Skip to content

subquery-network-subquery-network.md

Latest commit

 

History

History
91 lines (58 loc) · 2.59 KB

subquery-network-subquery-network.md

File metadata and controls

91 lines (58 loc) · 2.59 KB

🟠 subquery-network-subquery-network

Query SubQuery’s indexed blockchain data to get precise answers and insights fast. Accelerate analytics, monitoring, and research with powerful, flexible queries. Integrate results into your workflows to power reports, alerts, and automation.

Get API KEY from: https://asksubquery.xyz/?referrer_code=SUBQUERY

Field Value
Grade C
Risk Score 40
Version smithery
Vendor Smithery
Source subquery-network-subquery-network
Scan Date 2026-04-19
Scanner tooltrust-scanner/v0.3.8

Findings Summary

Severity Count
Critical 0
High 2
Medium 1
Low 1
Info 1

Detailed Findings

🟠 🔑 AS-002 — Excessive Permission Surface

Severity: High

Description: tool declares network permission

Recommendation: Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.

🟠 🔑 AS-002 — Excessive Permission Surface

Severity: High

Description: tool declares exec permission

Recommendation: Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.

🟡 🔑 AS-002 — Excessive Permission Surface

Severity: Medium

Description: tool declares db permission

Recommendation: Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.

🔵 ⚡ AS-011 — DoS Resilience — Missing Rate Limit / Timeout

Severity: Low

Description: tool performs network or execution operations but declares no rate-limit, timeout, or retry configuration

Recommendation: Declare explicit rate-limit, timeout, and retry configuration for all network and execution tools. Implement exponential back-off and surface resource state to the calling agent.

AS-014 — DEPENDENCY_INVENTORY_UNAVAILABLE

Severity: Info

Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.

Recommendation: Review and remediate the identified issue.

Scored using ToolTrust methodology · Raw JSON report