False positive: graph-polymarket-mcp flagged as suspicious #791
Description
Skill
- Slug:
graph-polymarket-mcp - Owner:
@PaulieB14 - URL: https://clawhub.ai/PaulieB14/graph-polymarket-mcp
- Version: 1.5.0 (1.5.1 pending publish due to rate limit)
- Source: https://github.com/PaulieB14/graph-polymarket-mcp
What the skill does
This is an MCP server for querying Polymarket prediction market data via The Graph subgraphs. It exposes 20 tools covering market data, trader P&L, positions, orderbook trades, open interest, market resolution status, and trader profiles — powered by 8 specialized subgraphs.
Expected flags and why they are false positives
-
"Environment variable access combined with network send" — The server reads
process.env.GRAPH_API_KEY(required, for The Graph Gateway queries) andprocess.env.MCP_HTTP_PORT(optional, for SSE transport). Both are standard patterns and explicitly documented in SKILL.md. -
npx launch mechanism — Standard for npm-published MCP servers.
-
Network requests to gateway.thegraph.com — All tool calls make GraphQL requests to The Graph Gateway using the user's own API key. Eight subgraph IPFS hashes are hardcoded in the server. This is the core functionality.
-
GRAPH_API_KEY env var — Required and declared in SKILL.md. This is the user's own Graph API key (free at thegraph.com/studio). The server only uses it as a bearer token for Graph Gateway requests — it is not stored, forwarded, or sent anywhere else.
-
HTTP/SSE transport on local port — Opt-in via
--httpor--http-only. Default port 3851, configurable viaMCP_HTTP_PORT.
Why this is a false positive
- Reading an API key from env and using it with the intended API is standard behavior for any API client
- No secrets are collected, stored, or forwarded to unrelated services
- SSE transport is opt-in and uses the standard MCP SDK
SSEServerTransport - All behavior is documented in SKILL.md under "Requirements" and "Network & Data Behavior"
- This server is also published to the MCP Registry and Smithery without issues