Skip to content

False positive: subgraph-registry-mcp flagged as suspicious #788

New issue
New issue
Open
Open
False positive: subgraph-registry-mcp flagged as suspicious#788
@PaulieB14

Description

@PaulieB14
PaulieB14
opened on Mar 12, 2026

Skill

What the skill does

This is an MCP server that provides agent-friendly discovery of 15,500+ classified subgraphs on The Graph Network. It exposes 4 tools: search_subgraphs, recommend_subgraph, get_subgraph_detail, and list_registry_stats.

Flags raised

  1. "Environment variable access combined with network send" (src/index.js:458) — This line reads process.env.MCP_HTTP_PORT to configure the SSE/HTTP transport port. This is the standard pattern for any MCP server that supports dual transport (stdio + SSE). The env var controls which port the local HTTP server listens on — it is not exfiltrating data.

  2. npx launch mechanism — Standard for npm-published MCP servers. This is how Claude Desktop, Cursor, Claude Code, and OpenClaw all recommend running MCP servers.

  3. Runtime download of registry.db from GitHub — On first run, the server downloads a pre-built SQLite database (~5 MB) from the same GitHub repo's releases. This is documented in the SKILL.md under "Network & Data Behavior." The file is a read-only registry of subgraph metadata — no secrets or user data are involved.

  4. Optional .env / env var handling — The server reads an optional MCP_HTTP_PORT env var for SSE transport configuration. This is now explicitly documented in the SKILL.md under "Requirements."

  5. HTTP/SSE transport on local port — This is the entire point of OpenClaw compatibility. The server can optionally expose an SSE endpoint on a local port (default 3848) for remote agent connections. This is opt-in via --http or --http-only CLI flags.

Why this is a false positive

All flagged patterns are standard MCP server behavior:

  • VirusTotal correctly marks this as Benign
  • Every MCP server with SSE support will read an env var and open a network port — that's how the MCP SDK's SSEServerTransport works
  • The registry.db download is from the same author's GitHub repo and is documented
  • No secrets or API keys are required or collected for read-only use

The SKILL.md (v0.3.1) now explicitly declares all requirements, env vars, and network behavior to address these concerns.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions