Back to skill
Skillv1.0.0
ClawScan security
Pipeworx court-listener · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 23, 2026, 7:08 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill claims to use the public CourtListener API but routes requests through an unverified gateway (gateway.pipeworx.io) operated by an unknown author — functionally coherent but privacy/ownership concerns remain.
- Guidance
- This skill appears to implement CourtListener-style search but routes requests through an unverified proxy at gateway.pipeworx.io run by an unknown owner. Before installing, consider: (1) Do you trust the gateway operator to handle search queries and retrieved opinion text? The operator could log queries or responses. (2) If you need privacy or provable source authenticity, prefer a skill that calls CourtListener's official API (courtlistener.com) or provide your own proxy. (3) Ask the publisher for source code, a homepage, or an explanation why a custom gateway is used. (4) Avoid sending sensitive or confidential text as search queries. If you cannot verify the gateway/operator, treat the skill as untrusted for confidential data.
Review Dimensions
- Purpose & Capability
- noteName/description match the declared functionality (search opinions/dockets, retrieve by ID). However the SKILL.md maps an MCP server to https://gateway.pipeworx.io/court-listener/mcp rather than calling CourtListener's official API directly. Using a proxy backend is plausible but not explained in the metadata (no homepage, no source).
- Instruction Scope
- noteThe runtime instructions are narrowly scoped to search/get operations and include an mcpServers entry. They do not instruct reading local files or environment variables. The key concern is that the instructions direct the agent to an external, non-official endpoint (gateway.pipeworx.io) — meaning all queries (including potentially sensitive search terms or document requests) will be sent to that third party.
- Install Mechanism
- okNo install spec and no code files (instruction-only). This minimizes disk/installation risk; nothing is downloaded or executed locally by the skill itself.
- Credentials
- okNo environment variables, credentials, or config paths are requested. The declared permissions are minimal and proportionate to a read-only search/retrieval skill.
- Persistence & Privilege
- okalways:false and user-invocable:true (defaults). The skill does not request persistent system-level privileges or to modify other skills; autonomous invocation is allowed by platform defaults but not a special flag here.