← 返回 Skills 市场
295
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install substreams-search-mcp
功能描述
Search, inspect, and analyze Substreams packages from the substreams.dev registry — module graphs, protobuf types, and sink deployment commands.
安全使用建议
This skill appears to implement the advertised features, but review these before installing/ running:
- Verify source/packaging: npx will execute code published on npm. Check the npm package page and the GitHub repo (owner PaulieB14) to confirm the published code matches the repository and is from a trusted maintainer.
- Python artifacts present: the bundle includes server.py and requirements.txt but the skill only declares Node as required. Ask the maintainer why a Python implementation is included or inspect the files locally — don't assume only Node code will run.
- Network exposure: the server can open an HTTP/SSE endpoint (default port 3849). If you run this on a shared or publicly reachable host, ensure it binds to localhost or is behind a firewall so it cannot be accessed from the internet unintentionally.
- Remote fetches: the tool fetches arbitrary .spkg URLs and scrapes substreams.dev HTML. These remote inputs could be malformed or hostile; consider running in a restricted environment or container, and avoid running as a privileged user.
- Safer testing: inspect the repository code locally (build directory / installed package contents) before running npx, or run npx in a disposable container/VM. If you need higher assurance, request the maintainer to provide a signed release or verify the package integrity on npm/GitHub before use.
功能分析
Type: OpenClaw Skill
Name: substreams-search-mcp
Version: 1.3.2
The skill bundle provides a legitimate MCP server for searching the Substreams package registry and inspecting blockchain data stream packages (.spkg files). It implements tools in both Python (server.py) and TypeScript (src/index.ts) that perform web scraping of substreams.dev and utilize the @substreams/core library to parse protobuf metadata. While it includes functionality to generate CLI deployment commands and starts a local HTTP server for SSE transport (port 3849), these behaviors are clearly documented in SKILL.md and README.md and align with the stated purpose of assisting developers in the Substreams ecosystem.
能力评估
Purpose & Capability
The skill's name/description align with its behavior: it scrapes the public substreams.dev registry and inspects .spkg files. However, the bundle contains both a Node-based implementation (src/index.ts, package.json) and a separate Python implementation (server.py + requirements.txt) while the declared required binary is only 'node' and SKILL.md insists on running via 'npx'. The presence of Python artifacts without declaring Python as required is an incoherence worth flagging.
Instruction Scope
SKILL.md instructions are scoped to searching, scraping substreams.dev pages, fetching .spkg files from spkg.io, and optionally starting an SSE/HTTP server on a local port. The runtime instructions do not direct reading unrelated local files or environment secrets. They do instruct the agent to fetch arbitrary external URLs (package pages and .spkg binaries), which is expected for this tool but increases exposure to malicious or malformed remote content.
Install Mechanism
There is no explicit install spec in the skill metadata; the README/SKILL.md instructs use via 'npx substreams-search-mcp', which will fetch and run package code from the npm registry. That is a common pattern but still a moderate-risk install mechanism because it executes remote code. The included package.json/package-lock indicate multiple third-party dependencies (normal for this functionality). No direct downloads from arbitrary URLs or archive extracts are specified in the skill metadata.
Credentials
The skill declares no required environment variables or credentials (only an optional MCP_HTTP_PORT to change the HTTP port). That is appropriate for a public-registry search/inspect tool; there are no unrelated credential requests.
Persistence & Privilege
always:false (normal). The skill can start a local HTTP/SSE server (default port 3849) to accept connections from agents. Running a server is within the tool's purpose but is a privilege that could expose a listening endpoint if the process binds to non-local interfaces or if your environment forwards ports. The skill does not request system-wide config changes or other skills' credentials.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install substreams-search-mcp - 安装完成后,直接呼叫该 Skill 的名称或使用
/substreams-search-mcp触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.3.2
Add OpenClaw YAML frontmatter for agent discovery and skill gating
v1.3.1
- Enhanced documentation for all features and usage, including tool descriptions and requirements
- Clarified that no API key or environment variables are required
- Described new behavior for inspecting packages, sink config analysis, and search (including supported networks)
- Added details on SSE/http server, network usage, and use cases for various blockchains and sinks
元数据
常见问题
Substreams Search 是什么?
Search, inspect, and analyze Substreams packages from the substreams.dev registry — module graphs, protobuf types, and sink deployment commands. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 295 次。
如何安装 Substreams Search?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install substreams-search-mcp」即可一键安装,无需额外配置。
Substreams Search 是免费的吗?
是的,Substreams Search 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Substreams Search 支持哪些平台?
Substreams Search 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Substreams Search?
由 PaulieB14(@paulieb14)开发并维护,当前版本 v1.3.2。
推荐 Skills