Executive Summary (Validated)
The Thesis
Section titled “The Thesis”AI agents (OpenClaw, Claude Code, Codex CLI, Gemini CLI) are becoming the primary interface for knowledge workers. An ecosystem of 8,600-17,800 MCP servers and ~130-150K agent skills has emerged — but with no unified infrastructure for discovery, trust, monetization, or governance.
Findable is the platform where AI agent skills are discovered, trusted, monetized, and governed.
Market Reality (Validated Feb 2026)
Section titled “Market Reality (Validated Feb 2026)”| Metric | Value | Confidence | Source |
|---|---|---|---|
| AI agents market 2025 | $7.6-8.0B | HIGH | Grand View Research, Fortune BI |
| AI agents market 2030 | $48-53B | HIGH | GVR, MarketsandMarkets, BCC Research (three independent firms) |
| MCP monthly SDK downloads | 97M+ | MEDIUM | Pento (downloads ≠ active users; CI/CD inflation likely) |
| MCP servers (curated registries) | 8,610+ | HIGH | PulseMCP |
| MCP servers (all directories) | 17,000-17,800 | HIGH | MCP.so, Glama |
| Quality-verified MCP servers | ~1,200 | HIGH | mcp-awesome curated list |
| Agent skills (all SKILL.md registries) | ~130-150K unique | MEDIUM | SkillsMP (~97K) + skills.sh (57K) minus ~28% duplicates |
| Servers with critical security issues | 32-41% | HIGH | Enkrypt AI (32%), earezki.com (41% lack auth) |
| Skills leaking credentials | 7.1% of ClawHub | HIGH | Snyk (283 of 3,984 scanned) |
| Total paid-skill revenue (entire ecosystem) | <$100K/month | MEDIUM | Cline/Ritza analysis |
Key correction: Prior “370K+ skills” figure was inflated. SkillsMP claims 270K but verified ~97K. With ~28% duplication and ~12% empty, real unique quality count is ~130-150K.
What We’re Building
Section titled “What We’re Building”| Layer | Description | Revenue Model | Demand Validated? |
|---|---|---|---|
| Discovery | Cross-platform search: MCP + SKILL.md | Free (funnel) | YES — fragmented registries, poor search |
| Trust/Security | Scanning, trust scores, verified publishers | Freemium + Enterprise | YES — 32-41% servers have critical vulns |
| Commerce | Marketplace for paid skills | Commission (15-20%) | NOT YET — <$100K/mo ecosystem revenue |
| Enterprise | Private registries, policy engine, governance | $30-80/user/month | EMERGING — Composio has $2M ARR |
Honest Scorecard
Section titled “Honest Scorecard”| Dimension | Score | Notes |
|---|---|---|
| Problem real? | 8/10 | Discovery fragmented, security crisis proven, trust absent |
| Commerce viable now? | 3/10 | Almost nobody sells skills. Open-source culture dominates |
| Security/governance timing | 8/10 | OWASP, CoSAI, NIST publishing. Compliance demand real |
| Commerce timing | 4/10 | 12-24 months away from meaningful GMV |
| Competitive moat | 5/10 | Snyk acquired Invariant Labs. Composio $29M. Vercel skills.sh |
Top Competitors
Section titled “Top Competitors”| Competitor | Funding | Threat | Why |
|---|---|---|---|
| Snyk (+ Invariant Labs) | $1.7B raised, $408M ARR | CRITICAL | They ARE “Snyk for agent skills” |
| Composio | $29M (Lightspeed) | HIGH | $2M ARR, 200+ enterprise customers |
| Vercel skills.sh | Vercel backing | HIGH | 57K skills, 110K installs in 4 days |
| Smithery | Seed (South Park Commons) | MEDIUM-HIGH | 7,300 servers, 322K monthly visits |
| Stacklok/ToolHive | Funded | MEDIUM | Cryptographic verification, enterprise |
| Microsoft | N/A | HIGH (long-term) | microsoft/skills, Copilot plugins, VS Code distribution |
Revised Strategy
Section titled “Revised Strategy”Lead with security, not commerce. Security is the most validated, most urgent, least competitive-from-incumbents wedge.
Sequence:
- Months 1-4: Open-source security scanner → community + brand
- Months 4-8: Cross-platform discovery with trust scores → free, become the reference
- Months 8-14: Enterprise governance → first revenue
- Months 14-24: Commerce → only when ecosystem GMV justifies it
Revised Financial Targets
Section titled “Revised Financial Targets”| Metric | Prior Target | Realistic Target | Basis |
|---|---|---|---|
| Year 1 ARR | $500K | $200K | Enterprise governance early adopters |
| Year 3 ARR | $8-12M | $3-5M | Enterprise expansion + API |
| Year 5 ARR | $40-63M | $10-20M | Full platform + early commerce |
Key Risks
Section titled “Key Risks”- Snyk is the actual Snyk — acquired Invariant Labs, entering MCP security with $408M revenue and 5,000 customers
- Vercel skills.sh — developer trust + distribution; 110K installs in 4 days
- Anthropic could build more — official registry deliberately minimal now, but could change
- Commerce premature — building Stripe Connect for <$100K/mo market is engineering without customers
- Microsoft/GitHub distribution — microsoft/skills + Copilot plugins marketplace
- OpenClaw uncertainty — creator joined OpenAI (Feb 14, 2026)
- 40% of agentic AI projects may be canceled by 2027 — Gartner