Predict.fun MCP
PassAudited by ClawScan on May 10, 2026.
Overview
This appears to be a disclosed Predict.fun/The Graph data connector, but users should notice that it uses a billable API key, supports custom GraphQL queries, runs via npx, and can expose an optional MCP SSE server.
This skill looks coherent for read-only Predict.fun analytics. Before installing, use a limited Graph API key, watch query usage, be cautious with custom GraphQL prompts, and do not expose the SSE endpoint to untrusted networks.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your Graph API key will be used whenever the agent calls these tools, which may consume your provider quota or free-tier allowance.
The skill uses the user's The Graph API key in provider requests. This matches the stated purpose, but the key is a credential and requests are billed to it.
const API_KEY = process.env.GRAPH_API_KEY; ... https://gateway.thegraph.com/api/${API_KEY}/subgraphs/id/Use a dedicated Graph API key with quota limits, monitor usage, and revoke or rotate the key if you uninstall or stop using the skill.
An agent can run custom read queries that may be expensive, broad, or return untrusted public market data.
The skill exposes a raw custom GraphQL tool. It is scoped to the stated Predict.fun subgraphs, but it is broader than the fixed analytics tools.
query_subgraph — Custom GraphQL against any of the three subgraphs
Review or restrict custom GraphQL use if API quota matters, and treat returned market/user-generated text as data rather than instructions.
Running the npx package executes code from the npm/package supply chain and its dependencies.
The skill is a runnable Node package with caret-versioned dependencies. This is normal for npm-based MCP servers, but it leaves usual package/provenance risk.
"bin": { "predictfun-mcp": "./dist/index.js" }, ... "@modelcontextprotocol/sdk": "^1.12.1", "express": "^4.21.0"Install from a trusted source, consider pinning the package version in your MCP configuration, and keep dependencies updated.
If the SSE server is exposed beyond the intended local machine, other clients could potentially call the tools and consume your Graph API quota.
The skill can expose its MCP tools over an SSE HTTP endpoint for local or remote agent use. The artifacts do not describe authentication for that endpoint.
npx predictfun-mcp --http-only ... "url": "http://localhost:3850/sse"
Keep the SSE endpoint bound to localhost or protect it with firewalling, a trusted reverse proxy, or equivalent access controls.