ClawHub

Pipeworx archive

v1.0.0

Archive MCP — wraps the Internet Archive APIs (free, no auth)

0· 11·0 current·0 all-time
byBruce Gutman@brucegutman
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description say it's a wrapper around Internet Archive APIs and the SKILL.md contains curl examples that POST JSON-RPC to https://gateway.pipeworx.io/archive/mcp — this matches the stated purpose. Minor inconsistency: the markdown suggests using an npx-based client (mcp-remote@latest) but the declared required binaries only list curl (npx/node/npm is not declared).
Instruction Scope
Instructions are narrowly scoped to calling a JSON-RPC HTTP gateway (tools/list, tools/call). This is appropriate for an archive wrapper. Important operational note: calls will send request payloads (possibly including user-supplied content) to an external endpoint (gateway.pipeworx.io). The gateway exposes JSON-RPC 'tools/call' allowing arbitrary tool invocations on the remote side — expected for an MCP gateway but means data is transmitted off-host.
Install Mechanism
There is no install spec (instruction-only), which is low-risk. However, the SKILL.md recommends an npx command that would dynamically fetch and run code from the npm registry (mcp-remote@latest) if the agent chooses that path — that behavior is not declared in the registry metadata and introduces the usual risk of executing remotely fetched packages if used.
Credentials
The skill declares no required environment variables, credentials, or config paths, which is proportionate for a public, no-auth gateway wrapper.
Persistence & Privilege
always is false and the skill does not request persistent system changes or elevated privileges. Autonomous invocation is allowed (default) but is not combined with other concerning privileges.
Assessment
This skill is coherent with its stated purpose (calling a public Pipeworx gateway that proxies Internet Archive APIs). Before installing, consider: 1) Any request/response data (including user-provided content) will be sent to https://gateway.pipeworx.io — do not send sensitive secrets or private data. 2) The SKILL.md suggests using npx mcp-remote@latest; if the agent executes that, it will download and run code from the npm registry — only allow that if you trust Pipeworx and the mcp-remote package. 3) If you want tighter control, restrict the agent from autonomously invoking the skill or disallow use of npx/remote package installs. If you need guarantees about data handling, contact the Pipeworx operator or inspect the mcp-remote package source before running it.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a7szhyg3dpnw41wdhx5ytmx84a216

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Clawdis
Binscurl

Comments