ClawHub

Pipeworx flights

v1.0.0

Live aircraft tracking — flights in a geographic area, individual aircraft by transponder, and airport arrivals/departures via OpenSky Network

0· 51·0 current·0 all-time
byBruce Gutman@b-gutman
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (live aircraft tracking via OpenSky) align with the provided instructions: curl-based JSON-RPC calls to a Pipeworx gateway that proxies OpenSky data. No unrelated binaries or credentials are requested.
Instruction Scope
SKILL.md only instructs the agent to call the Pipeworx gateway API (example curl POST) and to use defined tools for area, aircraft, arrivals, departures. It does not direct reading local files, environment secrets, or other unrelated system state.
!
Install Mechanism
There is no formal install spec, but the MCP config snippet suggests running `npx -y mcp-remote@latest ...`, which would download and execute code from the npm registry at run time. That is an implicit install/execute step not declared in required bins and carries risk (running remote code, potential supply-chain issues).
Credentials
No environment variables, credentials, or config paths are required. This is proportionate to the described public, anonymous API usage.
Persistence & Privilege
`always` is false and the skill is user-invocable. The SKILL.md suggests adding an MCP server entry (user config) but does not request persistent elevated privileges or modify other skills.
Assessment
This skill appears to do what it says: query live flight data via the Pipeworx gateway (no API keys needed). Before using, decide whether you trust the gateway (gateway.pipeworx.io) to proxy your requests. If you don't want to run remote code, use the provided curl example rather than the MCP `npx mcp-remote@latest` snippet — running `npx -y` fetches and executes the latest package from npm and can run arbitrary code. If you plan to use the MCP config, review the `mcp-remote` package source/version and the Pipeworx service policies first.

Like a lobster shell, security has layers — review code before you run it.

latestvk97adhg3p4vpffqcspjjn26vgd84eta7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

✈️ Clawdis
Binscurl

Comments