subgraph-registry-mcp 安全扫描报告 — 可信 | ClawSafe

0 /100

subgraph-registry-mcp

MCP server for agent-friendly subgraph discovery on The Graph Network. 15,500+ classified subgraphs with reliability scoring.

This is a legitimate MCP server for The Graph Network subgraph discovery with clean, focused code matching its declared purpose. No malicious behavior detected.

技能名称subgraph-registry-mcp

分析耗时32.5s

引擎pi

✓

可以安装

No action required. The skill is safe for use.

资源类型	声明权限	推断权限	状态	证据
网络访问	`READ`	`READ`	✓ 一致	All network calls go to https://gateway.thegraph.com/api/ (legitimate The Graph …
文件系统	`NONE`	`READ`	✓ 一致	Reads local data files (registry.db, registry.json) within python/data/ director…
命令执行	`NONE`	`NONE`	—	No shell execution found anywhere in the codebase
环境变量	`NONE`	`NONE`	—	os.environ only reads optional GATEWAY_API_KEY from .env — used only for The Gra…
技能调用	`NONE`	`NONE`	—	No cross-skill invocation

14 项发现

🔗

中危外部 URL 外部 URL

https://glama.ai/mcp/servers/PaulieB14/subgraph-registry

README.md:3

🔗

中危外部 URL 外部 URL

https://glama.ai/mcp/servers/PaulieB14/subgraph-registry/badge

README.md:4

🔗

中危外部 URL 外部 URL

https://thegraph.com

README.md:7

🔗

中危外部 URL 外部 URL

https://glama.ai/mcp/schemas/server.json

glama.json:2

🔗

中危外部 URL 外部 URL

https://gateway.thegraph.com/api/

python/crawler.py:38

🔗

中危外部 URL 外部 URL

https://gateway.thegraph.com/api/subgraphs/id/

python/crawler.py:40

🔗

中危外部 URL 外部 URL

https://gateway.thegraph.com/api/[api-key

python/mcp_server.py:140

🔗

中危外部 URL 外部 URL

https://thegraph.com/studio/apikeys/

python/mcp_server.py:148

🔗

中危外部 URL 外部 URL

https://uniswap.org

python/test_classifier.py:11

🔗

中危外部 URL 外部 URL

https://aave.com

python/test_classifier.py:31

🔗

中危外部 URL 外部 URL

https://ens.domains

python/test_classifier.py:53

🔗

中危外部 URL 外部 URL

https://premia.blue

python/test_classifier.py:72

🔗

中危外部 URL 外部 URL

https://static.modelcontextprotocol.io/schemas/2025-12-11/server.schema.json

server.json:2

🔗

中危外部 URL 外部 URL

https://gateway.thegraph.com/api/YOUR_KEY/subgraphs/id/$

src/index.js:288

目录结构

15 文件 · 111.5 KB · 3171 行

Python 7f · 2361L JavaScript 1f · 480L Markdown 2f · 247L JSON 4f · 78L Text 1f · 5L

├─ ▾ 📁 python

│ ├─ ▾ 📁 data

│ │ └─ 📋 sync-state.json JSON 4L · 121 B

│ ├─ 🐍 classifier.py Python 635L · 21.8 KB

│ ├─ 🐍 crawler.py Python 460L · 15.0 KB

│ ├─ 🐍 mcp_server.py Python 450L · 16.7 KB

│ ├─ 🐍 registry.py Python 305L · 11.4 KB

│ ├─ 📄 requirements.txt Text 5L · 74 B

│ ├─ 🐍 scheduler.py Python 67L · 2.1 KB

│ ├─ 🐍 server.py Python 295L · 9.7 KB

│ └─ 🐍 test_classifier.py Python 149L · 6.8 KB

├─ ▾ 📁 src

│ └─ 📜 index.js JavaScript 480L · 17.7 KB

├─ 📋 glama.json JSON 4L · 92 B

├─ 📋 package.json JSON 41L · 968 B

├─ 📝 README.md Markdown 224L · 7.2 KB

├─ 📋 server.json JSON 29L · 752 B

└─ 📝 SKILL.md Markdown 23L · 1.1 KB

依赖分析 8 项

包名	版本	来源	已知漏洞	备注
`@modelcontextprotocol/sdk`	`^1.12.1`	npm	否	Official MCP SDK
`better-sqlite3`	`^11.8.2`	npm	否	Read-only SQLite usage confirmed in code
`express`	`^4.21.0`	npm	否	HTTP transport only, opt-in
`httpx`	`>=0.27`	pip	否	Minimum version pinned
`polars`	`>=1.0`	pip	否	Minimum version pinned
`fastapi`	`>=0.115`	pip	否	Minimum version pinned
`uvicorn`	`>=0.32`	pip	否	Minimum version pinned
`pydantic`	`>=2.0`	pip	否	Minimum version pinned

安全亮点

✓ Clean codebase with no obfuscation, base64, or eval() usage

✓ All 4 tools (search_subgraphs, recommend_subgraph, get_subgraph_detail, list_registry_stats) fully implemented and match SKILL.md declarations

✓ Network access exclusively targets legitimate services: The Graph Gateway API and the skill's own GitHub-hosted registry database

✓ Database reads are local-only SQLite queries with no outbound transmission of data

✓ Credential handling: GATEWAY_API_KEY is optional, read only from .env for API authentication, never exfiltrated

✓ Dependency pinning: requirements.txt pins httpx>=0.27, polars>=1.0, fastapi>=0.115, uvicorn>=0.32, pydantic>=2.0 (all minimum version constraints)

✓ No credential harvesting patterns: no iteration over os.environ for secrets, no ~/.ssh or ~/.aws access

✓ No remote code execution: no subprocess, no curl|bash, no wget|sh patterns

✓ No persistence mechanisms: no cron jobs, no startup hooks, no backdoor installation

✓ No supply chain threats: all dependencies are from well-known packages (MCP SDK, better-sqlite3, express)

✓ SSE/HTTP transport is explicitly opt-in via --http or --http-only flags and runs on localhost

✓ Database is read-only (readonly: true on better-sqlite3 connection)