What Smithery Does
Smithery is the closest thing the Model Context Protocol ecosystem has to an app store. It indexes thousands of MCP servers — official Anthropic implementations, GitHub integrations, database connectors, web-scraping tools, and a long tail of community contributions — and exposes them through a searchable web catalogue and a CLI that handles installation, version pinning, and automatic config wiring for Claude Desktop, Cursor, Windsurf, and other MCP-compatible agents. The pitch is simple: stop hand-editing JSON config files and stop hunting through GitHub for working MCP servers.
Finding and Installing MCP Servers
The discovery experience is where Smithery shines. The catalogue is filterable by category, sortable by popularity and freshness, and each listing carries metadata — author, license, install count, configuration schema — that helps developers triage before committing. Search is fast and forgiving; typing "github" surfaces several official and community variants, each with one-line install commands ready to copy.
Installation is genuinely one command. The CLI resolves the server, pulls the package, prompts for any required configuration values (API keys, paths, scopes), and writes the appropriate JSON into the agent's config file. Restart the agent and the tools appear. Compared to the original MCP onboarding experience — clone a repo, read a README, manually edit `claude_desktop_config.json`, hope you got the schema right — the friction reduction is substantial.
Catalogue Depth and Ecosystem Coverage
Smithery's catalogue has crossed 7,000 listings as of mid-2026, spanning official Anthropic reference servers, vendor-built integrations (GitHub, Linear, Notion, Slack, PostgreSQL, Stripe), and community packages for everything from web scraping to scientific computing. For most common integrations there is a reasonable Smithery listing within a search or two, often with multiple competing implementations.
That breadth comes with uneven quality. The same search query can surface a production-grade server maintained by a vendor team alongside a six-month-old experimental fork with no documentation. Smithery exposes signals — install counts, GitHub stars, last update — but does not curate or grade. Treat the catalogue like npm: rich, fast, and the developer's responsibility to vet.
Security, Trust, and the Third-Party Code Problem
MCP servers run with whatever privileges the host agent grants them. That typically includes filesystem access, network calls, and sometimes credentials for whatever third-party API the server wraps. Smithery does not audit submitted server code, so every install is fundamentally a trust decision — the same risk model as installing a random npm package, with the additional wrinkle that MCP servers tend to be invoked autonomously by AI agents rather than explicitly by developers.
The MCP ecosystem saw multiple security disclosures across late 2025 and early 2026 — prompt injection through tool descriptions, credential exfiltration, and supply-chain concerns — and Smithery has been steadily layering in safeguards (signed packages, scoped permissions, sandboxing options). Coverage is improving but uneven; teams handling sensitive systems should still review server source before installing, especially for community packages without a known maintainer.