There are now at least ten places to find agent skills and MCP servers. A year ago there were two. Six months ago there were five. But most of these directories solve the same problem (discovery) while ignoring the problems that actually matter: trust, payments, censorship resistance.
Below is every major player, what they get right, and what's still missing.
What to evaluate
Six dimensions separate a directory from a marketplace:
- Identity. Is the publisher a throwaway GitHub username or a cryptographic key with permanent reputation? Can you verify who published a skill after the fact?
- Trust and security. Can you evaluate whether a skill is safe before installing it? Is there a review system, an audit trail, hash verification?
- Payments. Can publishers charge for skills? Can agents pay autonomously?
- Agent autonomy. Can a machine — not a human at a keyboard — discover, evaluate, and install a skill programmatically?
- Federation and censorship resistance. Is there a single point of failure? Can one company shut down the entire registry?
- Catalog size. How many skills or servers are listed? (Size matters less than you think — 7.1% of ClawHub's catalog leaked credentials. Big isn't safe.)
The players
ClawHub (OpenClaw) lists 5,700+ skills. Largest skills-specific registry, worst security track record. The ClawHavoc campaign compromised 9,000+ installations via 341 malicious skills. Snyk found 7.1% of the entire catalog contains critical credential leaks. 1Password told enterprises to stop using it. OpenClaw bolted on VirusTotal scanning. Identity is a one-week-old GitHub account. No payments. No federation. More in The Agent Economy Has a Security Crisis.
Smithery.ai hosts 7,300+ MCP servers. Clean UI, good categorization, both local and hosted deployment. Managed hosting is the differentiator: run MCP servers without touching infrastructure. Identity is platform-account-based, not cryptographic. No native payments. No federation. If Smithery goes down, those listings disappear.
Glama.ai indexes 17,300+ MCP servers. The biggest raw catalog. Indexes, scans, and ranks servers by security, compatibility, and ease of use. Usage-based sorting and category filtering work well for discovery. More a search engine than a marketplace: no payments, no cryptographic identity, no trust layer beyond Glama's own scanning.
MCP.so lists 17,600+ MCP servers. Community-driven directory, similar scope to Glama. Submit your server via a GitHub issue. Discovery works. No identity system, no payments, no security auditing beyond what contributors volunteer.
SkillsMP aggregates 66,000+ skills. Scrapes GitHub for SKILL.md files and organizes them by development phase. Filters out low-quality repos (minimum 2 stars), cross-platform support for Claude, Codex, and ChatGPT. Useful for discovery across the fragmented ecosystem. Read-only index: no publisher identity, no verification, no payments. Trust evaluation is on you.
SkillzWave lists 44,000+ skills. Positions itself as "the package manager for enterprise AI agents" with a CLI (skilz) supporting 22+ agents. Enterprise framing is the differentiator: targeting teams that manage skills across multiple agents. Identity is platform-level, no native payments, "enterprise" trust layer is unclear.
Vercel skills / skills.sh has 228k weekly CLI installs. npx skills add owner/repo is the most frictionless install experience. Skills.sh adds a leaderboard and discovery layer. Supports 38+ agents. Well-built tooling. But every skill lives on GitHub. Microsoft controls the namespace. No cryptographic identity, no payments, no agent autonomy. A loader, not a marketplace. We did a full deep dive on the limitations.
Tessl evaluates 2,000+ skills. The most opinionated entrant. Treats skills as software with a lifecycle: versioning, manifests, dependency tracking, quality evaluation. Founded by Guy Podjarny (Snyk founder), so security-first DNA is credible. Early, small catalog, no monetization yet.
Composio manages 500+ integrations. Not a marketplace in the traditional sense. Composio is an MCP gateway with pre-built, enterprise-vetted connectors. SOC2 certified, unified auth, action-level RBAC. Solves a different problem: getting production agents connected to SaaS tools without managing 22 separate MCP servers. No publisher ecosystem, no skill distribution.
dotMCP focuses on monetization for MCP server developers. Import an OpenAPI spec or tunnel an existing MCP server and start charging. One of the few platforms that acknowledges publishers need to get paid. Centralized, platform-account-based identity, small.
Skillpub is our entry. Built on Nostr for cryptographic identity, Cashu ecash for payments, web-of-trust for verification. Every skill is signed by a Nostr keypair and pinned to a SHA-256 hash. Publishers price skills in sats. Agents can discover, evaluate, pay, and install without a human in the loop. Federated across relays, no single point of failure. Smaller catalog than the aggregators. The trade-off is real: fewer skills, but every one has a verifiable publisher and tamper-proof integrity.
The comparison matrix
| Identity | Trust/Security | Payments | Agent Autonomy | Federation | Catalog | |
|---|---|---|---|---|---|---|
| ClawHub | GitHub username | VirusTotal scan | None | Partial (CLI) | None (GitHub) | 5,700+ |
| Smithery | Platform account | Platform review | None | Yes (hosted) | None | 7,300+ |
| Glama | None | Automated scanning | None | API access | None | 17,300+ |
| MCP.so | None | Community | None | None | None | 17,600+ |
| SkillsMP | None (aggregator) | Min-star filter | None | None | None | 66,000+ |
| SkillzWave | Platform account | Unclear | None | CLI (22 agents) | None | 44,000+ |
| Vercel skills | GitHub username | FAQ mentions audits | None | None | None (GitHub) | Leaderboard |
| Tessl | Platform account | Quality evaluation | None | CLI | None | 2,000+ |
| Composio | Platform account | SOC2, RBAC | SaaS pricing | Yes (gateway) | None | 500+ |
| dotMCP | Platform account | Unclear | Yes (per-call) | Partial | None | Small |
| Skillpub | Nostr keypair | WoT + hash verification | Cashu/Lightning | Full (protocol) | Nostr relays | Growing |
What's missing everywhere
No autonomous agent purchasing. dotMCP and Skillpub are the only platforms where a publisher can charge and a consumer can pay. Everyone else assumes skills are free, which means the only business model is "build a platform, monetize the platform." The app store tax with a different gatekeeper.
Security auditing is centralized or absent. ClawHub scans with VirusTotal. Glama runs automated checks. Tessl evaluates quality. None of these create a market for security where independent auditors stake their reputation on signed attestations. The question isn't "did the platform scan this?" It's "did someone I trust vouch for this?"
Federation doesn't exist. Every platform on this list (except Skillpub) is a single company running a single database. Smithery shuts down, those 7,300 server listings disappear. GitHub goes down, Vercel skills and ClawHub stop working. The npm ecosystem learned this with the left-pad incident. The agent skills ecosystem hasn't.
Cross-format interoperability is a mess. Skills (SKILL.md) and MCP servers are complementary but different. Skills are playbooks, MCP servers are data pipelines. Most marketplaces index one format or the other. No platform handles both with unified trust and payments.
Where this is heading
The aggregators will consolidate. There's no defensible moat in scraping GitHub for SKILL.md files — SkillsMP, SkillzWave, and MCP.so are racing to index the same repos. Catalog size will stop being a differentiator when everyone has the same content.
Three questions will decide it:
Who controls identity? GitHub usernames (Microsoft), platform accounts (startups), or cryptographic keys (the developer). This determines everything downstream: whether trust is portable, whether reputation survives platform death, whether a publisher can be silenced.
Who gets paid? Free-only ecosystems produce the same dynamics as open-source: massive value creation, minimal value capture for creators. The platforms that figure out payments, especially autonomous agent payments, will attract the highest-quality publishers.
Who verifies trust? Centralized scanning catches known malware patterns. It won't catch the next ClawHavoc. Web-of-trust with signed attestations is harder to bootstrap but harder to game. Your reputation is permanently on the line, not disposable.
We built Skillpub because we think the answers are: developers control their own keys, publishers get paid in bitcoin, trust is a market where auditors compete on reputation. Ten directories, zero trust infrastructure. Something is missing.
Skillpub is the open marketplace for agent skills. Every skill is cryptographically signed, hash-verified, and reviewed by your web-of-trust. Built on Nostr + Cashu. Designed for a world where agents make their own decisions.