READ-ONLY codesign verification of the on-disk Ledger Live binary (issue #325 P4). Per-platform: macOS uses codesign --verify --deep --strict + Apple Team ID match; Windows uses PowerShell Get-AuthenticodeSignature + Subject substring match; Linux verifies the AppImage's embedded PGP signature is...
AI agents call verify_ledger_live_codesign to retrieve information from VaultPilot MCP without modifying anything — typically the context-gathering step in research, monitoring, and reporting workflows, before the agent takes action elsewhere.
| Parameter | Type | Required | Description |
|---|---|---|---|
binaryPath | string | — | Absolute path to the Ledger Live binary or app bundle. Optional on macOS / Windows (defaults to canonical install path). REQUIRED on Linux — pass the absolute p |
Parameters from the server's own tool schema.
Even though verify_ledger_live_codesign only reads data, uncontrolled read access leaks sensitive information and racks up API costs — an agent caught in a retry loop can make thousands of calls a minute without anyone noticing.
Risk signalsBulk/mass operation — affects multiple targets
Attacks that exploit this kind of access
READ-ONLY codesign verification of the on-disk Ledger Live binary (issue #325 P4). Per-platform: macOS uses codesign --verify --deep --strict + Apple Team ID match; Windows uses PowerShell Get-AuthenticodeSignature + Subject substring match; Linux verifies the AppImage's embedded PGP signature is present (full key fingerprint pinning is a follow-up). Defaults to the platform's canonical install path; pass binaryPath to override (REQUIRED on Linux — no canonical AppImage location). Returns: verified (signature valid + matches Ledger), mismatch (signed by someone else — likely self-built / dev Ledger Live or a tampered binary), invalid (signature failed verification), not-found (no install at the expected path), platform-not-supported (Linux flatpak/snap/dpkg or unknown OS), tool-missing (codesign / powershell unavailable), error. NEVER refuses signing — surfaces the verdict for the agent to relay. Run after first install / Ledger Live update / OS update. Codesign tools take 100s of ms so this is NOT auto-fired on every signing call. It is categorised as a Read tool in the VaultPilot MCP MCP Server, which means it retrieves data without modifying state.
verify_ledger_live_codesign accepts 1 parameter: binaryPath. The full parameter table on this page comes from the server's own tool schema.
Register the VaultPilot MCP server in PolicyLayer and add a rule for verify_ledger_live_codesign: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches VaultPilot MCP. Nothing to install.
verify_ledger_live_codesign is a Read tool with low risk. Read-only tools are generally safe to allow by default.
Yes. Add a rate_limit block to the verify_ledger_live_codesign rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for verify_ledger_live_codesign. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
verify_ledger_live_codesign is provided by the VaultPilot MCP server (vaultpilot-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.