ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Substreams Search

v1.3.2

Search, inspect, and analyze Substreams packages from the substreams.dev registry — module graphs, protobuf types, and sink deployment commands.

0· 188·0 current·0 all-time
by@paulieb14
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name/description align with its behavior: it scrapes the public substreams.dev registry and inspects .spkg files. However, the bundle contains both a Node-based implementation (src/index.ts, package.json) and a separate Python implementation (server.py + requirements.txt) while the declared required binary is only 'node' and SKILL.md insists on running via 'npx'. The presence of Python artifacts without declaring Python as required is an incoherence worth flagging.
Instruction Scope
SKILL.md instructions are scoped to searching, scraping substreams.dev pages, fetching .spkg files from spkg.io, and optionally starting an SSE/HTTP server on a local port. The runtime instructions do not direct reading unrelated local files or environment secrets. They do instruct the agent to fetch arbitrary external URLs (package pages and .spkg binaries), which is expected for this tool but increases exposure to malicious or malformed remote content.
Install Mechanism
There is no explicit install spec in the skill metadata; the README/SKILL.md instructs use via 'npx substreams-search-mcp', which will fetch and run package code from the npm registry. That is a common pattern but still a moderate-risk install mechanism because it executes remote code. The included package.json/package-lock indicate multiple third-party dependencies (normal for this functionality). No direct downloads from arbitrary URLs or archive extracts are specified in the skill metadata.
Credentials
The skill declares no required environment variables or credentials (only an optional MCP_HTTP_PORT to change the HTTP port). That is appropriate for a public-registry search/inspect tool; there are no unrelated credential requests.
Persistence & Privilege
always:false (normal). The skill can start a local HTTP/SSE server (default port 3849) to accept connections from agents. Running a server is within the tool's purpose but is a privilege that could expose a listening endpoint if the process binds to non-local interfaces or if your environment forwards ports. The skill does not request system-wide config changes or other skills' credentials.
What to consider before installing
This skill appears to implement the advertised features, but review these before installing/ running: - Verify source/packaging: npx will execute code published on npm. Check the npm package page and the GitHub repo (owner PaulieB14) to confirm the published code matches the repository and is from a trusted maintainer. - Python artifacts present: the bundle includes server.py and requirements.txt but the skill only declares Node as required. Ask the maintainer why a Python implementation is included or inspect the files locally — don't assume only Node code will run. - Network exposure: the server can open an HTTP/SSE endpoint (default port 3849). If you run this on a shared or publicly reachable host, ensure it binds to localhost or is behind a firewall so it cannot be accessed from the internet unintentionally. - Remote fetches: the tool fetches arbitrary .spkg URLs and scrapes substreams.dev HTML. These remote inputs could be malformed or hostile; consider running in a restricted environment or container, and avoid running as a privileged user. - Safer testing: inspect the repository code locally (build directory / installed package contents) before running npx, or run npx in a disposable container/VM. If you need higher assurance, request the maintainer to provide a signed release or verify the package integrity on npm/GitHub before use.
src/index.ts:580
Environment variable access combined with network send.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97b7xgw4ya8mex75zrmmgykss82v7y7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsnode

Comments