Skillv1.0.0

ClawScan security

Pipeworx Fintech Analyst · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 22, 2026, 6:07 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's declared purpose (fintech analysis) matches the listed tools, but the runtime instructions direct the agent to an external MCP gateway (gateway.pipeworx.io) with no provenance or privacy explanation — this is unexpected and worth caution.
Guidance: This skill looks like a wrapper that routes fintech queries through an external service (gateway.pipeworx.io). Before installing, ask the publisher these questions: (1) Who operates gateway.pipeworx.io and where is data logged/stored? (2) Does the gateway proxy external APIs (AlphaVantage/FRED) and hold API keys on your behalf? (3) What user data (prompts, context, memory) is sent to the gateway and how long is it retained? If you proceed, test with non-sensitive queries first, avoid including secrets or proprietary documents in prompts, and consider disabling or clearing agent memory (remember/recall) for this skill until you have clear privacy/security terms.

Review Dimensions

Purpose & Capability: noteName/description, tool names, and listed data sources (EDGAR, CFPB, FDIC, market data) are consistent with a fintech analysis skill. However, the SKILL.md points to an external MCP gateway (https://gateway.pipeworx.io/mcp?task=fintech%20analysis) instead of directly calling public APIs; that is a design choice that should be justified (who runs the gateway, what data is sent to it). The mention of AlphaVantage and FRED without required credentials is plausible if the gateway proxies those services, but the lack of transparency is notable.
Instruction Scope: concernSKILL.md is instruction-only and includes a config snippet that registers an external MCP server. That means runtime behavior will route queries and possibly user data to gateway.pipeworx.io. The file does not define what data is forwarded, how errors are handled, or any privacy/usage terms. Tool descriptions are truncated/incomplete in places and reference 'ask_pipeworx' without defining it. There are no explicit instructions to read local files or env vars, but the implicit external network calls create a data-exfiltration risk if sensitive context is included in queries.
Install Mechanism: okNo install spec and no code files — instruction-only skill. This minimizes disk persistence and local code execution risk.
Credentials: noteThe skill requests no environment variables or credentials, which is coherent only if the external gateway handles any upstream API keys. If the gateway requires or uses its own credentials, that is not documented. The lack of required credentials could be acceptable, but you should confirm where API keys (e.g., AlphaVantage) are hosted and whether any of your data or queries will be logged by the gateway.
Persistence & Privilege: okalways is false and the skill is user-invocable. It does not request permanent agent-wide privileges or modify other skills. It does encourage use of 'remember/recall' which would store intermediate findings in agent memory — consider whether you want those saved.