SchemaPin ๐Ÿงท v1.3.0

A simple, open-source security standard for signing and verifying AI agent tool schemas and skill folders. Prevent malicious tampering and secure your MCP servers.

Documentation Star on GitHub

Advanced Demo:

Open In Colab

Key Features

๐Ÿ” ECDSA P-256 signatures
๐ŸŒ .well-known key discovery (RFC 8615)
๐Ÿ“Œ Trust-On-First-Use key pinning
๐Ÿšซ Key revocation with standalone documents
๐Ÿ”„ Cross-language interoperability (Rust, Python, JS, Go)
โš™๏ธ CLI tools for keygen, sign, verify
๐Ÿ“ฆ Trust bundles for offline & air-gapped verification
๐Ÿ”Œ Pluggable discovery resolvers
๐Ÿ“ Skill folder signing for AgentSkills (SKILL.md)

Get started with our 5-minute interactive guides:

๐Ÿฆ€

Rust

Secure your Axum or other Rust-based MCP servers.
๐Ÿ

Python

Secure your Flask or other Python-based MCP servers.
โšก๏ธ

JavaScript

Secure your Express.js or other Node.js-based MCP servers.
๐Ÿน

Go

Secure your native Go MCP servers.

Or verify a domain's discovery document:

๐Ÿ”

Verify a Domain

Check any domain's .well-known/schemapin.json endpoint and inspect its public key.