cli

@smithery/cli is a Node/NPX command-line tool that lets you authenticate to Smithery, search/add/list/remove MCP server connections, browse MCP tools, install/score “skills” from a Smithery registry, and mint OAuth/service tokens.

Evaluated Mar 30, 2026 (21d ago)

Homepage ↗ Repo ↗ DevTools cli mcp model-context-protocol typescript oauth developer-tools skills-registry

⚙ Agent Friendliness

/ 100

Can an agent use this?

🔒 Security

/ 100

Is it safe for agents?

⚡ Reliability

/ 100

Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality

Documentation

Error Messages

Auth Simplicity

Rate Limits

🔒 Security

TLS Enforcement

Auth Strength

Scope Granularity

Dep. Hygiene

Secret Handling

Uses OAuth login and service tokens with an optional JSON policy, which suggests some restriction capability. However, provided materials do not document token storage location, redaction/logging behavior, TLS/error handling for token operations, or explicit scope granularity/rate-limit details. Security scores reflect limited observability from the README alone.

⚡ Reliability

Uptime/SLA

Version Stability

Breaking Changes

Error Recovery

Best When

You want quick developer workflow access to MCP servers/tools and a registry of skills from a local machine or CI job with OAuth/service tokens.

Avoid When

You need stable machine-to-machine integration via documented web APIs, or you cannot tolerate unclear operational details (rate limits, error codes, retry/idempotency semantics) that are not described in the provided README.

Use Cases

• Manage MCP server connections from the command line
• Discover and call tools exposed by connected MCP servers
• Browse/install Smithery skills for agent use
• Upvote/downvote and review skills
• Create service tokens with optional JSON policy restrictions

Not For

• Building a production server-side integration (CLI-only ergonomics)
• Environments that require a documented REST/GraphQL API contract for automation
• High-security environments that require detailed guarantees about token storage/logging without code audit

Interface

REST API

GraphQL

gRPC

MCP Server

Yes

SDK

Webhooks

Authentication

Methods: smithery auth login (OAuth) smithery auth logout smithery auth whoami smithery auth token smithery auth token --policy '<json>'

OAuth: Yes Scopes: No

Auth is described at the CLI level (OAuth login + token minting with optional JSON policy). Provided content does not describe scope granularity explicitly.

Pricing

Free tier: No

Requires CC: No

Pricing details not present in the provided README/repo metadata.

Agent Metadata

Pagination

page parameter shown for skill search (e.g., --page 2); other commands unspecified

Idempotent

False

Retry Guidance

Not documented

Known Gotchas

⚠ CLI commands are convenient for humans but may be less robust than a documented machine API for agent automation
⚠ Tool calling requires correct argument serialization; the README only provides a simple JSON example
⚠ Idempotency/retry semantics for ‘add/remove/publish’ operations are not described

Alternatives

Direct MCP client implementations (where available) Using Smithery’s APIs (if you have/obtain an API spec) instead of the CLI Other MCP server registries/connectors and/or custom scripts

Full Evaluation Report

Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for cli.

AI-powered analysis · PDF + markdown · Delivered within 30 minutes

$99

Package Brief

Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.

Delivered within 10 minutes

Score Monitoring

Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.

Continuous monitoring

$3/mo

API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-30.