Skillv1.0.0

ClawScan security

Pipeworx econdata · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 8, 2026, 6:19 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's purpose (fetching BLS economic data) matches its instructions, but there are inconsistencies and privacy/installation concerns — notably an undeclared npx/npm install step and use of an external gateway that may receive user-provided request context.
Guidance: This skill appears to do what it says (fetch BLS data) but has two practical concerns you should consider before installing: (1) the SKILL.md expects you/agent to run `npx mcp-remote@latest ...` which will download and run code from npm — the manifest did not declare npx/node as a requirement; if you don't trust that package or the gateway, avoid running it. (2) API calls are routed through https://gateway.pipeworx.io; any request payload (including conversational context the agent may attach) will be sent to that external service. If you plan to use it, test with non-sensitive queries, confirm the gateway's privacy/trustworthiness, and require the skill author to declare the npx/node requirement and explicitly state how request data is handled.

Review Dimensions

Purpose & Capability: noteName and description match the actions described (fetch CPI, unemployment, employment by industry). Declared required binary is curl which is appropriate for the provided curl example, but the SKILL.md also instructs using `npx mcp-remote...` (node/npx) — that binary is not listed in the manifest, a mismatch between declared requirements and actual instructions.
Instruction Scope: concernInstructions direct the agent to POST JSON-RPC requests to https://gateway.pipeworx.io/econdata/mcp (proxy/gateway) and to register an MCP server via `npx`. The docs do not warn that query payloads (including any context the agent attaches) are sent to an external third-party endpoint, so running the tool may transmit user data to that service. The SKILL.md does not instruct reading local files or secrets, but it gives broad leeway to 'query any BLS time series' which could cause the agent to include extra conversational context in requests.
Install Mechanism: concernThe package is instruction-only (no install spec), but the Setup section tells users/agents to run `npx -y mcp-remote@latest ...`, which will download and execute code from the npm registry at runtime. That runtime install step is not declared in the manifest (only curl listed). Using npx implies code will be fetched and executed from npm, which is a non-trivial install action and should be declared.
Credentials: okNo environment variables or credentials are requested in the manifest or SKILL.md. That is proportionate for a read-only data retrieval skill that doesn't require API keys. However, the external gateway may itself require or accept credentials in other deployments — none are declared here.
Persistence & Privilege: notealways is false and there are no config paths requested. Normal autonomous invocation is allowed (platform default). Combined with the ability to POST arbitrary payloads to an external gateway, autonomous invocation could cause outgoing requests without explicit user action — consider this when enabling autonomous use.