs-glama-vs-pulsemcp-vs-marketnow", "canonical_source": "https://dev.to/edison_flores_6d2cd381b13/mcp-server-marketplaces-compared-smithery-vs-glama-vs-pulsemcp-vs-marketnow-2e83", "published_at": "2026-07-07 23:43:40+00:00", "updated_at": "2026-07-07 23:58:16.360774+00:00", "lang": "en", "topics": ["ai-agents", "developer-tools", "ai-safety", "ai-infrastructure", "ai-products"], "entities": ["Smithery", "Glama", "PulseMCP", "MarketNow", "Sentinel", "MCP", "Model Context Protocol"], "alternates": {"html": "https://wpnews.pro/news/mcp-server-marketplaces-compared-smithery-vs-glama-vs-pulsemcp-vs-marketnow", "markdown": "https://wpnews.pro/news/mcp-server-marketplaces-compared-smithery-vs-glama-vs-pulsemcp-vs-marketnow.md", "text": "https://wpnews.pro/news/mcp-server-marketplaces-compared-smithery-vs-glama-vs-pulsemcp-vs-marketnow.txt", "jsonld": "https://wpnews.pro/news/mcp-server-marketplaces-compared-smithery-vs-glama-vs-pulsemcp-vs-marketnow.jsonld"}}