Read-only MCP server over bounded.tools's signed static API. A thin implementation of @bounded-systems/static-mcp: the site's verbs + resource catalog + config, served as a Sigstore-verified static-response MCP server over stdio.
Verification confirms publisher identity (repo ownership), not code safety. The security scan covers known CVEs and suspicious install scripts — it cannot prove the absence of malicious code.
Read-only MCP server over bounded.tools's signed static API. A thin implementation of @bounded-systems/static-mcp: the site's verbs + resource catalog + config, served as a Sigstore-verified static-response MCP server over stdio.