Server Attestation
@studiomeyer-io
关于 Server Attestation
Layer-2 supply-chain hardening for MCP servers — Ed25519-signed tool manifests, runtime spawn-attestation, default-deny argument sanitizer. Defends against marketplace-poisoning + CVE-2025-69256 + CVE-2025-61591.
基本信息
配置
使用下面的配置,将此服务器添加到你的 MCP 客户端。
{
"mcpServers": {
"mcp-server-attestation": {
"command": "npx",
"args": [
"mcp-attest-demo"
]
}
}
}工具
未检测到工具
工具是从 README 中自动提取的。维护者可以在 ## Tools 标题下列出工具,即可填充这部分内容。
概览
What is Server Attestation?
Layer-2 supply-chain hardening for MCP servers — Ed25519-signed tool manifests, runtime spawn-attestation, default-deny argument sanitizer. Defends against marketplace-poisoning + CVE-2025-69256 + CVE-2025-61591.
How to use Server Attestation?
The README includes setup instructions such as npx mcp-attest-demo.
Key features of Server Attestation
- CVE-2025-69256 — Serverless Framework MCP RCE via child_process.exec() command injection
- CVE-2025-61591 — Cursor MCP RCE through OAuth-installed malicious server with spawn hijack
- Canonical JSON is the signed surface. Re-serialisation cannot change the signed bytes
- Sandbox or containerise the server process
- OAuth flow hardening (separate mcp-oauth-shield build)
Use cases of Server Attestation
- Connect an MCP-compatible client to this repository's service.
- Review the README-backed setup before enabling it in production.
FAQ from Server Attestation
Where is the source code for Server Attestation?
The source code is linked from the repository URL on this page.
Does Server Attestation include a standard MCP config?
If the README contains a parseable MCP configuration block, it is shown in the Config tab.
更多 MCP 服务器

EverArt
modelcontextprotocolModel Context Protocol Servers

GitLab
modelcontextprotocolModel Context Protocol Servers

Google Drive
modelcontextprotocolModel Context Protocol Servers
Umut Naci
firecrawlThe API to search, scrape, and interact with the web at scale. 🔥
Reactive Resume
amruthpillaiA one-of-a-kind resume builder that keeps your privacy in mind. Completely secure, customizable, portable, open-source and free forever. Try it out today!
评论