Attestable
Verify that any MCP server is running the intended and untampered code via hardware attestation.
What is Attestable?
Attestable is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to verify that any mcp server is running the intended and untampered code via hardware attestation.
Verify that any MCP server is running the intended and untampered code via hardware attestation.
This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.
Features
- Verify that any MCP server is running the intended and untam
Use Cases
Maintainer
Works with
Installation
Manual Installation
npx attestableConfiguration
Configuration Details
claude_desktop_config.json
Performance
Response Metrics
Resource Usage
How to Set Up and Use Attestable
Attestable is a security-focused MCP server that uses hardware-based remote attestation to verify that any MCP server is running exactly the intended, untampered code inside an Intel SGX Trusted Execution Environment (TEE). It leverages the RA-TLS protocol to embed SGX quotes directly into X.509 certificates, giving clients cryptographic proof of server integrity. Developers and security teams use it to ensure that sensitive AI tool servers cannot be silently modified or replaced without detection.
Prerequisites
- Intel SGX-capable hardware (with /dev/sgx_enclave and /dev/sgx_provision devices available)
- Ubuntu 22.04 operating system (required for Gramine compatibility)
- Docker installed and running on the host machine
- Gramine and Intel SGX SDK/PSW installed (for building the SGX-protected image)
- Python 3.13 and uv package manager (for dependency management)
Install system dependencies
Ensure you are running Ubuntu 22.04 with Intel SGX hardware. Install the Intel SGX SDK, PSW (Platform Software), and Gramine following their official documentation. These are required to build and sign the SGX enclave.
sudo apt-get install -y intel-sgx-sdk intel-sgx-psw gramineClone the repository and sync dependencies
Clone the attestable-mcp-server repository and use uv to install Python dependencies into an isolated virtual environment.
git clone https://github.com/kontext-security/attestable-mcp-server.git
cd attestable-mcp-server
uv syncBuild the base Docker image
Build the standard Docker container that packages the MCP server code. This image will later be wrapped with Gramine GSC to add SGX attestation support.
docker build -t attestable-mcp-server .Generate SGX signing key and build the GSC-protected image
Generate a private key for signing the SGX enclave, clone the Gramine GSC tooling, then use GSC to build and sign the attestable image so it runs inside an SGX enclave.
gramine-sgx-gen-private-key
git clone https://github.com/gramineproject/gsc docker/gsc
# Follow GSC docs to build and sign the gsc-attestable-mcp-server imageRun the server on SGX hardware
Start the attestable MCP server inside the SGX enclave. The server listens on port 8000 and exposes RA-TLS endpoints for clients to verify server integrity. For local development without real SGX hardware, omit the device flags.
docker run -itp 8000:8000 \
--device=/dev/sgx_provision:/dev/sgx/provision \
--device=/dev/sgx_enclave:/dev/sgx/enclave \
-v /var/run/aesmd/aesm.socket:/var/run/aesmd/aesm.socket \
--rm gsc-attestable-mcp-serverConfigure your MCP client to connect
Point your MCP client at the running server. Because this server uses RA-TLS over HTTP, configure the client with the server URL. The client can then verify the SGX attestation quote embedded in the TLS certificate before trusting the server.
{
"mcpServers": {
"attestable": {
"url": "http://localhost:8000"
}
}
}Attestable Examples
Client configuration
Connect Claude Desktop or another MCP client to the locally running attestable server after starting the Docker container.
{
"mcpServers": {
"attestable": {
"url": "http://localhost:8000"
}
}
}Prompts to try
After connecting, ask your AI assistant to verify server integrity via attestation.
- "Verify the attestation of the connected MCP server and show me the SGX quote details."
- "Check if the MCP server is running untampered code using hardware attestation."
- "What is the pubkey hash of the currently attested server session?"Troubleshooting Attestable
Docker container fails to start with 'device not found' errors for /dev/sgx_enclave or /dev/sgx_provision
Your hardware may not support SGX, or the SGX kernel modules are not loaded. Run 'ls /dev/sgx*' to check device availability and ensure the intel-sgx-psw service (aesmd) is running: 'sudo systemctl start aesmd'.
Gramine GSC build fails during image signing
Ensure you have generated the SGX private key with 'gramine-sgx-gen-private-key' before running GSC build commands. Also confirm your Gramine and GSC versions are compatible with each other and with your kernel's SGX support level.
Client cannot connect to the server on port 8000
Verify the Docker container is running with 'docker ps' and that port 8000 is not blocked by a firewall. For development without SGX, run the plain Docker image: 'docker run -p 8000:8000 --rm attestable-mcp-server'.
Frequently Asked Questions about Attestable
What is Attestable?
Attestable is a Model Context Protocol (MCP) server that verify that any mcp server is running the intended and untampered code via hardware attestation. It connects AI assistants to external tools and data sources through a standardized interface.
How do I install Attestable?
Follow the installation instructions on the Attestable GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.
Which AI clients work with Attestable?
Attestable works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.
Is Attestable free to use?
Yes, Attestable is open source and available under the MIT license. You can use it freely in both personal and commercial projects.
Attestable Alternatives — Similar Security Servers
Looking for alternatives to Attestable? Here are other popular security servers you can use with Claude, Cursor, and VS Code.
Casdoor
★ 13.6kAn open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD
ghidraMCP
★ 9.0kAn Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through
HexStrike AI
★ 8.9kHexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b
IDA Pro MCP
★ 8.7kEnables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.
Anthropic Cybersecurity Skills
★ 6.6k754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform
Hooker
★ 5.1k🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u
Browse More Security MCP Servers
Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.
Set Up Attestable in Your Editor
Choose your AI client for step-by-step setup instructions.
Quick Config Preview
Add this to your claude_desktop_config.json or .cursor/mcp.json
Ready to use Attestable?
Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.