ScopeBlind/verify-mcp

Overview

ScopeBlind/verify-mcp is an MCP server that performs offline verification of signed artifacts including receipts, manifests, and bundles. It is written in JavaScript and released under the Apache-2.0 license.

Best for

Best for
Developers needing offline signature verification in secure or disconnected environments

Use cases

• Verify the integrity of downloaded artifacts offline
• Check signatures on software bundles and manifests without network access
• Validate signed receipts in isolated build environments

Notes

ScopeBlind/verify-mcp is an MCP server that performs offline verification of signed artifacts including receipts, manifests, and bundles. It is written in JavaScript and released under the Apache-2.0 license.

4 stars on GitHub. Last updated 2026-04-11. Licensed Apache-2.0.

Use cases

• Verify the integrity of downloaded artifacts offline
• Check signatures on software bundles and manifests without network access
• Validate signed receipts in isolated build environments

Pros

• Enables verification in air-gapped or offline environments
• Follows the MCP protocol for integration with compatible tools
• Lightweight JavaScript implementation with minimal dependencies

Cons

• Only verifies existing signatures, does not create them
• Requires MCP-compatible clients or workflows to utilize
• Limited to the artifact types and signature formats it supports

Indexed from awesome-mcp-servers-punkpeye and enriched against its public facts.