Subgraph Registry
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a coherent subgraph-discovery MCP skill, with disclosed wallet-funded x402 query costs and a disclosed hashed database download on first run.
This skill looks reasonable for subgraph discovery. Before installing, pin the package version, keep database hash verification enabled, use a constrained wallet if you use x402 paid queries, require confirmation for spending, and only enable HTTP/SSE transport on trusted local networks.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent is allowed to use a wallet, repeated paid queries could spend USDC.
The skill discloses that using the paid query path depends on a signing wallet with funds, which is sensitive authority even though it is purpose-aligned.
For x402 queries: USDC on Base in the agent's signing wallet (one query ≈ $0.01).
Use a low-balance or spending-limited wallet and require explicit approval before paid x402 queries.
An agent with wallet access could turn discovery results into paid network queries.
The documented query flow can automate a payment retry through an x402 client; the cost is disclosed and aligned with the service, but it should be controlled.
Use an x402 client (`@graphprotocol/client-x402`, `x402-fetch`, or any generic wrapper) to sign $0.01 USDC on Base via EIP-3009 and retry.
Set spending limits, review payment manifests, and avoid letting the agent make paid calls without user confirmation.
A compromised package or disabled verification could affect the local registry data loaded by the MCP server.
The runtime depends on an npm package and a downloaded database, but the artifact discloses the download and describes integrity verification.
On first run, the server downloads a pre-built `registry.db` (SQLite) from the GitHub repository... SHA-256 is verified against a hash pinned in the npm package.
Install a pinned version, audit the source if using it in autonomous runtimes, and do not set `SUBGRAPH_REGISTRY_SKIP_VERIFY=1` unless intentionally rebuilding the database.
If enabled on an untrusted network, other clients might access the registry MCP endpoint.
The optional HTTP/SSE transport can expose the MCP server to other clients if bound or networked improperly.
The SSE transport (`--http` / `--http-only`) starts a local HTTP server on port 3848... Bind only to trusted environments.
Use HTTP/SSE mode only on localhost or trusted networks, and add firewalling or access controls where appropriate.