Back to skill
Skillv1.0.0
ClawScan security
Pipeworx census-trade · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 23, 2026, 4:42 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's declared purpose (US trade data) matches what the instructions show, but it relies on an undocumented third‑party MCP endpoint (gateway.pipeworx.io) with no provenance or usage details, so caution is warranted.
- Guidance
- This skill appears to do what it says (fetch US trade data) but delegates queries to an undocumented third‑party endpoint (gateway.pipeworx.io). Before installing or using it, verify the endpoint's owner and privacy/security practices (ask for a homepage or source code). Test with only non‑sensitive queries to see what data is transmitted. Prefer skills that use official government APIs or that provide clear documentation on who operates the gateway and how data is handled. If you must use this skill for sensitive work, request transparency from the publisher or avoid using it until provenance is confirmed.
Review Dimensions
- Purpose & Capability
- noteName and description (US international trade data) align with the SKILL.md which exposes functions for imports, exports, trade balance and trends. However, the skill delegates calls to a third‑party MCP server (https://gateway.pipeworx.io/census-trade/mcp) rather than an official Census endpoint (e.g., api.census.gov). That third‑party endpoint is plausible for aggregating data, but its provenance and trustworthiness are not documented in the package metadata (source/homepage unknown).
- Instruction Scope
- noteThe SKILL.md contains only short RPC-like function descriptions and a JSON block listing the MCP server URL. It does not instruct reading local files or environment variables. However, the instructions are minimal and lack details (authentication, rate limits, what data is sent). The agent will call an external service; unless the platform sanitizes outgoing payloads, conversational context and any user-provided sensitive data may be transmitted to that external endpoint.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files. This is the lowest-risk install pattern because nothing is written to disk by the skill itself.
- Credentials
- okNo environment variables, credentials, or config paths are requested. The lack of required secrets is proportionate to the stated purpose. That said, absence of declared auth does not prove the remote service won't require or request credentials at runtime.
- Persistence & Privilege
- okThe skill is not always-enabled and allows normal model invocation. It does not request elevated platform persistence. No instructions indicate modifying other skills or system-wide settings.