ClawHub

Pipeworx books

v1.0.0

Search and look up books via Open Library — titles, authors, ISBNs, and cover images from the world's largest open book catalog

0· 59·0 current·0 all-time
byBruce Gutman@brucegutman
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (search Open Library) align with the instructions: the pack exposes search_books, get_book, and get_author endpoints and shows curl examples targeting a pipeworx gateway. Required binaries (curl) are appropriate for the provided examples.
Instruction Scope
The SKILL.md instructs the agent to call an external endpoint (https://gateway.pipeworx.io/books/mcp) using JSON-RPC. That matches the stated purpose, but it means user queries and any context sent to the tool will leave the local environment and be visible to the remote gateway. The instructions do not ask the agent to read local files or environment variables.
Install Mechanism
No install spec is included (instruction-only), which is low-risk. The provided MCP config example uses 'npx mcp-remote@latest', which would fetch and run code from npm at runtime if used; this is not part of the skill package but is a noteworthy runtime behavior if you follow that config.
Credentials
The skill requires no environment variables, credentials, or config paths. There is no disproportionate access requested relative to its purpose.
Persistence & Privilege
The skill does not request 'always: true' or any elevated persistence. It is user-invocable and allows model invocation (the platform default), which is expected for a tool-like skill.
Assessment
This skill appears to be a straightforward wrapper for Open Library, but it forwards queries to an external service at gateway.pipeworx.io. Before installing or using it, consider: (1) Do you trust pipeworx.io to receive any user queries or context you send? (2) Avoid sending sensitive data through the skill because the gateway will see it. (3) If you use the MCP config example, note that 'npx mcp-remote@latest' will download and run code from npm at runtime — only run that if you trust the publisher. If you need stronger guarantees, ask the publisher for a self-hostable connector or use direct calls to Open Library's public API instead.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ef67j3sv7w3jfma3gye7x0x84bmc2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📚 Clawdis
Binscurl

Comments