Comprehensive competitive analysis validated against primary sources, Feb 25, 2026.
| Attribute | Detail |
|---|
| What | Enterprise application security platform, now entering MCP/agent security |
| Revenue | $408M ARR (Jun 2025), 5,000+ customers |
| Total raised | $1.7B |
| MCP move | Acquired Invariant Labs (creators of mcp-scan, the most-used MCP security scanner) |
| Products | Snyk agent-scan, Evo Agent Security Analyzer |
| Key finding | Published the “7.1% of ClawHub skills leak credentials” research |
| Strengths | Massive enterprise distribution, proven revenue, deep security expertise, developer brand |
| Weaknesses | MCP is a new focus area for them, not their core; may not prioritize registry/discovery |
| Threat level | CRITICAL |
Why this matters: Findable’s “Snyk for agent skills” positioning is aspirational when actual Snyk is entering this exact market. Snyk has the enterprise relationships, the scanning technology (via Invariant Labs), and the developer trust to own MCP security.
Counter-strategy: Snyk focuses on scanning (detecting problems). Findable can focus on the full lifecycle: discovery + trust scores + verified publishing + commerce + governance. Snyk has never built a marketplace.
| Attribute | Detail |
|---|
| What | Managed AI agent integration/skills platform |
| Funding | $29M total (Series A led by Lightspeed, Jul 2025) |
| Revenue | $2M ARR, 200+ paying customers |
| Users | 100,000+ developers |
| Integrations | 10,000+ tools |
| New product | Universal MCP Gateway — single endpoint to access any MCP server with auth, caching, observability |
| Strengths | Best-funded direct competitor, proven enterprise revenue, large tool catalog, now building gateway layer |
| Weaknesses | Integration platform, not discovery/marketplace; managed infra, not registry |
| Threat level | HIGH |
Why this matters: Composio is already where Findable wants to be — monetizing agent tool infrastructure with enterprise customers. The Universal MCP Gateway adds a centralized access layer that could become a de facto discovery mechanism — if all MCP servers are accessed through one gateway, that gateway becomes the registry.
| Attribute | Detail |
|---|
| What | Open agent skills directory + CLI (npx skills) |
| Launch | January 2026 |
| Traction | 60,000+ indexed skills, 110,000 installs in 4 days |
| Backing | Vercel (billions in funding, massive developer trust) |
| Features | CLI install, search, browse, framework integrations (Mastra) |
| Security partnership | Snyk partnership announced — security scanning coming to skills.sh |
| Strengths | Vercel’s distribution and developer brand, immediate traction, open source, now adding security via Snyk |
| Weaknesses | No security scanning, no trust scores, no commerce, no enterprise features |
| Threat level | HIGH → CRITICAL (upgraded due to Snyk partnership) |
Why this matters: Vercel can capture the discovery layer with distribution alone. 110K installs in 4 days is more traction than most startups achieve in months. The Snyk partnership is especially dangerous — it closes the security gap that was Findable’s primary differentiator against skills.sh. Vercel now has discovery + distribution + security (via Snyk). Findable’s remaining differentiators: cross-platform (MCP + SKILL.md), trust scores, commerce, enterprise governance.
| Attribute | Detail |
|---|
| What | microsoft/skills repo (131 skills), Copilot plugins marketplace, VS Code extensions |
| Key products | Azure MCP Server built into VS Code 2026; GitHub Copilot extensions marketplace |
| User demand | VS Code issue #286900 — users requesting “Agent Skills Marketplace in GitHub Copilot” |
| Distribution | VS Code (millions of users), GitHub (100M+ developers), Copilot subscribers |
| Threat level | HIGH (long-term) |
Why this matters: Microsoft has the distribution to dominate skill discovery if they choose. Currently platform-specific (Azure/GitHub ecosystem), but could go cross-platform.
| Attribute | Detail |
|---|
| What | MCP server registry + hosted infrastructure |
| Servers | 7,300+ |
| Monthly visits | 322K |
| Funding | Seed from South Park Commons (undisclosed) |
| Founded | 2025, SF, by Anirudh Kamath and Henry Mao |
| Features | Server hosting, OAuth modal generation, local + hosted install, search/discovery |
| Security incident | Path traversal vulnerability discovered — exposed hosted server configs. Validates security-first approach. |
| Strengths | Best developer UX among pure registries, hosting differentiator, growing catalog |
| Weaknesses | MCP-only (no SKILL.md), no monetization, no security scanning, no enterprise, proven security gaps |
| Threat level | MEDIUM-HIGH |
| Attribute | Detail |
|---|
| What | Enterprise MCP platform with Sigstore-based cryptographic verification |
| Approach | Container-based MCP servers with verified builds, GitHub Attestations |
| Strengths | Enterprise-grade trust (cryptographic verification > trust scores), real security |
| Weaknesses | Enterprise-only focus, not developer-facing discovery |
| Threat level | MEDIUM |
| Attribute | Detail |
|---|
| What | MCP server hosting + monetization platform |
| Traction | 130K+ monthly signups, 704 developers published 3,329 Actors (Nov 2025-Jan 2026) |
| Monetization | 80% developer payout, pay-per-event model; devs earn up to $2K/mo |
| Strengths | Most mature monetization model, handles hosting + billing + distribution |
| Weaknesses | Platform-specific (Apify ecosystem), not cross-platform discovery |
| Threat level | MEDIUM |
| Attribute | Detail |
|---|
| What | MCP marketplace inside Cline IDE |
| Distribution | 4M+ Cline developers |
| Features | One-click install, curated, plugin-style |
| Monetization | Distribution only, no monetization built in |
| Strengths | Captive audience, frictionless install |
| Weaknesses | IDE-specific, no cross-platform, no security, no commerce |
| Threat level | MEDIUM |
| Player | What | Servers/Skills | Threat |
|---|
| PulseMCP | Directory + stats + newsletter | 8,610+ | LOW-MEDIUM (informational, not transactional) |
| MCP.so | Community directory | 17,867 | LOW (no curation, no moat) |
| Glama.ai | Registry + ChatGPT-like interaction | 17,697 | MEDIUM (strong catalog, unclear biz model) |
| SkillHub | Skills with AI quality scoring | 7,000+ | LOW-MEDIUM |
| MCP Hive | Paid marketplace (launching Mar 2026) | Pre-launch | LOW |
| MCPize | Hosting + usage-based billing | 500+ | LOW-MEDIUM |
| forAgents.dev | Curated MCP registry | 48 initial | LOW |
| Enkrypt AI | MCP Scanner + Secure Gateway | N/A | MEDIUM (security layer) |
- 518 servers in the canonical registry
- Deliberately minimal — metadata feed, not a marketplace
.well-known/mcp/server.json auto-discovery standard- Donated MCP to Linux Foundation (AAIF) — signals neutrality
- This is bullish for Findable — Anthropic is explicitly NOT building the user-facing layer
- A2A focuses on agent-to-agent communication, NOT tool discovery
- Agent Cards (
.well-known/agent.json) for capability advertisement
- Registry support in spec but no centralized marketplace built
- Complementary to MCP, not competitive with skill discovery
- 215K+ GitHub stars — fastest repo to 100K stars in history (84 days)
- 5,705+ skills (expanded registry: 10,700+), 1.5M+ downloads
- ClawHavoc attack: 1,184 malicious skills found (12% of registry), including credential-stealing malware
- Creator Peter Steinberger joined OpenAI (Feb 14, 2026) — project moving to independent foundation
- MoltBook (agent social network): 2.66M registered agents, catastrophic security (1.5M API keys exposed)
- No monetization on ClawHub or MoltBook — $0 revenue with massive scale
- HIGH threat for OpenClaw ecosystem; LOW for cross-platform
- Key Findable opportunity: ClawHub’s security crisis validates the need for trust infrastructure. 1.5M+ skill downloads = addressable market for scanning/trust-scoring.
- Not a competitor — validates the need for trust infrastructure
- 2.66M agents, ~17K real human owners — massive bot fleets
- Catastrophic security: unsecured database, prompt injection vulnerabilities, API key exposure
- Lesson for Findable: Agent platforms without trust layers fail spectacularly. MoltBook is the cautionary tale.
| Capability | Findable (Vision) | Snyk | Composio | Vercel skills.sh | Smithery | Stacklok |
|---|
| Cross-platform discovery | Yes | No | Partial | Yes (SKILL.md) | MCP only | No |
| Security scanning | Yes | Yes (leader) | Partial | Yes (via Snyk partnership) | No | Yes (crypto) |
| Trust scores | Yes | No | No | No | No | Verified builds |
| Commerce/monetization | Yes (planned) | No | No | No | No | No |
| Enterprise governance | Yes (planned) | Yes (leader) | Yes | No | No | Yes |
| MCP Gateway/access layer | No | No | Yes (Universal MCP Gateway) | No | Yes (hosting) | No |
| Live product | No | Yes | Yes | Yes | Yes | Yes |
| Developer distribution | Low | Very high | High | Very high | Medium | Low |
What Findable uniquely offers (that no single competitor has):
- Cross-platform discovery (MCP + SKILL.md + future protocols) WITH trust scores AND commerce AND enterprise governance in one platform
What’s dangerous about this positioning:
- No single competitor has all four — but the components are being built by well-funded players
- Snyk + Vercel have partnered — combining security + discovery + distribution. This is the exact combination scenario we feared.
- Composio is covering enterprise + now has a Universal MCP Gateway (centralized access layer)
- Being the “integration of four things” vs. focused players with real revenue and partnerships is a risky bet
- Smithery had a path traversal security incident — validates security-first, but also shows the market is maturing fast
The window:
12-18 months before these focused players start combining capabilities- This is already happening. Snyk + Vercel partnership announced. Composio building gateway. The window may be 6-12 months, not 12-18.
- If Snyk + Vercel adds trust scores and enterprise governance, the combined Findable value prop erodes significantly
- Cross-platform (MCP + SKILL.md + future protocols) and enterprise governance are the remaining durable differentiators