io.studiomeyer/server-attestation

MCPcommunity
v0.1.1io.studiomeyerUnknownUpdated 2mo agonpmGitHub

Ed25519-signed MCP tool manifests + spawn attestation. Layer-2 supply-chain hardening.

Part of the StudioMeyer MCP Stack — Built in Mallorca 🌴 · ⭐ if you use it Layer-2 supply-chain hardening for Model Context Protocol servers. Ed25519-signed tool manifests, runtime spawn-attestation, default-deny argument sanitizer. OX Security marketplace-poisoning, April 2026 — 9 of 11 MCP registries accepted malicious servers. Anthropic's published position: "expected behavior". CVE-2025-69256…

Automatically indexed from public sources. Not yet verified by the developer on Forge.Claim this listing →
2mo agoLast update
Package
Authorio.studiomeyer
LicenseUnknown
Version0.1.1
Sourcemcp-registry
Trust Status
B
60/100Good
Listed in Forge index+10/10
Publisher identity verified+0/25
Publisher: run `forge publish` from the package repo to claim ownership
Ed25519 publish signature+0/10
Included automatically when the publisher runs `forge publish`
Domain verification+0/5
Publisher: host /.well-known/forge.json on the package homepage with { "publisher": "<github-login>" }
CVE scan · clean+30/30
Static analysis · clean+20/20
npm provenance (Sigstore)+0/5
Publish from GitHub Actions with the --provenance flag
Paste into Claude Code, Cursor, or any AI assistant to fix all gaps
StatusCommunity-indexed
PublisherUnverified
SignatureUnsigned
Domain
Provenance
Dependencies60 resolved+ · none vulnerable
Tool surface5 tools · 1 privileged
Security scan✓ Cleanv0.1.1 · 20d ago
EvalsNone
IndexedJun 13, 2026

Verification confirms publisher identity (repo ownership), not code safety. The security scan covers known CVEs and suspicious install scripts — it cannot prove the absence of malicious code.

About

Part of the StudioMeyer MCP Stack — Built in Mallorca 🌴 · ⭐ if you use it Layer-2 supply-chain hardening for Model Context Protocol servers. Ed25519-signed tool manifests, runtime spawn-attestation, default-deny argument sanitizer. OX Security marketplace-poisoning, April 2026 — 9 of 11 MCP registries accepted malicious servers. Anthropic's published position: "expected behavior". CVE-2025-69256 — Serverless Framework MCP RCE via command injection. CVE-2025-61591 — Cursor MCP RCE through…

Keywords
mcp