ClawHub

Pipeworx bored

v1.0.0

Beat boredom with random activity suggestions — filter by type (education, social, cooking) or group size

0· 56·0 current·0 all-time
byBruce Gutman@brucegutman
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description describe an activity suggestion pack and the SKILL.md shows only network calls to a Pipeworx gateway to fetch activities; requiring curl is appropriate for the provided curl examples.
Instruction Scope
Instructions are limited to calling an external API (https://gateway.pipeworx.io/bored/mcp) to retrieve activity suggestions and presenting results. The SKILL.md does not instruct the agent to read local files, access unrelated environment variables, or exfiltrate other data.
Install Mechanism
There is no install spec and no code files (lowest-risk). However, the documentation includes an example using `npx mcp-remote@latest ...` which would download and run a package at runtime if the agent chose that path; this is not required for basic function but is a potential runtime risk if used without vetting.
Credentials
The skill declares no required environment variables or credentials. The functionality (public activity suggestions) does not justify any secret access, and none are requested.
Persistence & Privilege
The skill does not request always:true and has no install-time persistence. Autonomous invocation is allowed by default (platform behavior) but is not combined with elevated privileges or broad credential access.
Assessment
This skill appears coherent and minimal: it sends simple JSON-RPC requests to a Pipeworx gateway to get activity suggestions and does not request credentials or local file access. Before installing, verify you trust the endpoint (gateway.pipeworx.io / pipeworx.io). Avoid sending any sensitive or private data to the skill's API. If you or your agent will use the provided `npx mcp-remote@latest` example, be aware that npx will fetch and execute remote code at runtime—only do that if you trust the package source or pin a vetted version.

Like a lobster shell, security has layers — review code before you run it.

latestvk975q1rkm0778hb8ckcep15kgx84b9n7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎲 Clawdis
Binscurl

Comments