Skip to content

Competitive Landscape (Validated)

Comprehensive competitive analysis validated against primary sources, Feb 25, 2026.

AttributeDetail
WhatEnterprise application security platform, now entering MCP/agent security
Revenue$408M ARR (Jun 2025), 5,000+ customers
Total raised$1.7B
MCP moveAcquired Invariant Labs (creators of mcp-scan, the most-used MCP security scanner)
ProductsSnyk agent-scan, Evo Agent Security Analyzer
Key findingPublished the “7.1% of ClawHub skills leak credentials” research
StrengthsMassive enterprise distribution, proven revenue, deep security expertise, developer brand
WeaknessesMCP is a new focus area for them, not their core; may not prioritize registry/discovery
Threat levelCRITICAL

Why this matters: Findable’s “Snyk for agent skills” positioning is aspirational when actual Snyk is entering this exact market. Snyk has the enterprise relationships, the scanning technology (via Invariant Labs), and the developer trust to own MCP security.

Counter-strategy: Snyk focuses on scanning (detecting problems). Findable can focus on the full lifecycle: discovery + trust scores + verified publishing + commerce + governance. Snyk has never built a marketplace.

AttributeDetail
WhatManaged AI agent integration/skills platform
Funding$29M total (Series A led by Lightspeed, Jul 2025)
Revenue$2M ARR, 200+ paying customers
Users100,000+ developers
Integrations10,000+ tools
New productUniversal MCP Gateway — single endpoint to access any MCP server with auth, caching, observability
StrengthsBest-funded direct competitor, proven enterprise revenue, large tool catalog, now building gateway layer
WeaknessesIntegration platform, not discovery/marketplace; managed infra, not registry
Threat levelHIGH

Why this matters: Composio is already where Findable wants to be — monetizing agent tool infrastructure with enterprise customers. The Universal MCP Gateway adds a centralized access layer that could become a de facto discovery mechanism — if all MCP servers are accessed through one gateway, that gateway becomes the registry.

AttributeDetail
WhatOpen agent skills directory + CLI (npx skills)
LaunchJanuary 2026
Traction60,000+ indexed skills, 110,000 installs in 4 days
BackingVercel (billions in funding, massive developer trust)
FeaturesCLI install, search, browse, framework integrations (Mastra)
Security partnershipSnyk partnership announced — security scanning coming to skills.sh
StrengthsVercel’s distribution and developer brand, immediate traction, open source, now adding security via Snyk
WeaknessesNo security scanning, no trust scores, no commerce, no enterprise features
Threat levelHIGH → CRITICAL (upgraded due to Snyk partnership)

Why this matters: Vercel can capture the discovery layer with distribution alone. 110K installs in 4 days is more traction than most startups achieve in months. The Snyk partnership is especially dangerous — it closes the security gap that was Findable’s primary differentiator against skills.sh. Vercel now has discovery + distribution + security (via Snyk). Findable’s remaining differentiators: cross-platform (MCP + SKILL.md), trust scores, commerce, enterprise governance.

AttributeDetail
Whatmicrosoft/skills repo (131 skills), Copilot plugins marketplace, VS Code extensions
Key productsAzure MCP Server built into VS Code 2026; GitHub Copilot extensions marketplace
User demandVS Code issue #286900 — users requesting “Agent Skills Marketplace in GitHub Copilot”
DistributionVS Code (millions of users), GitHub (100M+ developers), Copilot subscribers
Threat levelHIGH (long-term)

Why this matters: Microsoft has the distribution to dominate skill discovery if they choose. Currently platform-specific (Azure/GitHub ecosystem), but could go cross-platform.

AttributeDetail
WhatMCP server registry + hosted infrastructure
Servers7,300+
Monthly visits322K
FundingSeed from South Park Commons (undisclosed)
Founded2025, SF, by Anirudh Kamath and Henry Mao
FeaturesServer hosting, OAuth modal generation, local + hosted install, search/discovery
Security incidentPath traversal vulnerability discovered — exposed hosted server configs. Validates security-first approach.
StrengthsBest developer UX among pure registries, hosting differentiator, growing catalog
WeaknessesMCP-only (no SKILL.md), no monetization, no security scanning, no enterprise, proven security gaps
Threat levelMEDIUM-HIGH
AttributeDetail
WhatEnterprise MCP platform with Sigstore-based cryptographic verification
ApproachContainer-based MCP servers with verified builds, GitHub Attestations
StrengthsEnterprise-grade trust (cryptographic verification > trust scores), real security
WeaknessesEnterprise-only focus, not developer-facing discovery
Threat levelMEDIUM
AttributeDetail
WhatMCP server hosting + monetization platform
Traction130K+ monthly signups, 704 developers published 3,329 Actors (Nov 2025-Jan 2026)
Monetization80% developer payout, pay-per-event model; devs earn up to $2K/mo
StrengthsMost mature monetization model, handles hosting + billing + distribution
WeaknessesPlatform-specific (Apify ecosystem), not cross-platform discovery
Threat levelMEDIUM
AttributeDetail
WhatMCP marketplace inside Cline IDE
Distribution4M+ Cline developers
FeaturesOne-click install, curated, plugin-style
MonetizationDistribution only, no monetization built in
StrengthsCaptive audience, frictionless install
WeaknessesIDE-specific, no cross-platform, no security, no commerce
Threat levelMEDIUM
PlayerWhatServers/SkillsThreat
PulseMCPDirectory + stats + newsletter8,610+LOW-MEDIUM (informational, not transactional)
MCP.soCommunity directory17,867LOW (no curation, no moat)
Glama.aiRegistry + ChatGPT-like interaction17,697MEDIUM (strong catalog, unclear biz model)
SkillHubSkills with AI quality scoring7,000+LOW-MEDIUM
MCP HivePaid marketplace (launching Mar 2026)Pre-launchLOW
MCPizeHosting + usage-based billing500+LOW-MEDIUM
forAgents.devCurated MCP registry48 initialLOW
Enkrypt AIMCP Scanner + Secure GatewayN/AMEDIUM (security layer)
  • 518 servers in the canonical registry
  • Deliberately minimal — metadata feed, not a marketplace
  • .well-known/mcp/server.json auto-discovery standard
  • Donated MCP to Linux Foundation (AAIF) — signals neutrality
  • This is bullish for Findable — Anthropic is explicitly NOT building the user-facing layer
  • A2A focuses on agent-to-agent communication, NOT tool discovery
  • Agent Cards (.well-known/agent.json) for capability advertisement
  • Registry support in spec but no centralized marketplace built
  • Complementary to MCP, not competitive with skill discovery
  • 215K+ GitHub stars — fastest repo to 100K stars in history (84 days)
  • 5,705+ skills (expanded registry: 10,700+), 1.5M+ downloads
  • ClawHavoc attack: 1,184 malicious skills found (12% of registry), including credential-stealing malware
  • Creator Peter Steinberger joined OpenAI (Feb 14, 2026) — project moving to independent foundation
  • MoltBook (agent social network): 2.66M registered agents, catastrophic security (1.5M API keys exposed)
  • No monetization on ClawHub or MoltBook — $0 revenue with massive scale
  • HIGH threat for OpenClaw ecosystem; LOW for cross-platform
  • Key Findable opportunity: ClawHub’s security crisis validates the need for trust infrastructure. 1.5M+ skill downloads = addressable market for scanning/trust-scoring.
  • Not a competitor — validates the need for trust infrastructure
  • 2.66M agents, ~17K real human owners — massive bot fleets
  • Catastrophic security: unsecured database, prompt injection vulnerabilities, API key exposure
  • Lesson for Findable: Agent platforms without trust layers fail spectacularly. MoltBook is the cautionary tale.
CapabilityFindable (Vision)SnykComposioVercel skills.shSmitheryStacklok
Cross-platform discoveryYesNoPartialYes (SKILL.md)MCP onlyNo
Security scanningYesYes (leader)PartialYes (via Snyk partnership)NoYes (crypto)
Trust scoresYesNoNoNoNoVerified builds
Commerce/monetizationYes (planned)NoNoNoNoNo
Enterprise governanceYes (planned)Yes (leader)YesNoNoYes
MCP Gateway/access layerNoNoYes (Universal MCP Gateway)NoYes (hosting)No
Live productNoYesYesYesYesYes
Developer distributionLowVery highHighVery highMediumLow

What Findable uniquely offers (that no single competitor has):

  • Cross-platform discovery (MCP + SKILL.md + future protocols) WITH trust scores AND commerce AND enterprise governance in one platform

What’s dangerous about this positioning:

  • No single competitor has all four — but the components are being built by well-funded players
  • Snyk + Vercel have partnered — combining security + discovery + distribution. This is the exact combination scenario we feared.
  • Composio is covering enterprise + now has a Universal MCP Gateway (centralized access layer)
  • Being the “integration of four things” vs. focused players with real revenue and partnerships is a risky bet
  • Smithery had a path traversal security incident — validates security-first, but also shows the market is maturing fast

The window:

  • 12-18 months before these focused players start combining capabilities
  • This is already happening. Snyk + Vercel partnership announced. Composio building gateway. The window may be 6-12 months, not 12-18.
  • If Snyk + Vercel adds trust scores and enterprise governance, the combined Findable value prop erodes significantly
  • Cross-platform (MCP + SKILL.md + future protocols) and enterprise governance are the remaining durable differentiators