ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Pipeworx breweries

v1.0.0

Discover craft breweries across the US — search by name, city, or ID via Open Brewery DB

0· 71·0 current·0 all-time
byBruce Gutman@brucegutman

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for brucegutman/pipeworx-breweries.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Pipeworx breweries" (brucegutman/pipeworx-breweries) from ClawHub.
Skill page: https://clawhub.ai/brucegutman/pipeworx-breweries
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: curl
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install pipeworx-breweries

ClawHub CLI

Package manager switcher

npx clawhub@latest install pipeworx-breweries
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill claims to query Open Brewery DB (reasonable for a brewery-finder). However, instead of calling the public Open Brewery DB API directly, the SKILL.md shows POSTs to https://gateway.pipeworx.io and provides an MCP client config that runs 'npx ... mcp-remote@latest'. The declared required binary is only curl — there is a mismatch because using the provided MCP client config would require npx/npm. Relying on a third-party gateway to proxy the API is a legitimate design choice but should be explicit.
Instruction Scope
Instructions are mostly scoped to making HTTP RPC calls to pipeworx's gateway to invoke tools like 'breweries_by_city'. They do not instruct reading local files or environment variables. However, the agent will send user queries (and possibly other context) to an external endpoint (gateway.pipeworx.io), which means user data may be transmitted off-host. The SKILL.md does not limit or describe what user context is sent.
!
Install Mechanism
No install spec is declared (instruction-only), which is low-risk, but the MCP client config explicitly uses 'npx -y mcp-remote@latest' to run a remote package. That implies downloading and executing code from the npm registry, yet npm/npx is not listed in required bins. This implicit remote install/execution is a potential risk and an incoherence in the manifest.
Credentials
The skill requests no environment variables or credentials, which is proportionate for a public data lookup. Still, because queries are forwarded to an external gateway, users should be aware that any information included in queries or context will be transmitted externally.
Persistence & Privilege
The skill is not always-enabled and does not request persistent system privileges or modify other skill configs. Autonomous invocation is allowed (platform default) but not combined with other high-risk flags.
What to consider before installing
This skill appears to be a thin wrapper around an external Pipeworx gateway that proxies Open Brewery DB. Before installing, consider: 1) the SKILL.md will make network requests to https://gateway.pipeworx.io — any query or context sent could leave your environment; avoid including secrets or sensitive context. 2) The example MCP config runs 'npx mcp-remote@latest', which would download and execute code from npm; the manifest doesn't declare npm/npx as a requirement — ask the publisher to clarify or declare it. 3) If you prefer lower risk, request a version that calls the official Open Brewery DB API directly (api.openbrewerydb.org) or ask for the source code so you can review what the gateway does. 4) If you proceed, test in a sandboxed environment and verify the Pipeworx gateway's trustworthiness and privacy policy.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🍺 Clawdis
Binscurl
latestvk97amxz2xmrmm51v32p7kttpks84amtd
71downloads
0stars
1versions
Updated 3w ago
v1.0.0
MIT-0
Bruce Gutman@brucegutman
latest
Download

Open Brewery DB

A comprehensive database of breweries across the United States. Search by name, browse by city, or pull full details for a specific brewery including address, phone, website, and brewery type (micro, nano, brewpub, etc.).

Tools

  • search_breweries — Find breweries by name or partial name. Returns up to 50 results with location and contact info.
  • get_brewery — Full details for a specific brewery by its Open Brewery DB UUID.
  • breweries_by_city — List breweries in a specific city (e.g., "Portland", "Denver", "Asheville").

Scenarios

  • Planning a brewery crawl in a specific city
  • Building a craft beer finder feature for a travel app
  • Looking up contact details or website for a brewery someone mentioned
  • Analyzing the distribution of brewery types across cities

Example: breweries in Portland

curl -s -X POST https://gateway.pipeworx.io/breweries/mcp \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","id":1,"method":"tools/call","params":{"name":"breweries_by_city","arguments":{"city":"Portland","limit":3}}}'

Each result includes: name, brewery type, street address, city, state, postal code, phone number, website URL, and coordinates.

MCP client config

{
  "mcpServers": {
    "pipeworx-breweries": {
      "command": "npx",
      "args": ["-y", "mcp-remote@latest", "https://gateway.pipeworx.io/breweries/mcp"]
    }
  }
}

Comments

Loading comments...