Smithery vs AgentNode: MCP Server Registry Comparison
Head-to-head comparison of Smithery and AgentNode as MCP server registries. We examine the Smithery API key leak incident, verification policies, framework support, and security models to determine which registry you should trust with your agent tools.
If you are choosing an MCP server registry in 2026, two names keep coming up: Smithery and AgentNode. Both let you discover and install MCP servers. Both have active communities. But their approaches to security, verification, and developer experience could not be more different.
After the Smithery API key leak incident exposed thousands of developer credentials, the question is no longer just about features — it is about trust. This comparison examines both platforms honestly so you can make an informed decision about where to host and discover your agent tools.
Overview: What Are Smithery and AgentNode?
Smithery
Smithery is an MCP server registry launched in mid-2025. It focuses specifically on the Model Context Protocol ecosystem, providing a directory where developers can publish and discover MCP servers. Smithery gained early traction due to its simple publishing workflow and its position as one of the first dedicated MCP registries.
AgentNode
AgentNode is a cross-framework agent tool registry that supports MCP servers, LangChain tools, CrewAI skills, and the native AgentNode Protocol (ANP). AgentNode launched with a verification-first architecture, requiring all published tools to pass a 4-step verification process before appearing in search results.
The Smithery API Key Leak: What Happened
In January 2026, security researchers discovered that Smithery had inadvertently exposed API keys for over 4,200 MCP servers through its public API. The leak occurred because Smithery stored server configuration — including environment variables containing API keys — in a way that was accessible through unauthenticated API endpoints.
The exposure included:
- API keys for third-party services (OpenAI, Anthropic, database credentials)
- Server configuration details revealing internal architectures
- Authentication tokens for connected services
For a deeper technical analysis of this vulnerability and others affecting MCP registries, read our examination of MCP security vulnerabilities including the Smithery leak.
Smithery responded by rotating exposed keys and updating their storage architecture. However, the incident raised fundamental questions about Smithery's security practices and whether an MCP-only registry can invest adequately in security infrastructure.
Feature Comparison Table
| Feature | Smithery | AgentNode |
|---|---|---|
| Protocol Support | MCP only | MCP, LangChain, CrewAI, ANP |
| Verification Process | Basic (automated scan) | 4-step (static analysis, sandbox execution, dependency audit, manual review) |
| Trust Scores | No | Yes (0-100 per version) |
| API Key Management | Server-side storage (post-incident fix) | Client-side only, never transmitted |
| Publishing API | CLI only | CLI, Web UI, API, CI/CD integration |
| Monetization | No | Yes (usage-based billing for publishers) |
| Search Capabilities | Text-based | Semantic search with category filters |
| Versioning | Latest only | Full version history with per-version verification |
| Private Registries | No | Yes (team and enterprise tiers) |
| Security Audit History | API key leak (Jan 2026) | No known incidents |
Security Comparison
Security is where the two platforms diverge most dramatically.
Smithery's Security Model
Smithery's original security model was minimal. Servers were published with basic automated scanning — primarily checking that the MCP protocol handshake worked correctly. There was no code review, no dependency audit, and no sandbox execution. Post-leak, Smithery added environment variable encryption and basic static analysis, but the verification depth still falls short of what production deployments require.
AgentNode's Security Model
AgentNode's verification pipeline runs every published tool through four stages:
- Static analysis — source code scanning for known vulnerability patterns, obfuscated code, and suspicious network calls
- Sandbox execution — running the tool in an isolated environment to observe actual behavior, network requests, and file system access
- Dependency audit — checking all transitive dependencies against vulnerability databases and known-malicious package lists
- Manual review — human review for tools that flag edge cases or request elevated permissions
This process generates a trust score (0-100) for each version. Scores are public, allowing consumers to set minimum trust thresholds in their configurations. For a broader view of how registries compare on security, see our roundup of best MCP server registries compared.
Framework Support
Smithery is purpose-built for MCP. If your entire stack is MCP-native, this focus is a strength — you get a streamlined experience without abstraction layers. However, if you use LangChain, CrewAI, AutoGen, or any other framework alongside MCP, you need a separate solution for each.
AgentNode supports multiple frameworks through a unified API. A single tool published in ANP format is automatically available as an MCP server, a LangChain tool, or a CrewAI skill. This means:
- One registry for your entire agent stack
- Tools work across frameworks without re-packaging
- Consistent verification regardless of how a tool is consumed
- Easier migration between frameworks — your tools come with you
Developer Experience
Publishing
Smithery's publishing workflow is CLI-based. You write your MCP server, run smithery publish, and it appears in the registry after a brief automated check. The simplicity is appealing for quick prototypes.
AgentNode offers multiple publishing channels (CLI, web UI, API, CI/CD) with a more structured submission process. The verification pipeline adds time — typically 5-15 minutes for automated stages — but the result is a published tool with a public trust score and verified badge.
Discovery
Smithery's search is text-based with category filtering. It works but lacks sophistication for large registries.
AgentNode provides semantic search, use-case categories, trust score filtering, and framework-specific views. You can also compare registries side by side to evaluate tools across dimensions.
Monetization
Smithery does not offer monetization. Tools published to Smithery are free to use, and publishers have no mechanism to charge for usage.
AgentNode includes usage-based monetization for publishers. If you build a high-quality agent tool, you can set a per-invocation price and earn revenue when other developers use it. This creates an economic incentive for quality: better tools with higher trust scores get more usage and more revenue.
When to Use Smithery
Smithery remains a reasonable choice if:
- Your stack is 100% MCP-native with no plans to use other frameworks
- You need a quick way to share MCP servers within a small, trusted team
- You are prototyping and do not need production-grade verification
- You are comfortable managing your own security review process
When to Use AgentNode
AgentNode is the better choice if:
- You use multiple agent frameworks (MCP + LangChain, MCP + CrewAI, etc.)
- Verification and trust scores matter for your production deployment
- You want to monetize your agent tools
- You need private registries for your team or organization
- Security is non-negotiable and you cannot afford a credential exposure incident
Learn more about why developers choose AgentNode for production agent tool management.
Migration from Smithery to AgentNode
If you have existing MCP servers on Smithery and want to migrate, AgentNode provides an import tool that converts MCP server definitions to ANP format automatically. The process takes about 10 minutes per server:
- Export your MCP server configuration from Smithery
- Run
agentnode import --from smithery --config server.json - Review the generated ANP package definition
- Submit for verification with
agentnode publish - Update your agent configurations to point to AgentNode
The Bottom Line
Smithery pioneered the MCP server registry category and deserves credit for that. But the API key leak exposed structural weaknesses in its security architecture, and its MCP-only focus limits its usefulness as the agent ecosystem becomes increasingly multi-framework.
AgentNode was built from the ground up with verification, cross-framework support, and security as foundational requirements — not afterthoughts. For production deployments where trust and reliability matter, AgentNode provides the stronger foundation.
Frequently Asked Questions
Is Smithery safe after the API key leak?
Smithery has implemented fixes including encrypted environment variable storage and rotated compromised keys. However, the incident revealed fundamental architectural decisions that prioritized convenience over security. Whether Smithery is "safe" depends on your threat model — for personal projects with low-risk API keys, it may be acceptable. For production deployments handling sensitive data, the incident history warrants caution.
What is better, Smithery or AgentNode?
AgentNode is the stronger choice for most developers because it offers cross-framework support, 4-step verification with trust scores, monetization, and no known security incidents. Smithery may be sufficient for MCP-only prototypes in trusted environments. The right choice depends on your framework requirements, security needs, and whether you plan to monetize your tools.
Does Smithery verify MCP servers?
Smithery performs basic automated scanning that checks MCP protocol compliance and runs a surface-level code scan. It does not perform sandbox execution, dependency auditing, or manual review. There are no trust scores, and verification depth is significantly less than AgentNode's 4-step process.