ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Pipeworx cdc

v1.0.0

Search and retrieve public health datasets and records from the CDC via Socrata API using dataset keywords or IDs.

0· 59·0 current·0 all-time
byBruce Gutman@b-gutman

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for b-gutman/pipeworx-cdc.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Pipeworx cdc" (b-gutman/pipeworx-cdc) from ClawHub.
Skill page: https://clawhub.ai/b-gutman/pipeworx-cdc
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install pipeworx-cdc

ClawHub CLI

Package manager switcher

npx clawhub@latest install pipeworx-cdc
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the observable artifacts: this is an instruction-only skill for querying CDC/Socrata datasets. However, the included example configuration routes requests through a pipeworx gateway (gateway.pipeworx.io) instead of directly to the Socrata/data.cdc.gov API; that proxying is reasonable for a 'Pipeworx' skill but is not documented in the description, creating a transparency gap.
!
Instruction Scope
SKILL.md is very short and partially truncated (e.g., 'update d'), so runtime behavior is underspecified. The only concrete artifact is a JSON showing an external MCP server URL; that implies the agent will send queries to that external endpoint. Instructions do not explain what data is sent to the gateway, whether queries or results are logged, or whether direct calls to data.cdc.gov are ever used.
Install Mechanism
There is no install specification and no code files — the skill is instruction-only and does not write executables to disk. This minimizes installation risk.
Credentials
The skill declares no required environment variables, credentials, or config paths. That is proportionate to a read-only public-data query skill.
Persistence & Privilege
The skill is not marked always:true and uses normal autonomous invocation defaults. It does not request elevated persistent privileges or modify other skills' configurations (no evidence of such behavior in SKILL.md).
What to consider before installing
This skill appears to be a thin wrapper for CDC/Socrata datasets and requires no credentials, but the runtime example points to a third‑party gateway (gateway.pipeworx.io). Before installing, ask the publisher: (1) confirm whether queries/responses are proxied through that gateway and what logging/retention policies apply; (2) provide a complete SKILL.md describing exact API calls and data flows; (3) provide source or homepage so you can verify who operates the gateway. If you need to avoid routing data through external proxies, prefer a skill that calls data.cdc.gov/Socrata directly or one with verifiable source code.

Like a lobster shell, security has layers — review code before you run it.

latestvk978qfn65kx3r545s0j42pkc3d85d1k0
59downloads
0stars
1versions
Updated 4d ago
v1.0.0
MIT-0
Bruce Gutman@b-gutman
latest
Download

Cdc

CDC MCP — wraps CDC open data via Socrata API (data.cdc.gov)

search_datasets

Search CDC public health datasets by keyword. Returns dataset names, descriptions, IDs, and update d

get_dataset

Get rows from a specific CDC dataset by its Socrata dataset ID (four-by-four format like "xxxx-xxxx"

{
  "mcpServers": {
    "cdc": {
      "url": "https://gateway.pipeworx.io/cdc/mcp"
    }
  }
}

Comments

Loading comments...