critical
suspicious.env_credential_access
- Location
- src/index.ts:580
- Finding
- Environment variable access combined with network send.
Substreams Search
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.env_credential_access
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
NoteHigh Confidence
ASI02: Tool Misuse and ExploitationWhat this means
If an agent or user supplies an unexpected URL, the server may attempt to fetch it from the machine running the MCP server.
Why it was flagged
The tool caller controls the URL that the server fetches. This is expected for inspecting .spkg packages, but it should be treated as a network-fetch capability.
Skill content
url: z.string().describe("Direct URL to a .spkg file") ... return await fetchSubstream(url, { signal: controller.signal });Recommendation
Use trusted direct .spkg URLs, preferably from spkg.io or the intended registry, and avoid exposing this tool to untrusted callers.
NoteMedium Confidence
ASI07: Insecure Inter-Agent CommunicationWhat this means
Anyone able to connect to the MCP endpoint could potentially invoke the search and package-inspection tools.
Why it was flagged
The skill can expose MCP tools over an HTTP/SSE endpoint. This is documented and purpose-aligned, but the artifacts do not describe authentication or access controls.
Skill content
The SSE transport (`--http` / `--http-only`) starts a local HTTP server on port 3849 (configurable via `MCP_HTTP_PORT` env var).
Recommendation
Keep the endpoint bound to localhost or protect it with network controls if used in a remote deployment.
NoteMedium Confidence
ASI04: Agentic Supply Chain VulnerabilitiesWhat this means
The code actually executed by npx comes from the npm package available at install time.
Why it was flagged
The documented setup runs an npm package through npx. This is normal for a Node MCP server, but it depends on the published npm package and its dependencies matching the reviewed source.
Skill content
npx substreams-search-mcp
Recommendation
Verify the npm package publisher and consider pinning a specific version before use.