ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Pipeworx exchange

v1.0.0

Currency exchange rates and conversion — current, historical, and all supported pairs via the Frankfurter API

0· 96·0 current·0 all-time
byBruce Gutman@b-gutman

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for b-gutman/pipeworx-exchange.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Pipeworx exchange" (b-gutman/pipeworx-exchange) from ClawHub.
Skill page: https://clawhub.ai/b-gutman/pipeworx-exchange
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: curl
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install pipeworx-exchange

ClawHub CLI

Package manager switcher

npx clawhub@latest install pipeworx-exchange
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description claim use of the Frankfurter API and ECB reference rates, which fits a currency-exchange skill. However, the examples call https://gateway.pipeworx.io/exchange/mcp (a third-party gateway) rather than frankfurter.app or the public Frankfurter endpoints. The SKILL.md also includes an MCP client config that runs `npx mcp-remote@latest`, but the skill's declared required binaries only list `curl` and do not mention `npx`/`node`. This inconsistency is plausibly benign (the gateway may proxy Frankfurter) but should be disclosed.
Instruction Scope
Runtime instructions are simple (POST JSON-RPC to the pipeworx gateway or use the MCP client). The skill does not ask the agent to read local files or extra environment variables. The notable point: user queries and amounts would be transmitted to the external gateway (pipeworx), which could log or process that data; the SKILL.md does not explain what the gateway does with requests or whether it directly queries Frankfurter.
Install Mechanism
There is no formal install spec (instruction-only), which minimizes local changes. However, the provided MCP client config demonstrates running `npx -y mcp-remote@latest`, which would download and execute an npm package at runtime. That behavior is not declared in requirements and implies dynamic code fetch from the npm registry if used.
Credentials
The skill requests no environment variables, no credentials, and no filesystem paths. For a public currency-rate lookup this is proportionate.
Persistence & Privilege
The skill is not marked always:true and uses the platform defaults (user-invocable, agent may invoke autonomously). It does not request persistent privileged access or to modify other skills. This level of privilege is appropriate for its purpose.
What to consider before installing
This skill appears to provide currency conversions, but it is not fully transparent: examples send requests to gateway.pipeworx.io (a third party) rather than calling the Frankfurter API directly, and the MCP snippet would run `npx mcp-remote@latest` (pulling code from npm) even though `npx`/`node` are not listed as requirements. Before installing, consider: 1) do you trust pipeworx.io to receive and possibly log conversion queries/amounts? 2) if you plan to use the MCP client, are you comfortable allowing a runtime npm package download and execution? 3) check the homepage and developer identity, and ask the author to clarify whether requests go directly to Frankfurter or are proxied/cached, and to declare `npx`/`node` if the MCP client is required. If you have sensitive data or need strict privacy, prefer a skill that calls the public Frankfurter endpoints directly or run your own proxy.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

💱 Clawdis
Binscurl
latestvk97ch8y55rvwnp0pfvjh1nfywh84fxqa
96downloads
0stars
1versions
Updated 2w ago
v1.0.0
MIT-0
Bruce Gutman@b-gutman
latest
Download

Frankfurter Currency Exchange

Convert between 30+ currencies using the European Central Bank's reference rates via the Frankfurter API. Get current rates, convert amounts, look up historical rates back to 1999, and list all supported currencies.

Tools

ToolPurpose
get_rateCurrent exchange rate between two currencies (e.g., USD to EUR)
convertConvert a specific amount at today's rate
get_historical_rateExchange rate on a specific date (YYYY-MM-DD format, back to 1999-01-04)
get_currenciesList all supported currencies with full names

When to use

  • "How much is 500 USD in Japanese Yen?" — convert with from=USD, to=JPY, amount=500
  • Travel planning — check current rates before a trip
  • Historical analysis — track how GBP/EUR changed over the past year
  • E-commerce apps that need to display prices in local currencies

Example: convert 1000 EUR to GBP

curl -s -X POST https://gateway.pipeworx.io/exchange/mcp \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","id":1,"method":"tools/call","params":{"name":"convert","arguments":{"from":"EUR","to":"GBP","amount":1000}}}'

{
  "from": "EUR",
  "to": "GBP",
  "amount": 1000,
  "result": 858.42,
  "rate": 0.85842,
  "date": "2024-03-15"
}

MCP client config

{
  "mcpServers": {
    "pipeworx-exchange": {
      "command": "npx",
      "args": ["-y", "mcp-remote@latest", "https://gateway.pipeworx.io/exchange/mcp"]
    }
  }
}

Comments

Loading comments...