// GLOSSARY -- MCP & TOOL INFRASTRUCTURE

What is an MCP Server Registry?

1 min read Updated

A centralised index of available MCP servers with metadata about capabilities, versioning, and verification status, functioning as the discovery layer for the MCP ecosystem.

WHY IT MATTERS

As the MCP ecosystem grows, developers need to find servers that provide the tools they need. Registries like Smithery, the official MCP registry, and Glama aggregate thousands of servers with metadata about what they do, how to install them, and whether they've been verified.

Discovery is necessary but not sufficient. Knowing a server exists doesn't tell you whether its tools are safe to use, what risk category they fall into, or what policies should govern them. Classification is the layer on top of discovery.

HOW POLICYLAYER USES THIS

PolicyLayer crawls major MCP registries (Smithery, npm, Glama, official MCP registry) and classifies every tool by risk category, building the security layer on top of the discovery layer.

FREQUENTLY ASKED QUESTIONS

Which registries exist?
The official MCP registry (registry.modelcontextprotocol.io), Smithery (registry.smithery.ai), Glama (glama.ai), and npm search for MCP packages.
Are registered servers verified?
Some registries have verification badges, but verification typically means 'this server runs' not 'this server is safe.' Risk classification is a separate concern.

FURTHER READING

Enforce policies on every tool call

Intercept is the open-source MCP proxy that enforces YAML policies on AI agent tool calls. No code changes needed.

npx -y @policylayer/intercept
github.com/policylayer/intercept →
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.