Is Elsas Verify free?

Yes, Elsas Verify is free to use.

How do I install Elsas Verify?

Elsas Verify is a remote plugin. You do not need to install anything locally. Add the server URL to your AI app's MCP configuration and you are ready to go.

What AI apps work with Elsas Verify?

Elsas Verify uses the Model Context Protocol (MCP) and works with any MCP-compatible AI app, including Claude, ChatGPT / Codex, Gemini, Copilot, Cursor, and more.

Back to Browse

Elsas Verify MCP Server

by Romans Repos

SecurityLow Risk10.0MCP RegistryRemote

Free

Server data from the Official MCP Registry

Daily Ed25519-signed security intelligence for AI-agent stacks; CVEs & advisories, paid via x402.

About

Daily Ed25519-signed security intelligence for AI-agent stacks; CVEs & advisories, paid via x402.

Remote endpoints: streamable-http: https://elsas.it/mcp

Security Report

10.0

Low Risk10.0Low Risk

Valid MCP server (1 strong, 1 medium validity signals). No known CVEs in dependencies. Imported from the Official MCP Registry.

Endpoint verified · Open access · No issues found

Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.

Permissions Required

This plugin requests these system permissions. Most are normal for its category.

HTTP Network Access

Connects to external APIs or services over the internet.

How to Connect

Remote Plugin

No local installation needed. Your AI client connects to the remote endpoint directly.

Add this to your MCP configuration to connect:

{
  "mcpServers": {
    "it-elsas-security-intel": {
      "url": "https://elsas.it/mcp"
    }
  }
}

Documentation

View on GitHub

From the project's GitHub README.

elsas-verify

Independently verify the daily security-intelligence reports published by elsas.it — offline, with no trust in our servers and no access to our keys.

elsas.it is a daily, signed security-intelligence service for AI-agent stack operators: CVEs, supply-chain incidents and advisories (GHSA · CISA-KEV · OSV · NVD · national-CERT feeds) assessed for impact on MCP servers, LLM proxies and agent orchestration — curated, cross-validated, and Ed25519-signed. Served as a paid MCP tool for $0.10 USDC via the x402 payment protocol.

This repository contains everything a third party needs to prove a report is authentic and untampered — our public key, the JSON schema, a real signed sample report, and a dependency-free verification script. Nothing here is secret; every file is also served live from elsas.it. The point is simple:

Don't trust us — verify.

Verify in 30 seconds

Requirements: openssh-client (ssh-keygen) and python3 — present on any Linux/macOS. No install, no network needed for the verification itself.

git clone https://github.com/romans-repos/elsas-verify.git
cd elsas-verify
./verify-report.sh examples/sample-report.json allowed_signers

Expected output:

VALID: authentic & untampered
  Signer:  elsas@elsas.it
  Hash:    sha256:…
Good "elsas-report" signature for elsas@elsas.it with ED25519 key SHA256:gLVNll72kb8Iyni2vNMR6oHGqVh0Ynz+lBMhbS+cSa4

Verify a live report

# Fetch the current public sample + its detached signature
curl -s https://elsas.it/sample                          > report.json
curl -s https://elsas.it/.well-known/report.json.sig     > report.json.sig
# Verify against the pinned key in this repo
./verify-report.sh report.json allowed_signers

You can also verify by hand with stock OpenSSH:

ssh-keygen -Y verify \
  -f allowed_signers \
  -I elsas@elsas.it \
  -n elsas-report \
  -s report.json.sig < report.json

Trust model

Signatures use SSHSIG (Ed25519) via ssh-keygen -Y sign. Verification is offline and zero-trust: you hold the payload, you verify locally.
The root of trust is allowed_signers — our public key, identity-pinned to elsas@elsas.it. A substituted signers file with a different key is rejected by the -I flag.
Confirm the pinned key independently against the live copy:
```
curl -s https://elsas.it/.well-known/allowed_signers
```
Key fingerprint: SHA256:gLVNll72kb8Iyni2vNMR6oHGqVh0Ynz+lBMhbS+cSa4
Each report also carries a _integrity.content_hash (sha256 over the canonical JSON) for tamper evidence — see SIGNATURE-VERIFY.md.

What's in here

File	Purpose
`verify-report.sh`	Dependency-free verifier (ssh-keygen + python3 stdlib)
`allowed_signers`	Our public signing key — the root of trust
`schemas/report-v4.json`	JSON schema of a report payload
`examples/sample-report.json` (+ `.sig`)	A real, signed report to verify against
`SIGNATURE-VERIFY.md`	The full verification recipe and trust details

What's not here

This repo is the verification surface only. The curation pipeline, scoring prompts, relevance taxonomy, infrastructure and any operational configuration are intentionally not published — they are neither needed to verify a report nor useful to a third party. Verifiability does not require disclosing how the sausage is made; it requires that the result is checkable. That's what this is.

License

Tooling in this repository is released under the MIT License. Report payloads themselves carry their own license terms inside the report (_integrity._license_coverage).

Service: https://elsas.it · Docs: https://elsas.it/docs · Sample: https://elsas.it/sample

Reviews

No reviews yet

Be the first to review this server!

More Security MCP Servers

Toleno

Free

by Toleno · Developer Tools

Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.

mcp-creator-python

Free

by mcp-marketplace · Developer Tools

Create, build, and publish Python MCP servers to PyPI — conversationally.

MarkItDown

Free

by Microsoft · Content & Media

Convert files (PDF, Word, Excel, images, audio) to Markdown for LLM consumption

Elsas Verify MCP Server

About

Security Report

Permissions Required

How to Connect

Documentation

elsas-verify

Verify in 30 seconds

Verify a live report

Trust model

What's in here

What's not here

License

Reviews

No reviews yet

More Security MCP Servers

Toleno

mcp-creator-python

MarkItDown

FinAgent

mcp-creator-typescript

MCP Marketplace