Part of the StudioMeyer MCP Stack — Built in Mallorca 🌴 · ⭐ if you use it

mcp-server-attestation

Layer-2 supply-chain hardening for Model Context Protocol servers. Ed25519-signed tool manifests, runtime spawn-attestation, default-deny argument sanitizer.

Direct response to:

• OX Security marketplace-poisoning, April 2026 — 9 of 11 MCP registries accepted malicious servers. Anthropic's published position: "expected behavior".
• CVE-2025-69256 — Serverless Framework MCP RCE via child_process.exec() command injection.
• CVE-2025-61591 — Cursor MCP RCE through OAuth-installed malicious server with spawn hijack.

This package provides what Anthropic chose not to: cryptographic verification of which tools a server is allowed to expose and which spawn calls it is allowed to make. It is a drop-in dependency, not a runtime replacement.

A note from us

We have been building tools and systems for ourselves for the past two years. The fact that this repo is small and has few stars is not because it is new. It is because we only just decided to share what we have built. It is not a fresh experiment, it is a long story with a recent commit.

We love building things and sharing them. We do not love social media tactics, growth hacks, or chasing stars and followers. So this repo is small. The code is real, it gets used, issues get answered. Judge for yourself.

If it helps you, sharing, testing, and feedback help us. If it could be better, an issue is more useful. If you build something with it, tell us at hello@studiomeyer.io. That genuinely makes our day.

From a small studio in Palma de Mallorca.

Packages (npm workspaces)

Package	Purpose
mcp-server-attestation (packages/lib)	Library: Ed25519 sign/verify, manifest schema, sanitizer, spawn attester, TOFU trust store.
mcp-attest-cli (packages/cli)	CLI mcp-attest: keygen, sign, verify, inspect, fingerprint, check-pin.
mcp-attest-demo (packages/demo-server)	Reference MCP server (stdio, spec 2025-06-18) exposing 5 tools that demonstrate the library.

Install

npm install mcp-server-attestation
# CLI:
npm install -g mcp-attest-cli
# Reference MCP server:
npx mcp-attest-demo

Node 20+. No external crypto dependencies — uses node:crypto Ed25519 primitives.

Five-line server quickstart

import { verifyManifestStrict, attestSpawnStrict, type SignedManifest } from "mcp-server-attestation";
import signed from "./signed/manifest.json" assert { type: "json" };

// 1. At startup: prove the manifest you ship is the manifest you signed.
verifyManifestStrict(signed);

// 2. Before every child_process.spawn:
attestSpawnStrict(signed as SignedManifest, { command, args });

That is the entire integration. Two function calls, no SaaS, no daemon.

Tools (reference server mcp-attest-demo)

#	Name	readOnlyHint	destructiveHint
1	attest_verify_manifest	true	false
2	attest_inspect_spawn	true	false

... View full README on GitHub