A community-driven registry for Claude, Cursor, Windsurf, Cline & more. Not affiliated with Anthropic.
Are you the author? Sign in to claim
The SchemaPin protocol for cryptographically signing and verifying AI agent tool schemas to prevent supply-chain attacks
Cryptographic tool schema verification for AI agents and MCP servers. Prevent "MCP Rug Pull" attacks with ECDSA signatures, DNS-anchored trust, and TOFU key pinning.
SchemaPin lets tool developers sign their schemas and skill folders with ECDSA P-256 keys, and lets AI agents verify that schemas haven't been tampered with. Public keys are discoverable via .well-known/schemapin.json (RFC 8615), and Trust-On-First-Use pinning protects against future key substitution.
.well-known discovery for public keys (RFC 8615).well-known, local file, trust bundle, or chainv1.4.0-alpha.2 (all four languages): three additive optional features — signature expiration (
expires_at) with degraded-not-failed verification, DNS TXT cross-verification at_schemapin.{domain}for second-channel trust, and schema version binding (schema_version+previous_hash) for opt-in lineage chain enforcement that defends against rug-pull substitutions. v1.3 verifiers ignore the new fields; v1.4 verifiers handle both. The remaining v1.4 items (canonicalization id, A2A context, A2A trust bundles, scan-aware sigs, cross-agent schema cache) ship in subsequent alphas before stable v1.4.0.
from schemapin.crypto import KeyManager
from schemapin.utils import SchemaSigningWorkflow, SchemaVerificationWorkflow
# Sign a schema
private_key, public_key = KeyManager.generate_keypair()
signer = SchemaSigningWorkflow(KeyManager.export_private_key_pem(private_key))
signature = signer.sign_schema({"name": "my_tool", "parameters": {...}})
# Verify a schema
verifier = SchemaVerificationWorkflow()
result = verifier.verify_schema(schema, signature, "example.com/my_tool", "example.com")
pip install schemapin
npm install schemapin
go install github.com/ThirdKeyAi/schemapin/go/cmd/...@latest
[dependencies]
schemapin = "1.3.0"
# v1.4.0-alpha.2 is also published — opt in for signature expiration,
# DNS TXT cross-verification, and schema version binding:
# schemapin = { version = "1.4.0-alpha.2", features = ["dns"] }
| Topic | Link |
|---|---|
| Getting Started | docs.schemapin.org/getting-started |
| API Reference | docs.schemapin.org/api-reference |
| Skill Signing | docs.schemapin.org/skill-signing |
| Trust Bundles | docs.schemapin.org/trust-bundles |
| Revocation | docs.schemapin.org/revocation |
| Signature Expiration (v1.4-alpha, all 4 langs) | docs.schemapin.org/signature-expiration |
| DNS TXT Cross-Verification (v1.4-alpha, all 4 langs) | docs.schemapin.org/dns-txt |
| Schema Version Binding (v1.4-alpha, all 4 langs) | docs.schemapin.org/schema-version-binding |
| Deployment | docs.schemapin.org/deployment |
| Troubleshooting | docs.schemapin.org/troubleshooting |
| Technical Specification | TECHNICAL_SPECIFICATION.md |
python/ # Python SDK (PyPI: schemapin)
javascript/ # JavaScript SDK (npm: schemapin)
go/ # Go SDK
rust/ # Rust SDK (crates.io: schemapin)
server/ # Production .well-known endpoint server
MIT — Jascha Wanger / ThirdKey.ai
@WenyuChiouA trilingual (繁中 / English / 简中) learning roadmap for agentic AI: from LLM basics to multi-agent systems, with 240+ cura
Run Claude Code as an MCP server so any agent can delegate coding tasks to it
@microsoft✓ OfficialBrowser automation using accessibility snapshots instead of screenshots
MCP server integration for DaVinci Resolve Studio