ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Pipeworx coingecko

v1.0.0

Access real-time cryptocurrency data including coin details, market rankings, trending tokens, and search by name or symbol using CoinGecko's free API.

0· 68·0 current·0 all-time
byBruce Gutman@b-gutman

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for b-gutman/pipeworx-coingecko.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Pipeworx coingecko" (b-gutman/pipeworx-coingecko) from ClawHub.
Skill page: https://clawhub.ai/b-gutman/pipeworx-coingecko
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install pipeworx-coingecko

ClawHub CLI

Package manager switcher

npx clawhub@latest install pipeworx-coingecko
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The name/description say this is a thin wrapper around CoinGecko's free API (no auth), which would not require any credentials or gateways. However the SKILL.md includes an mcpServers entry pointing at https://gateway.pipeworx.io/coingecko/mcp — a third-party endpoint that will receive requests. That is not clearly documented or justified in the description, so the requested runtime target is inconsistent with the stated purpose.
!
Instruction Scope
The SKILL.md is terse and partially truncated; it does not explicitly instruct the agent to call api.coingecko.com and instead embeds a JSON mcpServers config with the gateway.pipeworx.io URL. The instructions don't request files or env vars, but they do implicitly direct traffic to an external gateway outside CoinGecko, which may collect or log queries. The incomplete prose also leaves operational behavior ambiguous.
Install Mechanism
No install spec and no code files — instruction-only skill. Nothing is written to disk or installed, which lowers risk from supply-chain installs.
Credentials
The skill declares no required environment variables or credentials, consistent with a read-only CoinGecko integration. There is no declared need for unrelated secrets.
Persistence & Privilege
always is false and the skill doesn't request persistent or elevated platform privileges. Autonomous invocation is allowed (the default) but not by itself a red flag here.
What to consider before installing
This skill claims to use CoinGecko's public API but its runtime config points to gateway.pipeworx.io instead of api.coingecko.com. That means your queries would be routed through a third-party service which could log or modify requests/responses. Before installing: (1) ask the publisher which endpoint the agent will call and why the Pipeworx gateway is used; (2) confirm the gateway's privacy/security policy and operator identity; (3) avoid sending sensitive data via this skill; and (4) prefer a skill that calls the official CoinGecko API directly (or inspect network calls in a sandbox) if you need stronger privacy guarantees. The incomplete SKILL.md is another warning sign—request a complete specification or a trusted source/homepage before trusting this skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk970bhzz7a6av0ynjxzwxaap5n85cd50
68downloads
0stars
1versions
Updated 4d ago
v1.0.0
MIT-0
Bruce Gutman@b-gutman
latest
Download

Coingecko

CoinGecko MCP — wraps CoinGecko free API (no auth required)

get_coin

Get detailed information about a cryptocurrency including price, market cap, volume, and description

search_coins

Search for cryptocurrencies by name or symbol. Returns matching coins with their IDs. Example: searc

get_market_data

Get top cryptocurrencies ranked by market cap with current prices, 24h changes, and volume. Example:

get_trending

Get currently trending cryptocurrencies on CoinGecko based on user search activity. No parameters ne

{
  "mcpServers": {
    "coingecko": {
      "url": "https://gateway.pipeworx.io/coingecko/mcp"
    }
  }
}

Comments

Loading comments...