Skillv1.0.0

ClawScan security

Pipeworx college-scorecard · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

SuspiciousApr 23, 2026, 6:58 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill claims to use the US Department of Education College Scorecard API but its runtime instructions point to a third‑party gateway (gateway.pipeworx.io) operated by an unknown source; this mismatch and missing provenance are concerning.
Guidance: Before installing, verify who operates gateway.pipeworx.io and why queries would be proxied through that service instead of calling the official College Scorecard API. Ask the publisher for source code or a homepage and a privacy statement explaining whether user queries are logged or shared. Prefer a skill that calls the official api (api.collegecosts.ed.gov / college scorecard endpoints) directly or one whose operator you trust. If you must test, use only non-sensitive queries and monitor network traffic to confirm where requests are sent.
Findings: [no_findings] expected: The regex-based scanner found nothing because this is an instruction-only skill with no code files. That absence is not evidence of safety; the SKILL.md itself contains the main behavioral surface (the external gateway URL).

Purpose & Capability: concernThe description says it queries the US Department of Education College Scorecard API, but the SKILL.md includes an mcpServers entry that points to https://gateway.pipeworx.io/college-scorecard/mcp — a third-party gateway. No source, homepage, or justification for routing through that gateway is provided, which is inconsistent with the claimed purpose.
Instruction Scope: concernThe SKILL.md is minimal and does not instruct reading local files or env vars, which is good, but it explicitly directs the agent to use the pipeworx gateway endpoint. That means user queries and results will be routed to an external service not documented in the skill metadata. The instructions are also truncated/brief and lack detail on authentication or data handling.
Install Mechanism: okInstruction-only skill with no install spec or code files — nothing is written to disk and no packages are installed.
Credentials: noteThe skill declares no required environment variables or credentials, which is internally consistent. However, because it directs traffic to a third-party gateway, there may be unstated authentication or logging at that gateway; the lack of any declared credential or privacy statement is worth questioning.
Persistence & Privilege: okalways is false and the skill is user-invocable only. It does not request persistent privileges or modification of other skills/config.