Substreams Search
v1.3.0Search, inspect, and analyze Substreams packages to discover modules, visualize data flows, and generate sink deployment commands.
⭐ 0· 164·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name, description, SKILL.md, README, and code all consistently implement searching the substreams.dev registry, parsing package cards, fetching .spkg files, inspecting module graphs, and generating sink deployment commands. The declared dependencies (HTML parser, @substreams/core, MCP SDK) and scripts in package.json match the described capabilities.
Instruction Scope
The tools accept arbitrary URLs for .spkg files and the server will fetch them and parse their contents. That behavior is necessary for inspection, but it means a user/agent could request the server fetch internal or otherwise sensitive endpoints (SSRF). The server also paginates and scrapes substreams.dev (up to MAX_PAGES=50) which results in many outbound requests — expected for its purpose but potentially abusive in some contexts.
Install Mechanism
The skill is instruction-only in the registry (no enforced install spec) but the bundle contains a standard Node package (package.json, package-lock.json, ts sources) and a Python MCP helper. The README instructs running via `npx substreams-search-mcp`, which is a normal distribution method. No remote, untrusted download URLs or extract steps were used in the provided files.
Credentials
No environment variables, credentials, or config paths are required or requested. The code does perform network I/O (scraping the registry and fetching user-provided .spkg URLs), which is proportional to the skill's function but worth noting because it can access arbitrary network targets if given arbitrary URLs.
Persistence & Privilege
always is false and there are no signs the skill attempts to alter other skills or system-wide agent config. It runs as an MCP server (stdio / SSE) when launched — normal behaviour for MCP servers and not privileged by itself.
Assessment
This skill appears to do what it claims: it scrapes substreams.dev and fetches .spkg files to inspect module graphs and generate sink commands. Before installing/running it:
- Treat it as code that will make outbound HTTP requests to substreams.dev and to any URL you pass in (inspect_package accepts arbitrary URLs). Do not pass internal-only or sensitive endpoints unless you isolate the process or run it in a safe network environment (SSRF risk).
- Running via npx will pull the package from npm — verify the npm package and GitHub repository (author: PaulieB14) if you care about supply-chain provenance.
- If running the server with HTTP/SSE enabled, avoid exposing it to untrusted networks without authentication.
- If you need stronger assurance, run the provided code in a sandbox/container, review the full package on npm/github, or audit the @substreams/core and @modelcontextprotocol/sdk dependency versions used.src/index.ts:580
Environment variable access combined with network send.
Confirmed safe by external scanners
Static analysis detected API credential-access patterns, but both VirusTotal and OpenClaw confirmed this skill is safe. These patterns are common in legitimate API integration skills.Like a lobster shell, security has layers — review code before you run it.
latestvk975a08255v43np2p06p5qrb4582rqqg
License
MIT-0
Free to use, modify, and redistribute. No attribution required.