Skillv1.0.0

ClawScan security

Pipeworx genderize · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 8, 2026, 8:23 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (predict gender from first names) is reasonable, but the runtime instructions reference fetching and executing remote code (via npx/mcp-remote) and call an external gateway; the declared requirements (only curl) do not fully match what the instructions expect.
Guidance: This skill appears to do what it claims, but check these before installing: - The SKILL.md expects you to run 'npx mcp-remote@latest ...' (downloads and runs code from npm). If you or the agent will execute that, ensure you trust gateway.pipeworx.io and the mcp-remote package. Consider pinning a specific version rather than 'latest'. - Update the declared required binaries to include node/npx (or remove npx usage) so the metadata matches behavior. - Be cautious about sending names (potentially PII) in bulk to an external service — confirm the service's privacy policy and encryption (calls use HTTPS in examples). - If you need to audit what code will run, fetch the mcp-remote package separately and review it before allowing the agent to run npx. - If you want lower risk, prefer a local implementation or an API with an explicit, documented install process rather than on-demand npx fetching.

Review Dimensions

Purpose & Capability: noteThe skill's name, description, and example RPC/curl call to gateway.pipeworx.io align with a gender-prediction purpose. However, the SKILL.md's 'Setup' recommends running 'npx mcp-remote@latest ...' which implies Node/npx is required — yet required binaries list only 'curl'. That mismatch suggests incomplete or inconsistent metadata.
Instruction Scope: noteInstructions are scoped to calling an external service (https://gateway.pipeworx.io/genderize/mcp) to predict gender and to configuring an MCP remote via npx. The instructions do not ask the agent to read local files or unrelated credentials. They do, however, direct the agent to send name data (potentially PII) to a third-party endpoint and to install/run remote tooling, which increases risk and should be explicit.
Install Mechanism: concernThere is no formal install spec, but the 'Setup' asks the user/agent to run 'npx -y mcp-remote@latest ...', which will fetch and execute code from the npm registry at runtime. That behavior is higher-risk than a purely instruction-only skill and should be declared (required binaries: node/npx) and justified. The example also uses curl to call the gateway; the gateway is a third-party HTTPS endpoint (expected) but pulling remote code via npx is potentially surprising and should be made explicit in metadata.
Credentials: okThe skill requests no environment variables, no credentials, and no config paths — appropriate for a simple gender-prediction wrapper. Note: because it transmits names to an external API, users should consider privacy/compliance implications before sending PII.
Persistence & Privilege: okalways is false and the skill is user-invocable; it does not request elevated persistence or modify other skills. There is no evidence of it attempting to persist credentials or change system-wide settings.