Back to skill
Skillv1.0.0
ClawScan security
Pipeworx gbif · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewApr 8, 2026, 8:23 PM
- Verdict
- Review
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill appears to call GBIF data but routes all requests through a third‑party gateway (gateway.pipeworx.io) and references running remote code via npx that is not declared — this is coherent with its purpose but raises privacy and install-safety concerns.
- Guidance
- This skill looks like a GBIF query helper but routes all requests through a Pipeworx gateway (gateway.pipeworx.io) rather than calling GBIF directly. Before installing, consider: 1) Do you trust the Pipeworx service to receive and store any query text or returned data? (the gateway will see everything you send). 2) The SKILL.md shows an 'npx mcp-remote@latest' command — running that would download and execute remote npm code; ask the publisher to declare node/npm/npx as required and explain what mcp-remote does. 3) For sensitive queries or environments with strict data policies, prefer a skill that calls the official GBIF API directly or provide assurances about data retention and access logs. If you proceed, request clarification from the publisher about data handling, logging/retention, and the exact need for npx/mcp-remote.
Review Dimensions
- Purpose & Capability
- noteThe name and description (GBIF access) match the instructions which perform species search and occurrence queries. However, the skill does not call GBIF's API directly; instead it proxies requests through a Pipeworx gateway (gateway.pipeworx.io). That proxying is plausible for a "pack" but is a behavior users should be aware of.
- Instruction Scope
- concernRuntime examples instruct the agent to POST JSON-RPC calls to https://gateway.pipeworx.io/gbif/mcp. Those requests will send query parameters and any data the agent provides to the external Pipeworx service (potentially including user-provided context). The SKILL.md also provides an MCP config that runs 'npx ... mcp-remote@latest', which implies fetching and executing remote npm code; this is not declared in requires.bins and expands the skill's runtime scope beyond the simple 'curl' requirement.
- Install Mechanism
- concernThere is no explicit install spec (instruction-only), which minimizes local disk writes. However the MCP config encourages usage of 'npx mcp-remote@latest', which would download and execute code from the npm registry at runtime. That pattern (dynamic npx execution) is higher risk and is not enumerated in the declared required binaries.
- Credentials
- okThe skill declares no required environment variables or credentials, which is proportionate to its described read-only query purpose. There is no request for unrelated secrets or system config paths.
- Persistence & Privilege
- okThe skill is user-invocable, not always-on, and has no install that writes persistent configuration. It does not request elevated persistent privileges in the provided metadata.