Skillv1.0.0

ClawScan security

Pipeworx nationalize · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewApr 13, 2026, 6:29 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's purpose (predict nationality from a first name) matches what the instructions do, but the SKILL.md requires running npx to download and execute a remote npm package (mcp-remote@latest) and this runtime requirement is not declared — and running arbitrary remote code + sending user data to an external gateway is a supply‑chain and privacy concern.
Guidance: This skill appears to be a thin connector to Pipeworx's Nationalize MCP and will run 'npx -y mcp-remote@latest' to connect to https://gateway.pipeworx.io/nationalize/mcp. Before installing, confirm you are comfortable with: (1) the agent requiring npx/Node on the host (the metadata doesn't list this), (2) the agent downloading and executing a remote npm package (using @latest is a supply‑chain risk), and (3) any names or personal data you send being transmitted to and processed by an external server (check privacy/retention). If you need tighter security, ask the author to: declare npx as a required binary, pin a specific package version instead of @latest, and document what data is sent/retained by the gateway. Run first in a sandboxed environment if you want to observe behavior.

Review Dimensions

Purpose & Capability: noteThe description (nationality prediction via nationalize/pipeworx) aligns with the connect snippet which points to a Pipeworx gateway. However the registry metadata said 'required binaries: none' while the SKILL.md explicitly invokes 'npx' — a discrepancy between declared requirements and actual runtime behavior.
Instruction Scope: noteInstructions only show a connect block that runs 'npx -y mcp-remote@latest https://gateway.pipeworx.io/nationalize/mcp'. That implies the agent will execute remote code and send inputs (names) to an external endpoint. The instructions do not ask to read local files or other environment variables, but they also do not state how input data is handled by the remote service (privacy/retention).
Install Mechanism: concernThere is no install spec, but the connect snippet uses 'npx' to fetch and run 'mcp-remote@latest' from the npm registry. Using npx/@latest means downloading and executing code from the network at runtime (supply-chain risk). The remote gateway (gateway.pipeworx.io) is an external domain — not an obvious red flag, but the combination (remote npm package + external gateway) increases risk compared with an instruction-only HTTP call to a known API.
Credentials: okThe skill requests no credentials or environment variables, which is proportionate for an unauthenticated public API. The only omission is that the SKILL.md expects 'npx' to be available but the metadata did not declare it as a required binary.
Persistence & Privilege: okalways is false and there are no install scripts or files, so the skill does not request persistent elevated privileges or automatic always-on presence. It does, however, enable remote code execution via npx when invoked.