SchemaPin
mcp
Warn
Health Pass
- License — License: MIT
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Community trust — 15 GitHub stars
Code Warn
- crypto private key — Private key handling in .github/workflows/release-combined.yml
- crypto private key — Private key handling in .github/workflows/release-npm.yml
Permissions Pass
- Permissions — No dangerous permissions requested
Purpose
This tool provides a cryptographic protocol for signing and verifying AI agent tool schemas. It helps prevent supply-chain attacks and "MCP Rug Pull" incidents by ensuring schemas have not been tampered with.
Security Assessment
The tool is designed with strong cryptographic principles (ECDSA P-256). The rule-based scan found no dangerous permissions, hardcoded secrets, or unwanted shell executions in the main codebase. However, there are warnings regarding private key handling inside its GitHub Actions CI/CD workflows (`release-combined.yml` and `release-npm.yml`). This is standard for automated package publishing and signing, but you should verify that these CI secrets are handled securely via standard repository secrets rather than hardcoded. The verification workflows may make outbound network requests to fetch public keys via `.well-known` discovery. Overall risk is rated as Low.
Quality Assessment
The project is actively maintained, with its last push occurring today. It uses the permissive MIT license and has dedicated documentation. While it currently has a modest community footprint (15 GitHub stars), it offers a notably high-quality, cross-language architecture with support for Python, JavaScript, Go, and Rust.
Verdict
Safe to use.
This tool provides a cryptographic protocol for signing and verifying AI agent tool schemas. It helps prevent supply-chain attacks and "MCP Rug Pull" incidents by ensuring schemas have not been tampered with.
Security Assessment
The tool is designed with strong cryptographic principles (ECDSA P-256). The rule-based scan found no dangerous permissions, hardcoded secrets, or unwanted shell executions in the main codebase. However, there are warnings regarding private key handling inside its GitHub Actions CI/CD workflows (`release-combined.yml` and `release-npm.yml`). This is standard for automated package publishing and signing, but you should verify that these CI secrets are handled securely via standard repository secrets rather than hardcoded. The verification workflows may make outbound network requests to fetch public keys via `.well-known` discovery. Overall risk is rated as Low.
Quality Assessment
The project is actively maintained, with its last push occurring today. It uses the permissive MIT license and has dedicated documentation. While it currently has a modest community footprint (15 GitHub stars), it offers a notably high-quality, cross-language architecture with support for Python, JavaScript, Go, and Rust.
Verdict
Safe to use.
The SchemaPin protocol for cryptographically signing and verifying AI agent tool schemas to prevent supply-chain attacks.
README.md
SchemaPin
Cryptographic tool schema verification for AI agents and MCP servers. Prevent "MCP Rug Pull" attacks with ECDSA signatures, DNS-anchored trust, and TOFU key pinning.
What It Does
SchemaPin lets tool developers sign their schemas and skill folders with ECDSA P-256 keys, and lets AI agents verify that schemas haven't been tampered with. Public keys are discoverable via .well-known/schemapin.json (RFC 8615), and Trust-On-First-Use pinning protects against future key substitution.
- ECDSA P-256 + SHA-256 cryptographic signatures
.well-knowndiscovery for public keys (RFC 8615)- TOFU key pinning to prevent key substitution attacks
- Key revocation with standalone revocation documents
- Trust bundles for offline and air-gapped verification
- Pluggable resolvers —
.well-known, local file, trust bundle, or chain - Skill folder signing for AgentSkills (SKILL.md + file manifests)
- Cross-language — Python, JavaScript, Go, and Rust implementations
Quick Start
from schemapin.crypto import KeyManager
from schemapin.utils import SchemaSigningWorkflow, SchemaVerificationWorkflow
# Sign a schema
private_key, public_key = KeyManager.generate_keypair()
signer = SchemaSigningWorkflow(KeyManager.export_private_key_pem(private_key))
signature = signer.sign_schema({"name": "my_tool", "parameters": {...}})
# Verify a schema
verifier = SchemaVerificationWorkflow()
result = verifier.verify_schema(schema, signature, "example.com/my_tool", "example.com")
Installation
Python
pip install schemapin
JavaScript
npm install schemapin
Go
go install github.com/ThirdKeyAi/schemapin/go/cmd/...@latest
Rust
[dependencies]
schemapin = "1.3.0"
Documentation
| Topic | Link |
|---|---|
| Getting Started | docs.schemapin.org/getting-started |
| API Reference | docs.schemapin.org/api-reference |
| Skill Signing | docs.schemapin.org/skill-signing |
| Trust Bundles | docs.schemapin.org/trust-bundles |
| Deployment | docs.schemapin.org/deployment |
| Troubleshooting | docs.schemapin.org/troubleshooting |
| Technical Specification | TECHNICAL_SPECIFICATION.md |
Project Structure
python/ # Python SDK (PyPI: schemapin)
javascript/ # JavaScript SDK (npm: schemapin)
go/ # Go SDK
rust/ # Rust SDK (crates.io: schemapin)
server/ # Production .well-known endpoint server
License
MIT — Jascha Wanger / ThirdKey.ai
Reviews (0)
Sign in to leave a review.
Leave a reviewNo results found