Skillv1.0.0

ClawScan security

Pipeworx anilist · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 22, 2026, 11:32 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill states it uses the AniList GraphQL API but its runtime config points to a third-party gateway (gateway.pipeworx.io) and the SKILL.md is incomplete, so it's unclear whether requests go directly to AniList or are proxied — this discrepancy warrants caution.
Guidance: This skill claims to use AniList but its runtime config points to gateway.pipeworx.io — that means your queries may be proxied through a third party. Before installing: (1) ask the publisher for source code or a homepage and a privacy policy describing what the gateway logs/retains; (2) prefer a skill that calls AniList's official endpoint (graphql.anilist.co) or otherwise documents why a proxy is used; (3) avoid sending any sensitive or private information through this skill until you verify the gateway; (4) test with harmless queries first and monitor network traffic if possible; and (5) if you cannot verify the gateway's trustworthiness, do not use this skill for sensitive data. The SKILL.md being truncated/incomplete is another reason to seek clarification from the maintainer.

Review Dimensions

Purpose & Capability: concernName/description say the skill wraps AniList's GraphQL API (public, no auth). However the SKILL.md includes an mcpServers block that points to https://gateway.pipeworx.io/anilist/mcp rather than AniList's documented endpoint (e.g., graphql.anilist.co). Using a proxy can be legitimate, but the skill does not disclose that it will route requests through a third party nor provide a homepage or source to verify the proxy — this mismatch between claimed backend and declared runtime endpoint is unexplained.
Instruction Scope: concernThe SKILL.md is minimal and partially truncated but does include an external MCP server URL. There are no instructions to read local files or request env vars, which is good, but the presence of the external gateway implies user queries and returned data will transit a third-party endpoint. The docs don't state what data is sent, retained, or logged by that gateway, and they don't show direct calls to AniList; this lack of clarity about data flow is a scope concern.
Install Mechanism: okInstruction-only skill with no install spec and no code files — nothing is written to disk and no third-party packages are installed, which minimizes local install risk.
Credentials: okThe skill requests no environment variables or credentials, which is consistent with interacting with a public/no-auth API. However, it does rely on network access to an external gateway, so the primary remaining concern is data exposure to that endpoint rather than overbroad credential access.
Persistence & Privilege: okalways is false and there are no indications the skill requests elevated or persistent privileges. It does not modify other skills or system settings based on the provided metadata.