Graph Polymarket MCP
PassAudited by ClawScan on May 10, 2026.
Overview
This appears to be a disclosed, read-only Polymarket data server, but users should protect their Graph API key and keep the optional HTTP/SSE endpoint local or secured.
Before installing, confirm you trust the npm/GitHub source, use a dedicated Graph API key, and monitor quota usage. Prefer the built-in read-only tools over custom GraphQL unless needed, and do not expose the HTTP/SSE endpoint to untrusted networks without access controls.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your Graph API key will be sent to The Graph service and used for queries made by the agent.
The skill uses the user's Graph API key to call The Graph Gateway. This is expected for the subgraph tools and is disclosed, but it is still credential use that can consume quota.
const apiKey = process.env.GRAPH_API_KEY; ... const url = `https://gateway.thegraph.com/api/${apiKey}/deployments/id/${ipfsHash}`;Use a dedicated Graph API key with limited billing exposure, monitor query usage, and avoid sharing the key in prompts or logs.
The agent could run broader public-data queries than expected or use more of the Graph API quota.
The skill intentionally exposes a broad custom GraphQL query tool. It is limited to configured Polymarket subgraphs and appears read-only, but an agent can issue broad queries using the user's API key.
"query_subgraph" ... description: "Execute a custom GraphQL query against a Polymarket subgraph" ... query: z.string().describe("GraphQL query string")Use the specialized tools when possible, and only allow custom GraphQL queries when you understand the data scope and quota impact.
If the endpoint is exposed beyond localhost, other clients may be able to invoke the tools and consume API quota.
The optional HTTP/SSE transport exposes the MCP tools over a local server. This is disclosed and purpose-aligned, but the artifacts do not describe authentication for remote exposure.
The SSE transport (`--http` / `--http-only`) starts a local HTTP server on port 3851 (configurable via `MCP_HTTP_PORT` env var).
Keep the SSE endpoint bound to localhost or place it behind firewall, authentication, or other access controls for remote deployments.