io.github.DrBaher/sign-cli

MCPcommunity
v0.7.1io.github.DrBaherUnknownUpdated 26d agonpmGitHub

Agent-first e-signature MCP server with offline PAdES signing and hash-chained audit.

Fully-offline e-signature CLI. The built-in PAdES signer (PKCS#7 in , self-issued cert) produces real, cryptographically verifiable signed PDFs with no signup and no third-party provider — or routes through Dropbox Sign / DocuSign / SignWell when you need an external trust anchor. Per-signer approval tokens (TTL-bounded, scoped to one email), hash-chained audit events, RFC 3161 timestamping,…

Automatically indexed from public sources. Not yet verified by the developer on Forge.Claim this listing →
26d agoLast update
Package
Authorio.github.DrBaher
LicenseUnknown
Version0.7.1
Sourcemcp-registry
Trust Status
A
95/100Trusted
Listed in Forge index+10/10
Publisher identity verified+0/25
Publisher: run `forge publish` from the package repo to claim ownership
Ed25519 publish signature+0/10
Included automatically when the publisher runs `forge publish`
Domain verification+0/5
Publisher: host /.well-known/forge.json on the package homepage with { "publisher": "<github-login>" }
CVE scan · clean+30/30
Static analysis · clean+20/20
npm provenance (Sigstore)+5/5
Paste into Claude Code, Cursor, or any AI assistant to fix all gaps
StatusCommunity-indexed
PublisherUnverified
SignatureUnsigned
Domain
Provenance✓ Sigstore-verified · 53c8b6c
Dependencies51 resolved+ · none vulnerable
Tool surface30 tools · none privileged
Security scan✓ Cleanv0.7.1 · 20d ago
EvalsNone
IndexedJun 13, 2026

Verification confirms publisher identity (repo ownership), not code safety. The security scan covers known CVEs and suspicious install scripts — it cannot prove the absence of malicious code.

About

Fully-offline e-signature CLI. The built-in PAdES signer (PKCS#7 in , self-issued cert) produces real, cryptographically verifiable signed PDFs with no signup and no third-party provider — or routes through Dropbox Sign / DocuSign / SignWell when you need an external trust anchor. Per-signer approval tokens (TTL-bounded, scoped to one email), hash-chained audit events, RFC 3161 timestamping, named profiles, a 19-tool MCP server, and a 20-route HTTP API. The asymmetry is the architecture: an…

Keywords
mcp