ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Pipeworx art

v1.0.0

Search and explore 500,000+ artworks in the Metropolitan Museum of Art's open-access collection

0· 48·0 current·0 all-time
byBruce Gutman@brucegutman
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The description says it connects to the Met's open-access API, but the runtime example and setup point to https://gateway.pipeworx.io/art/mcp (a proxy/gateway) rather than the Met's official endpoints. The SKILL.md's Setup also instructs using npx to run mcp-remote, yet 'npx' / Node is not listed in the required binaries — a clear mismatch between claimed dependencies and actual instructions.
!
Instruction Scope
Instructions include POSTing JSON-RPC calls to a third-party gateway and recommend configuring an mcpServer that will run 'npx -y mcp-remote@latest https://gateway.pipeworx.io/art/mcp'. That effectively instructs the agent/runtime to fetch and execute code from npm and to use a remote service as the tool backend. The SKILL.md does not instruct reading local files or secrets, but it does delegate runtime behavior to an external, unreviewed component.
!
Install Mechanism
There is no formal install spec, but the Setup suggests invoking npx to fetch and run mcp-remote@latest from npm. Using npx downloads and executes package code at runtime from the public registry — moderate-to-high risk if the package or the gateway is untrusted. The Skill fails to declare Node/npx as a required binary, which is inconsistent and could cause unnoticed remote code execution.
Credentials
The skill declares no required environment variables or credentials, which is proportionate for a read-only art catalog. However, because it routes requests through a third-party gateway and a remote npm tool, additional implicit network access and potential token use could occur but are not declared.
!
Persistence & Privilege
always is false (good), but autonomous model invocation is allowed (default). Combined with the setup that causes the agent/runtime to fetch and run mcp-remote from npm and to send JSON-RPC to an external gateway, this increases the blast radius: the agent could autonomously run unvetted remote code and communicate with a third-party service.
What to consider before installing
This pack appears to provide Met Museum data, but it routes calls through an external Pipeworx gateway and recommends using 'npx -y mcp-remote@latest' — which will download and execute code from npm at runtime. Before installing: (1) confirm you trust https://gateway.pipeworx.io and the pipeworx project; (2) verify the mcp-remote package source (review its code/release) and add Node/npx to declared requirements; (3) consider requiring the skill to call the Met's official API (collectionapi.metmuseum.org) directly if you prefer no third-party proxy; (4) run this skill in a sandboxed environment or restrict agent permissions if you allow it; (5) if you are unsure about executing remote npm packages, do not enable autonomous invocation or avoid installing the skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk97587jem5m5tvg9m4tgp83g0184d37m

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🖼️ Clawdis
Binscurl

Comments