ClawHub
Back to skill

Security audit

Pipeworx genderize

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward remote gender-prediction integration, but users should understand that submitted names are sent to an external service and the results are only statistical guesses.

Install only if you are comfortable sending first names and optional country codes to the Pipeworx/Genderize service. Do not use the output as authoritative identity information or for eligibility, employment, credit, insurance, or other high-impact decisions. For sensitive or bulk customer data, review consent, privacy, retention, and the unpinned mcp-remote@latest dependency before use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill describes gender prediction behavior but does not clearly warn users that submitted first names are transmitted to an external third-party service. Even though a network call is implied elsewhere, the omission matters because names can be personal data and users may unknowingly send sensitive inputs off-platform.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill promotes use cases such as marketing personalization, demographic analysis, and form pre-filling without warning that inferred gender is probabilistic, can be inaccurate across cultures, and may be harmful or discriminatory in sensitive contexts. This creates a realistic risk of misuse, unfair treatment, or privacy harms if consumers treat the output as authoritative.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal