Schemapin

v1.0.0Securitystable

The SchemaPin protocol for cryptographically signing and verifying AI agent tool schemas to prevent supply-chain attacks.

agentagentsaiai-agentsai-tools
Share:
16
Stars
0
Downloads
0
Weekly
0/5

What is Schemapin?

Schemapin is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to schemapin protocol for cryptographically signing and verifying ai agent tool schemas to prevent supply-chain attacks.

The SchemaPin protocol for cryptographically signing and verifying AI agent tool schemas to prevent supply-chain attacks.

This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.

Features

  • The SchemaPin protocol for cryptographically signing and ver

Use Cases

Cryptographically sign MCP tool schemas
Prevent supply-chain attacks on agents
ThirdKeyAI

Maintainer

LicenseMIT
Languagepython
Versionv1.0.0
UpdatedMay 11, 2026
Statushealthy
Maintenanceactive

Works with

ClaudeOpenAIwindowsmacoslinux

Installation

Manual Installation

npx schemapin

Configuration

Configuration Details

Config File

claude_desktop_config.json

Performance

Response Metrics

Response Time< 200ms
ThroughputMedium

Resource Usage

Memory UsageLow
CPU UsageLow

How to Set Up and Use Schemapin

SchemaPin is a cryptographic protocol for signing and verifying AI agent tool schemas, protecting against supply-chain attacks where a malicious actor could replace a legitimate MCP tool definition with a tampered one. It uses ECDSA P-256 + SHA-256 signatures, a Trust-On-First-Use (TOFU) key pinning model, and public key discovery via `.well-known/schemapin.json` endpoints. Available as a Python package, JavaScript/npm package, Go binary, and Rust crate, SchemaPin lets tool developers sign their schemas so that AI agents can verify schema authenticity before execution.

Prerequisites

  • Python 3.8+ (for the Python implementation) or Node.js 16+ (for JavaScript)
  • pip or npm for installing the SchemaPin library
  • A domain where you can host a .well-known/schemapin.json file (for key discovery)
  • Basic understanding of public-key cryptography concepts
  • An MCP client or agent framework that integrates SchemaPin verification
1

Install the SchemaPin library

Install SchemaPin using your preferred language's package manager. The Python package is the most fully featured for MCP tool signing workflows.

# Python
pip install schemapin

# JavaScript/Node.js
npm install schemapin
2

Generate a key pair for signing

Generate an ECDSA P-256 key pair. Keep the private key secret — you will use it to sign your tool schemas. The public key goes on your domain's .well-known endpoint.

from schemapin.crypto import KeyManager

private_key, public_key = KeyManager.generate_keypair()
private_pem = KeyManager.export_private_key_pem(private_key)
public_pem = KeyManager.export_public_key_pem(public_key)

print(public_pem)  # Host this at your .well-known endpoint
3

Publish your public key at a .well-known endpoint

Create a JSON file at https://yourdomain.com/.well-known/schemapin.json containing your public key. This allows agents to automatically discover and pin your key using TOFU.

{
  "public_key": "-----BEGIN PUBLIC KEY-----\n...\n-----END PUBLIC KEY-----"
}
4

Sign a tool schema

Use SchemaSigningWorkflow to sign your MCP tool schema. The resulting signature should be distributed alongside the schema (e.g., in the tool manifest or registry entry).

from schemapin.utils import SchemaSigningWorkflow

signer = SchemaSigningWorkflow(private_pem)
schema = {"name": "my_tool", "parameters": {"type": "object", "properties": {}}}
signature = signer.sign_schema(schema)
print(signature)
5

Verify a tool schema before execution

In your agent or MCP client, use SchemaVerificationWorkflow to verify the schema's signature against the developer's published public key before calling the tool.

from schemapin.utils import SchemaVerificationWorkflow

verifier = SchemaVerificationWorkflow()
result = verifier.verify_schema(schema, signature, "example.com/my_tool", "example.com")
if result.valid:
    print("Schema verified — safe to use")
else:
    print("Schema verification FAILED — possible tampering detected")

Schemapin Examples

Client configuration

SchemaPin is a library/protocol layer rather than a standalone MCP server. Integrate it into your MCP tool server to add schema signing verification.

{
  "mcpServers": {
    "schemapin-protected-tool": {
      "command": "python",
      "args": ["-m", "your_mcp_server"],
      "env": {
        "SCHEMAPIN_VERIFY": "true",
        "SCHEMAPIN_DOMAIN": "yourdomain.com"
      }
    }
  }
}

Prompts to try

Example prompts for working with SchemaPin in AI-assisted development workflows.

- "Generate a SchemaPin key pair and show me how to publish the public key to my domain's .well-known endpoint."
- "Sign this MCP tool schema using SchemaPin and output the signature for distribution."
- "Verify the signature on this tool schema against the developer's published SchemaPin key and tell me if it's valid."
- "Explain how Trust-On-First-Use key pinning works in SchemaPin and how to handle key rotation."

Troubleshooting Schemapin

Verification fails even though the schema was signed with the correct key

Schema canonicalization is order-sensitive — ensure the schema object passed to verify_schema is identical (same key order and values) to the one that was signed. Any whitespace or key reordering will produce a different hash and cause verification failure.

Public key discovery fails (key not found at .well-known endpoint)

Confirm that https://yourdomain.com/.well-known/schemapin.json is publicly accessible and returns a valid JSON object with the 'public_key' field. Check for HTTPS certificate issues and ensure the file is served with Content-Type: application/json.

TOFU pinning rejects a new key after key rotation

SchemaPin requires a signed key revocation document before a new key can replace a pinned one. Use KeyManager to generate a revocation document signed with the old private key, publish it, and then agents can accept the new key.

Frequently Asked Questions about Schemapin

What is Schemapin?

Schemapin is a Model Context Protocol (MCP) server that schemapin protocol for cryptographically signing and verifying ai agent tool schemas to prevent supply-chain attacks. It connects AI assistants to external tools and data sources through a standardized interface.

How do I install Schemapin?

Follow the installation instructions on the Schemapin GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.

Which AI clients work with Schemapin?

Schemapin works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.

Is Schemapin free to use?

Yes, Schemapin is open source and available under the MIT license. You can use it freely in both personal and commercial projects.

Schemapin Alternatives — Similar Security Servers

Looking for alternatives to Schemapin? Here are other popular security servers you can use with Claude, Cursor, and VS Code.

Casdoor

13.6k

An open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD

ghidraMCP

9.0k

An Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through

HexStrike AI

8.9k

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b

IDA Pro MCP

8.7k

Enables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.

Anthropic Cybersecurity Skills

6.6k

754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform

Hooker

5.1k

🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u

Browse More Security MCP Servers

Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.

Quick Config Preview

{ "mcpServers": { "schemapin": { "command": "npx", "args": ["-y", "schemapin"] } } }

Add this to your claude_desktop_config.json or .cursor/mcp.json

Read the full setup guide →

Ready to use Schemapin?

Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.

33,000+ ServersFree & Open SourceStep-by-Step Guides