tooltrust-directory/data/reports/subquery-network-subquery-network.json at main · AgentSafe-AI/tooltrust-directory · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
{
  "tool_id": "subquery-network-subquery-network",
  "version": "smithery",
  "grade": "C",
  "risk_score": 40,
  "scan_date": "2026-04-19T02:17:55.771769071Z",
  "scanner": "tooltrust-scanner/v0.3.8",
  "source_url": "https://smithery.ai/server/SubQuery-Network/subquery-network",
  "vendor": "Smithery",
  "description": "Query SubQuery’s indexed blockchain data to get precise answers and insights fast. Accelerate analytics, monitoring, and research with powerful, flexible queries. Integrate results into your workflows to power reports, alerts, and automation.\n\nGet API KEY from: https://asksubquery.xyz/?referrer_code=SUBQUERY",
  "findings": [
    {
      "id": "AS-002",
      "severity": "High",
      "title": "Excessive Permission Surface",
      "description": "tool declares network permission",
      "recommendation": "Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.",
      "tool_name": "graphql_agent"
    },
    {
      "id": "AS-002",
      "severity": "High",
      "title": "Excessive Permission Surface",
      "description": "tool declares exec permission",
      "recommendation": "Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.",
      "tool_name": "graphql_agent"
    },
    {
      "id": "AS-002",
      "severity": "Medium",
      "title": "Excessive Permission Surface",
      "description": "tool declares db permission",
      "recommendation": "Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.",
      "tool_name": "graphql_agent"
    },
    {
      "id": "AS-011",
      "severity": "Low",
      "title": "DoS Resilience — Missing Rate Limit / Timeout",
      "description": "tool performs network or execution operations but declares no rate-limit, timeout, or retry configuration",
      "recommendation": "Declare explicit rate-limit, timeout, and retry configuration for all network and execution tools. Implement exponential back-off and surface resource state to the calling agent.",
      "tool_name": "graphql_agent"
    },
    {
      "id": "AS-014",
      "severity": "Info",
      "title": "DEPENDENCY_INVENTORY_UNAVAILABLE",
      "description": "Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.",
      "recommendation": "Review and remediate the identified issue.",
      "tool_name": "graphql_agent"
    }
  ],
  "summary": {
    "critical": 0,
    "high": 2,
    "medium": 1,
    "low": 1,
    "info": 1
  },
  "methodology": "https://github.com/AgentSafe-AI/tooltrust-directory/blob/main/docs/methodology.md",
  "tool_names": [
    "graphql_agent"
  ],
  "tool_contexts": [
    {
      "tool_name": "graphql_agent",
      "action": "REQUIRE_APPROVAL",
      "grade": "C",
      "behavior": [
        "executes_commands",
        "uses_network"
      ],
      "dependency_visibility": "No dependency data",
      "dependency_note": "No metadata.dependencies or repo_url were exposed by this MCP server."
    }
  ],
  "scan_history": [
    {
      "scan_date": "2026-04-03T22:56:07Z",
      "grade": "C",
      "risk_score": 40,
      "version": "smithery"
    },
    {
      "scan_date": "2026-04-04T06:27:36Z",
      "grade": "C",
      "risk_score": 40,
      "version": "smithery"
    },
    {
      "scan_date": "2026-04-04T16:49:21Z",
      "grade": "C",
      "risk_score": 40,
      "version": "smithery"
    },
    {
      "scan_date": "2026-04-06T02:01:57Z",
      "grade": "C",
      "risk_score": 40,
      "version": "smithery"
    },
    {
      "scan_date": "2026-04-08T01:45:38Z",
      "grade": "C",
      "risk_score": 40,
      "version": "smithery"
    },
    {
      "scan_date": "2026-04-10T02:01:23Z",
      "grade": "C",
      "risk_score": 40,
      "version": "smithery"
    },
    {
      "scan_date": "2026-04-11T01:49:27Z",
      "grade": "C",
      "risk_score": 40,
      "version": "smithery"
    },
    {
      "scan_date": "2026-04-13T02:19:05Z",
      "grade": "C",
      "risk_score": 40,
      "version": "smithery"
    },
    {
      "scan_date": "2026-04-15T02:11:40Z",
      "grade": "C",
      "risk_score": 40,
      "version": "smithery"
    },
    {
      "scan_date": "2026-04-16T02:26:17Z",
      "grade": "C",
      "risk_score": 40,
      "version": "smithery"
    },
    {
      "scan_date": "2026-04-17T02:14:18Z",
      "grade": "C",
      "risk_score": 40,
      "version": "smithery"
    }
  ]
}