npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

mcp-secure

v1.0.4

Published

MCPS -- MCP Secure. Cryptographic identity, message signing, and trust verification for the Model Context Protocol.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

proofxhqproofxhq

Keywords

mcpmcpsmcp-securemodel-context-protocolagent-securityagent-identitypassportmessage-signingecdsatrustrevocationowaspagentsignsecure-mcphsmkmspkcs11hardware-security-module

Readme

MCPS -- MCP Secure

The HTTPS of the agent era. Cryptographic identity, message signing, and trust verification for the Model Context Protocol.

npm PyPI IETF Draft Tests License Zero Dependencies

Try it live in your browser -- no install needed

Generate keys, create passports, sign messages, verify signatures, and test tamper detection -- all client-side using Web Crypto API.

The Problem

MCP has no identity layer. Any agent can call any tool. No signatures. No revocation. No tamper detection.

Real CVEs exist (CVSS 9.6). OWASP created an entire Top 10 for MCP risks. 82% of MCP servers have path traversal vulnerabilities.

MCP is HTTP. MCPS is HTTPS.

How It Works

Agent                          MCP Server
  |                                |
  |-- 1. Generate ECDSA keys ----> |
  |-- 2. Create passport --------> |
  |                                |
  |== Signed JSON-RPC envelope ===>|
  |   {                            |
  |     mcps: {                    |
  |       version: "1.0",          |  3. Verify signature
  |       passport_id: "asp_...",  |  4. Check passport not revoked
  |       nonce: "abc123",         |  5. Reject if replayed
  |       timestamp: "2026-...",   |  6. Check trust level >= min
  |       signature: "base64..."   |
  |     },                         |
  |     jsonrpc: "2.0",            |
  |     method: "tools/call",      |
  |     params: { ... }            |
  |   }                            |
  |                                |
  |<====== Signed response ========|

Every message is wrapped in a signed envelope. Tamper any field -- the signature breaks. Replay a message -- the nonce is rejected. Revoke an agent -- instant cutoff.

Try It in 30 Seconds

npm install mcp-secure
const mcps = require('mcp-secure');

// 1. Generate keys (ECDSA P-256)
const keys = mcps.generateKeyPair();

// 2. Create a passport for your agent
const passport = mcps.createPassport({
  name: 'my-agent',
  version: '1.0.0',
  publicKey: keys.publicKey,
});

// 3. Sign an MCP message
const envelope = mcps.signMessage(
  { jsonrpc: '2.0', method: 'tools/call', params: { name: 'read_file' } },
  passport.passport_id,
  keys.privateKey
);

// 4. Verify on the receiving end
const result = mcps.verifyMessage(envelope, keys.publicKey);
console.log(result.valid); // true

// 5. Tamper detection -- change anything, signature breaks
envelope.params.name = 'delete_everything';
const tampered = mcps.verifyMessage(envelope, keys.publicKey);
console.log(tampered.valid); // false

Python:

pip install mcp-secure
from mcp_secure import generate_key_pair, create_passport, sign_message, verify_message

keys = generate_key_pair()
passport = create_passport(name="my-agent", version="1.0.0", public_key=keys["public_key"])
envelope = sign_message({"jsonrpc": "2.0", "method": "tools/call"}, passport["passport_id"], keys["private_key"])
result = verify_message(envelope, keys["public_key"])
assert result["valid"] is True

Interactive playground: agentsign.dev/playground -- try it in the browser, no install needed.

Wrap Any MCP Server (2 Lines)

const { secureMCP } = require('mcp-secure');

const server = secureMCP(myMCPServer, {
  passport: 'asp_abc123',
  privateKey: process.env.MCPS_PRIVATE_KEY,
  trustAuthority: 'https://agentsign.dev',
  minTrustLevel: 2,
});

Every incoming MCP call is now verified: passport checked, signature validated, replay blocked, audit logged.

What MCPS Adds

| Feature | What It Does | |---------|-------------| | Agent Passports | ECDSA P-256 signed identity credentials -- agents carry proof of who they are | | Message Signing | Every JSON-RPC message wrapped in a signed envelope with nonce + timestamp | | Tool Integrity | Signed tool definitions prevent poisoning and rug pulls | | Transcript Binding | Anti-downgrade binding -- cryptographically binds handshake parameters to prevent capability stripping | | Replay Protection | Nonce + 5-minute timestamp window blocks replay attacks | | Revocation | Real-time passport revocation via Trust Authority | | Trust Levels | L0 (unsigned) through L4 (audited) -- progressive security | | Version Negotiation | Client and server agree on protocol version at handshake | | Issuer Chains | Delegated trust -- Trust Authority signs a passport, that passport signs sub-agents |

Trust Levels

L0  Unsigned     Plain MCP, no MCPS
L1  Identified   Passport presented
L2  Verified     Passport verified + not revoked
L3  Scanned      Verified + passed OWASP security scan
L4  Audited      Scanned + manual audit by Trust Authority

Use minTrustLevel to set the floor. An L2 server rejects L0/L1 agents. An L4 server only accepts fully audited agents.

Tool Integrity (Prevents Tool Poisoning)

// Author signs their tool definition
const sig = mcps.signTool(myTool, authorPrivateKey);

// Client verifies before calling -- detects tampering
const safe = mcps.verifyTool(myTool, sig, authorPublicKey);
// If someone changed the tool description (tool poisoning), this returns false

Tool poisoning is MCP03 in the OWASP Top 10. This is the fix.

Transcript Binding (Anti-Downgrade)

// Both sides sign the agreed security parameters after handshake
const binding = mcps.createTranscriptBinding(clientInitParams, serverInitResult, keys.privateKey);

// Verify the other party's binding -- detects capability stripping attacks
const result = mcps.verifyTranscriptBinding(
  binding.transcript_hash, binding.transcript_signature,
  keys.publicKey, clientInitParams, serverInitResult
);
console.log(result.valid); // true

OWASP MCP Top 10 Coverage

MCPS mitigates 8 of 10 OWASP MCP risks:

| OWASP Risk | MCPS Mitigation | |-----------|-----------------| | MCP01: Token Mismanagement | Passport-based identity replaces long-lived tokens | | MCP03: Tool Poisoning | Tool integrity signatures | | MCP04: Supply Chain | Signed tool definitions + scan results in passport | | MCP06: Intent Flow Subversion | Signed messages prevent manipulation | | MCP07: Insufficient Auth | Passport verification on every connection | | MCP08: Lack of Audit | Signed audit trail with every call | | MCP09: Shadow Servers | Only passported agents accepted | | MCP10: Context Injection | Envelope isolation prevents cross-session leakage |

Error Codes

| Code | Meaning | |------|---------| | MCPS-001 | Invalid passport format | | MCPS-002 | Passport expired | | MCPS-003 | Passport revoked | | MCPS-004 | Invalid message signature | | MCPS-005 | Replay attack detected | | MCPS-006 | Timestamp out of window | | MCPS-007 | Trust authority unreachable | | MCPS-008 | Tool signature mismatch | | MCPS-009 | Insufficient trust level | | MCPS-010 | Rate limit exceeded | | MCPS-011 | Origin mismatch | | MCPS-012 | Transcript binding verification failed | | MCPS-013 | Passport exceeds maximum size | | MCPS-014 | Issuer chain exceeds maximum depth | | MCPS-015 | No mutually supported MCPS version |

Technical Details

  • Signing: ECDSA P-256 (NIST FIPS 186-5)
  • Signature format: IEEE P1363 fixed-length r||s (RFC 7518 Section 3.4)
  • Low-S normalization: BIP-0062 signature malleability prevention
  • Canonicalization: RFC 8785 JSON Canonicalization Scheme
  • Nonce: 16 bytes cryptographic random (128-bit)
  • Timestamp window: 5 minutes (configurable)
  • Passport format: asp_ prefix + 32 hex chars
  • Node.js: Zero dependencies (pure crypto built-in)
  • Python: Single dependency (cryptography)
  • 75 tests: Covering all cryptographic operations, edge cases, and attack vectors

Specification

On-Premise

Run your own Trust Authority. Nothing phones home.

docker run -p 8080:8080 agentsign/server

License

MIT. Patent pending (GB2604808.2).

Built by CyberSecAI Ltd.