Naming & Positioning (Validated)

The Name: Findable

Domain: findable.sh Tagline: “The trust layer for AI agent skills”

Revised tagline: Prior tagline was “The trusted infrastructure for the agent skills economy.” The new tagline leads with what’s most validated (trust/security) rather than the full vision (economy/commerce).

Why “Findable” Works

Criterion	Assessment
Memorable	One word, plain English, easy to remember
Descriptive	States the value prop: make skills findable (and safe)
Domain	findable.sh — clean, developer-friendly TLD
Unique	No major brand conflicts in this space
Extensible	Works for discovery, trust, governance, and eventually commerce

Category Definition

The Problem With Existing Terms

Term	What It Means	Limitation for Findable
GEO (Generative Engine Optimization)	Get cited in AI answers	Passive — about mentions, not agent actions
AEO (Agentic Engine Optimization)	Optimize for agentic AI	Newest term (WEF, Microsoft), but we’re infrastructure, not optimization
Agent SEO	Optimize for agent discovery	Promising but 18-24 months from mainstream
Agent Skill Registry	Directory of skills	Commodity — Smithery, MCP.so already exist

Our Category: “Agent Skill Trust Infrastructure”

Rather than creating a buzzword category, we position as infrastructure:

npm is “package infrastructure”
Snyk is “security infrastructure”
Stripe is “payment infrastructure”
Findable is “trust infrastructure for agent skills”

This avoids competing with GEO/AEO tools (different market) and positions us correctly as developer infrastructure, not a marketing tool.

Positioning (Revised for Validated Reality)

The One-Liner (by audience)

For developers:

“Scan, search, and verify AI agent skills across every registry. Open-source security scanner + cross-platform discovery.”

For enterprises:

“Govern what AI agents can discover and use inside your organization. Security scanning, trust scores, private registries, and compliance — for agent skills.”

For investors:

“We’re building the security and discovery infrastructure for the agent skills ecosystem — 130K+ skills with 32-41% having critical vulnerabilities. Open-source wedge, enterprise revenue.”

What changed: Prior positioning led with “npm + Snyk + Stripe.” Revised positioning leads with security (most validated) and drops the commerce comparison (premature).

Positioning Against Competitors (Honest)

Competitor	Their Strength	Our Counter-Position	Honest Risk
Snyk	$408M ARR, acquired Invariant Labs, enterprise distribution	They scan and report. We scan, score, AND integrate with discovery. They don’t build registries or governance.	If Snyk adds registry + governance, our security positioning erodes
Composio	$2M ARR, 200+ enterprise customers, $29M funding	They’re a managed integration platform. We’re a trust + discovery layer. They’re vendor-specific; we’re neutral.	If they add public discovery, they’d combine enterprise + developer
Vercel skills.sh	110K installs in 4 days, Vercel distribution	No security, no trust scores, no enterprise features. SKILL.md focused; we’re cross-platform.	They could add security and make our discovery redundant
Smithery	7,300 servers, 322K monthly visits, hosting	MCP-only, no security, no enterprise. We’re cross-platform with trust.	Best pure-registry UX; hard to out-execute on their niche
ClawHub	Integrated with OpenClaw installation	Single-platform. Post-security-crisis (ClawHavoc). Creator left for OpenAI.	If they clean up security AND stay relevant, strong lock-in for OpenClaw users
Stacklok/ToolHive	Cryptographic verification (Sigstore)	We’re broader (discovery + trust + governance). They’re enterprise-only.	Their cryptographic approach may be more secure than our scoring approach

The Narrative Arc (Revised)

ACT 1: The Crisis (What’s Happening — PROVEN)

“AI agents are the new interface for knowledge workers. 97M+ monthly MCP SDK downloads. 130-150K agent skills across 9+ fragmented registries. But the ecosystem has a trust crisis: 32-41% of MCP servers have critical vulnerabilities. 7.1% of ClawHub skills leak credentials. 341 malicious skills were found on ClawHub in February 2026.”

“OWASP published the MCP Top 10. NIST published agent identity guidance. The security problem isn’t theoretical — it’s happening now.”

ACT 2: The Gap (Why Nobody Has Solved It)

“Registries exist — Smithery (7,300 servers), MCP.so (17,800), skills.sh (57,000 skills). But none of them scan for security. None provide trust scores. None offer enterprise governance.”

“Snyk acquired Invariant Labs and entered MCP security — but they scan code, they don’t build registries or discovery platforms. Composio has enterprise revenue — but they’re a managed platform, not cross-platform discovery.”

“No one combines security + discovery + governance in one platform.”

ACT 3: The Solution (What We’re Building — HONEST)

“Findable is the trust layer for AI agent skills. We start with an open-source security scanner — find vulnerabilities before they’re deployed. We layer on cross-platform discovery — search every registry with trust scores. We monetize through enterprise governance — private registries, policies, audit logs.”

“We earn the right to add commerce only when the market proves ready. Today, <$100K/month of skills are sold across the entire ecosystem. We’re not building payments for a market that doesn’t exist yet.”

The “Why Now” (Revised — Honest Timing)

“Three things make this the right time:

Security crisis is proven — 32-41% critical vulnerability rate, OWASP/NIST/CoSAI publishing frameworks, real malware incidents

Enterprise demand is emerging — Composio has $2M ARR in agent tool governance; CrowdStrike paid $740M for SGNL (agent identity)

Discovery is fragmented — 9+ registries with no unified search, no cross-platform coverage, no quality signals

We’re NOT saying commerce is ready (it’s not — <$100K/month). We’re saying security and discovery are ready NOW, and enterprise governance is ready within 6-12 months.”

Key Messaging Pillars (Validated)

Pillar	Message	Proof Point	Confidence
Trust	”32-41% of MCP servers have critical vulnerabilities. We scan every one.”	Enkrypt AI, earezki.com, Snyk research	HIGH
Discovery	”130-150K skills across 9+ registries. We unify them with trust scores.”	Registry counts verified	HIGH
Governance	”Enterprises need agent skill governance. We provide private registries, policies, and audit logs.”	Composio $2M ARR, NIST guidance	EMERGING
Agent-native	”Our MCP server lets agents discover and verify skills programmatically.”	Findable MCP Server (to be built)	PLANNED
Commerce	~~”Developers made 0 dollars. We fix that.”~~	DEFERRED — market not ready	NOT YET

What we stopped saying: “370K+ skills” (inflated — real unique count is ~130-150K). “npm + Snyk + Stripe” (npm analogy is weak, Snyk is a competitor, Stripe is premature). “$63M Year 5 revenue” (revised to $10-20M).

Brand Voice & Tone

Attribute	Our Voice	NOT Our Voice
Data-driven, not hyperbolic	”32% of MCP servers have critical vulns."	"THE AGENT ECOSYSTEM IS BROKEN!”
Honest about limitations	”Commerce is premature. We’re building trust first."	"We’re the npm + Snyk + Stripe of agents!”
Developer-first	”Install with `npx findable scan ./my-server/`"	"Schedule a demo with our enterprise team”
Security-authoritative	”Based on scanning 10K+ servers…"	"We think security might be important…”
Open about competition	”Snyk has $408M ARR. We differentiate by…"	"We have no real competitors.”

Content & Thought Leadership

Launch Content (Month 1-3)

“State of Agent Skills Security 2026” — flagship data-driven report
“How to Secure Your MCP Server” — developer tutorial, drives scanner adoption
“Registry Comparison: Which One Should You Use?” — positions us as the authority

Ongoing

Content Type	Frequency	Purpose
Security Digest	Monthly	Authority, email list
Ecosystem data updates	Quarterly	PR, citations
Developer tutorials	Weekly	SEO, acquisition
Enterprise guides	Monthly (Phase 3+)	Lead generation