Smithery CLI: Setup, Usage & Alternatives (2026)
If you've searched for "smithery mcp" or "smithery ai" recently, you're not alone. Smithery pulls roughly 590 monthly searches for each term, making it one of the most recognized brands in the MCP ecosystem. The Smithery CLI is the tool that turns that registry into something you can actually use from your terminal.
Here's the thing: Smithery is genuinely useful for solo developers who want to explore MCP servers fast. But as teams try to move from experimentation to production agent products, a set of limitations shows up that a CLI registry wasn't designed to solve. Quality variance, credential management, access control, and token bloat all become real problems at scale.
This guide walks through the full Smithery CLI workflow, what it does well, where it hits walls, and when a different approach like an MCP gateway makes more sense.
- Smithery CLI lets you search, install, and configure MCP servers from your terminal in one command.
- The registry lists 6,000+ community-submitted servers, but quality, maintenance, and security posture vary widely across that catalog.
- A path traversal vulnerability disclosed in October 2025 exposed 3,000+ hosted servers and API keys on Smithery's infrastructure. It's been patched, but the incident fueled ongoing "is smithery ai safe" concerns.
- For individual developers exploring MCP, Smithery is the fastest on-ramp available.
- For teams building production agent products, an MCP gateway like Apigene provides verified connections, auth translation, output compression, and access control that the registry model doesn't offer.
What Is Smithery CLI?
Smithery CLI is the command-line interface for Smithery.ai, an MCP server registry and hosting platform. It lets you browse, install, and configure MCP servers directly from your terminal without hand-editing JSON config files.
The core idea: instead of finding an MCP server on GitHub, cloning the repo, installing dependencies, and wiring up your claude_desktop_config.json manually, you run a single smithery cli command. Smithery handles installation, configuration, and client connection.
Smithery's registry currently lists over 6,000 MCP servers across developer tools, data connectors, productivity integrations, and AI utilities. Anyone can submit a server, which is both the platform's strength (breadth) and its weakness (inconsistent quality).
How to Install and Set Up Smithery CLI
The full setup takes about two minutes. You'll need Node.js 18+ on your machine.
Step 1: Install via npm
npm install -g @smithery/cliThis installs the smithery command globally. Verify it's working:
smithery --versionStop Building MCP Integrations From Scratch.
- Any API, one line of code — connect to ChatGPT, Claude, and Cursor without writing custom MCP servers
- Visual UI in the chat — render interactive components, not just text dumps. Charts, forms, dashboards.
- 70% fewer tokens — dynamic tool loading and output compression so your agents stay fast and cheap
Step 2: Authenticate (Optional)
Some features require an account. Create one at smithery.ai, then authenticate:
smithery auth loginThis opens a browser window for OAuth. Once you're in, you can access private servers and your installation history.
Step 3: Set Your MCP Client
Smithery CLI needs to know which MCP client you're targeting. It supports Claude Desktop, Cursor, Windsurf, and others:
smithery config set-client claudeThat's it. You're ready to search and install.
Common Smithery CLI Commands
Here's a working reference for the commands you'll reach for most often.
Search for MCP Servers
smithery search "github"Returns servers matching your query with names, descriptions, and install counts. You can narrow by category:
smithery search "database" --category dataInstall an MCP Server
smithery install @anthropic/github-mcpThis downloads the server, resolves dependencies, and adds the correct entry to your MCP client's config file. For Claude Desktop, it updates claude_desktop_config.json automatically.
Some servers need environment variables (API keys, tokens). Smithery prompts you during installation:
smithery install @example/slack-mcp
# Prompts: Enter your Slack Bot Token: xoxb-...List Installed Servers
smithery listShows all MCP servers currently installed and configured for your active client.
Update a Server
smithery update @anthropic/github-mcpPulls the latest version. Update everything at once:
smithery update --allRemove a Server
smithery remove @anthropic/github-mcpRemoves the server and cleans up the config entry.
View Server Details
smithery info @anthropic/github-mcpShows the server's description, exposed tools, required configuration, install count, and last updated date. Run this before installing anything you haven't vetted.
What Smithery Does Well
Smithery solves a real problem for developers getting started with MCP. It deserves credit for three things in particular.
Fast discovery across 6,000+ servers. You can find an MCP server for almost any integration: GitHub, Slack, PostgreSQL, Google Sheets, Notion, Jira. The search is fast, and install-count ranking gives you a rough quality signal. For the smithery mcp ecosystem, this breadth is unmatched.
One-command installation. Before Smithery, setting up an MCP server meant cloning a repo, running npm install, possibly building from source, and then manually editing your client config. Smithery compresses that entire workflow to a single command. For developers who want to try a server quickly, that time savings is real.
Client-aware configuration. Smithery knows the config file format for Claude Desktop, Cursor, and other clients. It writes the correct JSON structure automatically. This eliminates the "why isn't my MCP server showing up?" debugging loop that everyone has hit at least once.
Hosted server option. Beyond the CLI, Smithery offers hosted MCP servers through their cloud infrastructure. Instead of running servers locally, you can connect to Smithery-hosted instances. This is convenient for servers that need persistent connections or specific runtime environments.
Limitations for Production Teams
Every tool has tradeoffs. Smithery's are most visible when teams try to move beyond personal experimentation. These aren't failures of the tool. They're natural boundaries of the registry-and-installer model.
Explore 251+ MCP Integrations
Discover official and remote-only MCP servers from leading vendors. Connect AI agents to powerful tools and services.
Server Quality Varies Widely
Smithery's registry is open submission. That breadth is useful for discovery, but it creates a consistency problem.
Some servers are well-maintained with active GitHub repos and regular updates. Others haven't been touched in months. A few expose tools that don't work correctly with current MCP client versions. One developer on Reddit pointed out that some community MCP servers are "completely useless" because they wrap APIs the AI model can already access natively.
There's no formal verification process, no security audit, and no maintenance guarantee. You're trusting that each server author built it correctly and will keep it working. For personal projects, that's an acceptable bet. For production systems handling customer data, it's not.
The Security Question
In October 2025, security researchers disclosed a path traversal vulnerability in Smithery's hosted infrastructure. The flaw allowed access to sensitive files on Smithery's build systems, including authentication credentials for their Docker registry and Fly.io's machines API. Those credentials gave researchers the theoretical ability to execute arbitrary code on any of the 3,000+ hosted MCP servers.
Smithery patched the vulnerability, and there's no public evidence of exploitation. But the incident lit up Reddit. One commenter wrote: "Smithery was a black box and we shouldn't use it." Another noted: "People are just too trusting with API keys from complete randos."
The question "is smithery ai safe" keeps coming up in developer communities. The honest answer: it depends on your use case. Running a community server locally on a dev machine carries a different risk profile than routing production API keys through hosted infrastructure. For exploration, the risk is manageable. For production workloads with real credentials, you'll want more control over the trust boundary.
No Auth Management
Smithery CLI installs MCP servers. It doesn't manage how those servers authenticate with external services, how your AI clients authenticate with the servers, or how you control access across a team.
If you're one developer running three MCP servers locally in Claude Desktop, that works fine. But teams of 5-10+ engineers sharing MCP tool access across Claude, ChatGPT, and custom agents need centralized auth translation (different AI clients implement OAuth differently), per-user access control, credential isolation so API keys aren't scattered across developer machines, and audit logging to track who called what tool and when.
The registry model wasn't built for this. It's an installer, not a governance layer.
No Output Optimization
MCP tool responses are often bloated with null fields, excessive metadata, and full HTML payloads. One developer measured a single read_file call consuming 10,000+ tokens from the context window. When you load multiple servers, context bloat compounds fast, and your agent's reasoning quality drops as the window fills up.
Smithery doesn't compress or optimize tool output. You're paying full token cost for every tool call, and your agent loses reasoning capacity with each response. For teams running agents at scale, this directly impacts both AI spend and output quality.
Smithery vs Apigene: Comparison Table
When the registry model hits its limits, an MCP gateway addresses the gaps. Here's how the two approaches compare across the features that matter for production teams.
| Feature | Apigene | Smithery |
|---|---|---|
| Primary function | MCP gateway + tool aggregation | MCP server registry + CLI installer |
| Server access | Any API or MCP server (not limited to a registry) | 6,000+ community-submitted servers |
| Server verification | Verified and tested connections | Open submission, no verification |
| Auth management | Full auth translation (OAuth, API keys, bearer tokens) | None |
| Access control (RBAC) | Per-user and per-tool permissions | None |
| Tool output compression | Dynamic compression to reduce token costs | None |
| Dynamic tool loading | Loads only relevant tools per session | All installed tools loaded at once |
| UI rendering in chat | Rich UI components via MCP Apps standard | None |
| Credential storage | Centralized, encrypted management | Keys stored locally on dev machines |
| Audit logging | Full tool-call audit trail | None |
| Best for | Teams building production agent products | Individual devs exploring MCP |
| Pricing | Free tier + usage-based | Free (hosted servers have usage limits) |
Apigene takes a fundamentally different approach than Smithery. Instead of browsing and installing individual servers, you connect any API or MCP server to your AI agents through a single managed endpoint.
The practical difference: with Smithery, you install 5 MCP servers and manage 5 separate configurations, credential sets, and update cycles. With Apigene, you connect those same 5 services through one gateway URL. Your Claude, ChatGPT, and custom agents all point to that single endpoint.
Three capabilities stand out for production teams:
Auth translation. ChatGPT requires OAuth 2.1. Claude implements it differently. Your internal APIs use bearer tokens. Apigene handles translation between all of these so your services don't need multiple auth flows.
Dynamic tool loading and output compression. Instead of dumping every tool definition into your agent's context window, Apigene surfaces only the tools relevant to each session. It also compresses tool responses to cut token consumption. This directly impacts your AI spend and your agent's reasoning quality.
MCP Apps (UI rendering). Apigene is the only MCP gateway that renders interactive UI components inside ChatGPT and Claude. When your agent pulls data from a CRM or analytics tool, the response shows as interactive visual elements, not a wall of JSON text. The open-source MCP Apps standard has 50+ example apps on GitHub.
When to Use What
The right tool depends on where you are in your MCP journey and what you're building.
Use Smithery CLI if you're an individual developer exploring MCP for the first time. You want to try different servers quickly, you're working locally, and you don't need team-level controls. Smithery's breadth and one-command install make it the fastest way to get MCP servers running on your machine.
Use Apigene if you're a team building an AI agent product for production. You need verified server connections, centralized auth, access control, audit logging, and optimized tool responses. You don't want to manage individual server installations across multiple developer machines and AI clients.
Use both if you want to prototype with Smithery's breadth, then move the servers that prove valuable into a gateway for production. The two tools can complement each other at different stages of a project.
Yaniv Shani, Founder of Apigene:
"The number of MCP servers available doesn't matter if your agent can't use them reliably. What I see teams struggle with isn't finding tools. It's running 10+ tools together without context bloat killing their agent's reasoning, without API keys scattered across laptops, and without spending hours debugging auth flows that break every time a client updates their OAuth implementation. The registry model is great for discovery. Production needs a gateway."
The Bottom Line
Smithery CLI is a well-built tool that does exactly what it set out to do: make MCP server discovery and installation fast for individual developers. The 6,000+ server registry, one-command installs, and client-aware configuration make it the easiest on-ramp into the MCP ecosystem in 2026. If you're exploring what MCP servers can do, start here.
The limitations aren't flaws in Smithery. They're boundaries of what a registry-and-installer model can provide. When your project moves from "trying out MCP" to "shipping an agent product to customers," you'll need verified connections, centralized auth, output optimization, and team-level access control. That's where an MCP gateway like Apigene picks up.
The best smithery alternatives aren't replacements. They're the next layer of infrastructure that sits on top of what registries provide.
Stop Building MCP Integrations From Scratch.
- Any API, one line of code — connect to ChatGPT, Claude, and Cursor without writing custom MCP servers
- Visual UI in the chat — render interactive components, not just text dumps. Charts, forms, dashboards.
- 70% fewer tokens — dynamic tool loading and output compression so your agents stay fast and cheap
Is Smithery AI safe to use?
Smithery patched a path traversal vulnerability in October 2025 that exposed credentials across 3,000+ hosted servers. For local MCP server installation (where servers run on your machine), the risk is lower since you can inspect code before running it. For hosted server infrastructure, safety depends on Smithery's ongoing security practices. If you're passing production API keys through any third-party service, review their security posture and consider whether a self-hosted or gateway-based approach gives you better control.
What's the difference between Smithery and an MCP gateway?
Smithery is a registry and CLI installer. It helps you find and install MCP servers on your local machine. An MCP gateway (like Apigene) is infrastructure that sits between your AI agents and your tools, handling authentication, access control, tool aggregation, output compression, and observability. Smithery helps you set up individual servers. A gateway helps you run them together in production.
Can I use Smithery CLI with ChatGPT?
Smithery CLI primarily targets local MCP clients like Claude Desktop, Cursor, and Windsurf. ChatGPT uses remote MCP connections and requires OAuth 2.1 authentication, which Smithery's local installation model doesn't support directly. To connect MCP servers to ChatGPT, you'd typically need a hosted MCP endpoint or a gateway that handles ChatGPT's specific OAuth requirements.
How many MCP servers does Smithery have?
As of March 2026, Smithery's registry lists over 6,000 MCP servers. These are community-submitted, and quality varies significantly. The most popular servers (by install count) tend to be better maintained, while the long tail includes servers that may be outdated, unmaintained, or incompatible with current MCP client versions.
Does Smithery CLI work on Windows, Mac, and Linux?
Yes. Smithery CLI is an npm package that runs anywhere Node.js 18+ is installed. It supports Windows, macOS, and Linux. The client configuration it writes depends on which MCP client you're using, and Smithery handles the OS-specific config paths automatically.
What are the best Smithery alternatives for production use?
For teams building production AI agent products, Apigene is the strongest smithery alternative because it provides gateway-level features: auth translation, RBAC, dynamic tool loading, output compression, and MCP Apps for UI rendering inside chat. The choice comes down to whether you need a faster way to install servers (Smithery) or a managed way to run them reliably in production (Apigene).