ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Pipeworx abuseipdb

v1.0.0

Check, report, and retrieve abuse confidence scores and details for IP addresses using the AbuseIPDB v2 API.

0· 66·0 current·0 all-time
byBruce Gutman@b-gutman

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for b-gutman/pipeworx-abuseipdb.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Pipeworx abuseipdb" (b-gutman/pipeworx-abuseipdb) from ClawHub.
Skill page: https://clawhub.ai/b-gutman/pipeworx-abuseipdb
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install pipeworx-abuseipdb

ClawHub CLI

Package manager switcher

npx clawhub@latest install pipeworx-abuseipdb
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
Name/description say this wraps the AbuseIPDB v2 API, which normally requires an API key; the SKILL.md does not declare any required credential or environment variable and instead includes an mcpServers entry that points to https://gateway.pipeworx.io/abuseipdb/mcp — a different endpoint. It's unclear whether the gateway holds the API key or the skill expects the agent to provide credentials, so the required access is not proportional or explained.
!
Instruction Scope
The runtime instructions are minimal and partially truncated. They reference an mcpServers gateway URL (pipeworx) instead of directly calling api.abuseipdb.com as the description implies. Because the SKILL.md lacks details on what data is sent to the gateway and who controls it, the instructions permit sending IPs and related metadata to an undeclared third party — this is outside the skill's documented scope and raises data-exfiltration concerns.
Install Mechanism
There is no install spec and no code files — this is instruction-only, so nothing is written to disk by an installer. That minimizes install-time risk.
!
Credentials
No environment variables or primary credentials are declared, yet AbuseIPDB v2 requires an API key for authenticated operations (check/report/blacklist). The absence of any declared credential is disproportionate and ambiguous — either this skill expects an undocumented key to be present, or it relies on the external gateway to hold credentials, neither of which is made explicit.
Persistence & Privilege
always is false and disable-model-invocation is default (agent may invoke autonomously). There is no request for permanent presence or modification of other skills' configs in the provided instructions.
What to consider before installing
Do not install or enable this skill until the author clarifies a few things: (1) how AbuseIPDB authentication is handled — declare the required API key env var (or explain that the pipeworx gateway holds it and why that is trusted); (2) why runtime traffic is sent to https://gateway.pipeworx.io/abuseipdb/mcp instead of directly to api.abuseipdb.com, and provide the gateway's privacy/security policy and owner identity; (3) provide a complete SKILL.md (the current file is truncated) describing exactly what data is sent on each call. If you must try it, restrict the skill to manual invocation, monitor outgoing network requests, and avoid sending sensitive context through it. If the gateway approach is intended, prefer a documented, auditable proxy under your control or require that the skill declare and use a user-controlled API key.

Like a lobster shell, security has layers — review code before you run it.

latestvk976t44jv1k7vw52qf4qk0gk1585d183
66downloads
0stars
1versions
Updated 4d ago
v1.0.0
MIT-0
Bruce Gutman@b-gutman
latest
Download

Abuseipdb

AbuseIPDB MCP — wraps AbuseIPDB v2 API (api.abuseipdb.com/api/v2)

check_ip

Check an IP address against the AbuseIPDB database. Returns abuse confidence score (0-100), ISP, usa

report_ip

Report an abusive IP address to AbuseIPDB. Requires category IDs (e.g., "18,22" for DDoS + SSH brute

get_blacklist

Get the AbuseIPDB blacklist of the most-reported IP addresses. Returns IPs with their abuse confiden

{
  "mcpServers": {
    "abuseipdb": {
      "url": "https://gateway.pipeworx.io/abuseipdb/mcp"
    }
  }
}

Comments

Loading comments...