Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Graph Limitless Mcp
v1.0.0Query Limitless prediction markets on Base — live odds, trader P&L, whale tracking, market stats, and daily volume from The Graph's decentralized network.
⭐ 0· 55·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description (querying Limitless subgraphs via The Graph) matches the declared requirement of a GRAPH_API_KEY and node runtime. The declared endpoints (gateway.thegraph.com and api.limitless.exchange) are consistent with the stated functionality. Minor mismatch: SKILL.md's install invocation uses npx but the required binaries list only 'node' (npx/npm are not explicitly listed).
Instruction Scope
Runtime instructions direct the user/agent to run 'npx graph-limitless-mcp' — that will download and execute remote code at runtime. The SKILL.md claims only two endpoints are contacted and that no data is stored locally, but because the package code is not included in the skill bundle there is no way to confirm those claims. An npx-executed package could read other env vars, files, or contact additional endpoints unless audited.
Install Mechanism
There is no install spec in the bundle; instead SKILL.md instructs use of 'npx' to fetch the package from npm. This is a remote-download-and-execute pattern (moderate-to-high risk) because arbitrary code will be retrieved at runtime. The npm and GitHub links are provided which is normal, but absent bundled code the scanner could not verify package behavior.
Credentials
The only declared required environment variable is GRAPH_API_KEY (the Graph gateway API key), which is appropriate for querying The Graph. However, because execution is delegated to an npm package fetched at runtime, that code could access additional environment variables or secrets on the host — something the SKILL.md cannot be validated to prevent.
Persistence & Privilege
The skill does not request persistent privileges: always is false, no config paths, and it is user-invocable. Autonomous invocation by the agent is allowed (platform default) but that alone is not flagged. The SKILL.md claims no local storage; this cannot be verified without reviewing the package code.
What to consider before installing
This skill is plausible for querying Limitless via The Graph, but it is instruction-only and tells you to run 'npx graph-limitless-mcp', which will download and execute code from npm at install/run time. Before installing or running: (1) inspect the npm package contents and GitHub repo to confirm the code only calls gateway.thegraph.com and api.limitless.exchange and does not exfiltrate other data; (2) verify the npm package name and maintainers match the GitHub repo to avoid typosquatting; (3) consider creating a limited-scope Graph API key (or rotate/delete the key after testing); (4) run the package in a sandbox or CI environment first if you can; (5) if you cannot audit the package, avoid using npx to execute it directly or disable autonomous invocation for the agent. The main risks are remote code execution via npx and inability to confirm the package won’t access other env vars or endpoints.Like a lobster shell, security has layers — review code before you run it.
latestvk978p0fzfkj47q02bzcqc11hjh83hwth
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🎯 Clawdis
Binsnode
EnvGRAPH_API_KEY
Primary envGRAPH_API_KEY