MCP server marketplaces compared: Smithery vs Glama vs PulseMCP vs MarketNow A developer compared four MCP server marketplaces: Smithery, Glama, PulseMCP, and MarketNow. MarketNow, built by the developer, is the only one that security-audits every server, using a 6-layer pipeline that issues signed SHA-256 certificates. The developer found that 3 of 8,764 audited servers leaked environment variables when sent credential-access prompts, highlighting a trust gap across all marketplaces. If you're looking for MCP Model Context Protocol servers, there are now several marketplaces. I built one of them MarketNow https://marketnow.site , so I'm biased — but here's an honest comparison. | Marketplace | Servers | Security audit | Pricing | Unique feature | |---|---|---|---|---| Smithery | 3,000+ | None | Free | Easy install via CLI | Glama | 2,000+ | None | Free | Quality scores algorithmic | PulseMCP | 21,000+ | None | Free | Largest catalog | MarketNow | 8,764 | ✓ 6-layer Sentinel | Free + paid | Security certificates | Smithery is the easiest way to install an MCP server. Their CLI npx @smithery/cli install handles config automatically. The catalog is curated but has no security auditing. Glama provides algorithmic quality scores based on GitHub activity, stars, and maintenance signals. It's great for discovery but the scores don't reflect actual security testing. PulseMCP has the largest catalog 21,000+ because they aggregate from multiple sources. But quantity ≠ quality — no security auditing means you're trusting every server author. MarketNow is the only marketplace that security-audits every server. We run a 6-layer pipeline Sentinel : Each server gets a signed SHA-256 certificate with a score 0-10. MarketNow's gaps: All marketplaces' gaps: marketnow.site/verify Discovery is solved. Trust is not. You can find 21,000+ MCP servers today. But when you npx -y some-mcp-server , that server gets: ~/.ssh/id rsa , ~/.aws/credentials There's no sandboxing in MCP. You're trusting the author. 3 of the 8,764 servers I audited leaked environment variables when sent credential-access prompts. None of the other marketplaces would catch this. npx -y marketnow-mcp I build MarketNow — the trust layer for agent commerce. Follow on GitHub.