What is an MCP Server Registry?

1 min read Updated

A centralised index of available MCP servers with metadata about capabilities, versioning, and verification status, functioning as the discovery layer for the MCP ecosystem.

WHY IT MATTERS

As the MCP ecosystem grows, developers need to find servers that provide the tools they need. Registries like Smithery, the official MCP registry, and Glama aggregate thousands of servers with metadata about what they do, how to install them, and whether they've been verified.

Discovery is necessary but not sufficient. Knowing a server exists doesn't tell you whether its tools are safe to use, what risk category they fall into, or what policies should govern them. Classification is the layer on top of discovery.

See mcp server registry working in your own stack — route your MCP servers through PolicyLayer and every tool call is checked against policy before it runs.

GOVERN YOUR MCP SERVERS →

Enforced before the call runs. Nothing to install.

HOW POLICYLAYER USES THIS

PolicyLayer crawls major MCP registries (Smithery, npm, Glama, official MCP registry) and classifies every tool by risk category, building the security layer on top of the discovery layer.

IN THE CATALOGUE

PolicyLayer continuously scans the MCP ecosystem and classifies every tool it finds by risk category.

46,500+ MCP servers known to the catalogue
515,000+ tools scanned and risk-classified
32,500+ servers with published scan reports

FREQUENTLY ASKED QUESTIONS

Which registries exist?
The official MCP registry (registry.modelcontextprotocol.io), Smithery (registry.smithery.ai), Glama (glama.ai), and npm search for MCP packages.
Are registered servers verified?
Some registries have verification badges, but verification typically means 'this server runs' not 'this server is safe.' Risk classification is a separate concern.

FURTHER READING

// THE REGISTRY

Every MCP server your agents touch has a registry record.

Type a name, get the breakdown: verified identity, auth posture, risk grade, every tool classified, recommended policy. Re-checked continuously.

Teams ship this data inside their own products. See what a licence covers →

Take your agents live. Without losing control.

Route your MCP traffic through PolicyLayer. Every tool call is checked against your policy before it runs: allow, deny, or require approval. Per-identity grants. Full audit log. Live in minutes.

Instant setup, no code required.

46,500+ MCP servers and 515,000+ tools scanned and risk-classified.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.