ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Pipeworx cfpb

v1.0.0

Search and retrieve detailed consumer financial complaints, company complaint summaries, top complaint companies, and product category breakdowns from CFPB d...

0· 66·0 current·0 all-time
byBruce Gutman@b-gutman

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for b-gutman/pipeworx-cfpb.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Pipeworx cfpb" (b-gutman/pipeworx-cfpb) from ClawHub.
Skill page: https://clawhub.ai/b-gutman/pipeworx-cfpb
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install pipeworx-cfpb

ClawHub CLI

Package manager switcher

npx clawhub@latest install pipeworx-cfpb
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description and the SKILL.md functions (search complaints, company complaints, get complaint by ID, top companies, product breakdown) are consistent with a CFPB complaint search skill. However the skill does not call the official CFPB endpoints; instead it provides a single third-party gateway URL (https://gateway.pipeworx.io/cfpb/mcp) in the runtime config. The source/homepage are unknown, which makes the choice of a third-party proxy unexplained.
!
Instruction Scope
The SKILL.md is instruction-only and does not request local files or credentials, which is appropriate. But it embeds a server config that instructs the agent to use a remote gateway service to perform queries. That means user queries and any returned narratives would be transmitted to that external host; the instructions do not document this, nor do they limit what data is sent. This is a privacy/telemetry risk that the README does not disclose.
Install Mechanism
No install spec and no code files are present (instruction-only), so nothing is written to disk or installed by the skill itself. This keeps the attack surface small, but runtime network calls are still possible and are governed by the SKILL.md config.
Credentials
The skill requests no environment variables or credentials, which is proportionate to a public-data lookup. However, because it routes queries through a third-party gateway, lack of required credentials does not eliminate the risk that sensitive query text could be exposed to that external service.
Persistence & Privilege
The skill is not marked always:true and is user-invocable; it does not request elevated or persistent privileges. Autonomous invocation is allowed (platform default), but that by itself is not a new concern for this skill.
What to consider before installing
Before installing, ask the publisher: where does gateway.pipeworx.io route data and what is its privacy policy? Prefer a skill that uses the official CFPB API (consumerfinance.gov) or shows clear provenance for any proxy. Test the skill with non-sensitive queries first. Do not send personal or secret data to the skill until you confirm what the external gateway logs, how long it stores queries, and who controls that service. If you cannot verify the endpoint or its operator, treat the skill as potentially leaking query text and do not use it with sensitive data.

Like a lobster shell, security has layers — review code before you run it.

latestvk9715dff8mpq609tcn6x5zfy3185dyy7
66downloads
0stars
1versions
Updated 5d ago
v1.0.0
MIT-0
Bruce Gutman@b-gutman
latest
Download

Cfpb

CFPB MCP — Consumer Financial Protection Bureau complaint database (free, no auth)

cfpb_search_complaints

Search consumer complaints by keyword, company, product, or date range. Returns complaint narratives

cfpb_company_complaints

Get recent complaints against a specific company (e.g., 'Wells Fargo'). Returns narratives, company

cfpb_get_complaint

Retrieve full details for a specific complaint by ID. Returns narrative, company response, resolutio

cfpb_top_companies

Find companies with the most complaints in a date range. Returns ranked list with company names and

cfpb_product_breakdown

Get complaint counts by product category (e.g., 'Credit Card', 'Mortgage'). Filter by company or dat

{
  "mcpServers": {
    "cfpb": {
      "url": "https://gateway.pipeworx.io/cfpb/mcp"
    }
  }
}

Comments

Loading comments...