Schemapin
Skill by jaschadub
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/jaschadub/schemapinSchemaPin Development Skills Guide
Purpose: This guide helps AI assistants quickly integrate SchemaPin into applications for cryptographic tool schema verification.
For Full Documentation: See the README, Technical Specification, and language-specific READMEs in each subdirectory.
What SchemaPin Does
SchemaPin prevents "MCP Rug Pull" attacks by enabling developers to cryptographically sign their tool schemas (ECDSA P-256 + SHA-256) and clients to verify schemas haven't been tampered with. It uses Trust-On-First-Use (TOFU) key pinning and RFC 8615 .well-known endpoints for public key discovery.
Part of the ThirdKey trust stack: SchemaPin (tool integrity) → AgentPin (agent identity) → Symbiont (runtime)
Quick Start by Language
Python
pip install schemapin
from schemapin.crypto import KeyManager, SignatureManager
from schemapin.core import SchemaPinCore
# Generate keys
private_key, public_key = KeyManager.generate_keypair()
# Sign a schema
core = SchemaPinCore()
canonical = core.canonicalize_schema(schema_dict)
signature = SignatureManager.sign_schema(private_key, canonical)
# Verify
is_valid = SignatureManager.verify_signature(public_key, canonical, signature)
JavaScript
npm install schemapin
import { KeyManager, SignatureManager, SchemaPinCore } from 'schemapin';
// Generate keys
const { privateKey, publicKey } = KeyManager.generateKeypair();
// Sign a schema
const core = new SchemaPinCore();
const canonical = core.canonicalizeSchema(schema);
const signature = await SignatureManager.signSchema(privateKey, canonical);
// Verify
const isValid = await SignatureManager.verifySignature(publicKey, canonical, signature);
Go
go get github.com/ThirdKeyAi/schemapin/[email protected]
import (
"github.com/ThirdKeyAi/schemapin/go/pkg/core"
"github.com/ThirdKeyAi/schemapin/go/pkg/crypto"
)
// Generate keys
km := crypto.NewKeyManager()
privKey, pubKey, _ := km.GenerateKeypair()
// Sign a schema
spc := core.NewSchemaPinCore()
canonical, _ := spc.CanonicalizeSchema(schema)
sig, _ := crypto.NewSignatureManager().SignSchema(privKey, canonical)
// Verify
valid, _ := crypto.NewSignatureManager().VerifySignature(pubKey, canonical, sig)
Rust
[dependencies]
schemapin = "1.3"
use schemapin::crypto::{generate_key_pair, sign_data, verify_signature};
use schemapin::core::SchemaPinCore;
// Generate keys
let key_pair = generate_key_pair()?;
// Sign
let core = SchemaPinCore::new();
let canonical = core.canonicalize_schema(&schema)?;
let signature = sign_data(&key_pair.private_key_pem, &canonical)?;
// Verify
let is_valid = verify_signature(&key_pair.public_key_pem, &canonical, &signature)?;
Core Concepts
1. Schema Canonicalization
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-jaschadub-schemapin": {
"enabled": true,
"auto_update": true
}
}
}Related Skills
symbiont
AI-native agent runtime with typestate-enforced ORGA reasoning loop, Cedar policy authorization, knowledge bridge, zero-trust security, multi-tier sandboxing, webhook verification, markdown memory, skill scanning, metrics, scheduling, and a declarative DSL
Agentpin
Skill by jaschadub