Back to skill
Skillv1.0.0
ClawScan security
Pipeworx holidays · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 8, 2026, 8:56 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's stated purpose (public holidays via Nager.Date) mostly matches its behavior, but there are inconsistencies and an implicit install step (npx) that aren't declared and could cause remote code to be fetched/executed — verify the gateway and npx usage before installing.
- Guidance
- This skill appears to do what it says (holiday lookups) but two issues merit caution: (1) the examples call a pipeworx gateway rather than Nager.Date directly — confirm you trust https://gateway.pipeworx.io and its privacy/usage policy before sending queries; (2) the SKILL.md suggests running `npx -y mcp-remote@latest ...` (not declared in required binaries), which will download and execute code from npm. If you plan to install that, prefer reproducible pinned versions, request a formal install spec, or ask the publisher for source code/a vetted release. If you only need simple queries, consider calling the Nager.Date API directly or request the skill be updated to declare npx in required binaries and to avoid fetching 'latest' at runtime.
Review Dimensions
- Purpose & Capability
- concernDescription says it uses the Nager.Date API for holiday data, but all example calls go to https://gateway.pipeworx.io/holidays/mcp (a proxy/service). That could be legitimate (a proxy to Nager.Date) but is an important mismatch. The declared required binary is only curl, yet the SKILL.md setup uses npx — this is an undeclared runtime requirement.
- Instruction Scope
- concernRuntime instructions show POSTing JSON-RPC to the pipeworx gateway and include a 'Setup' snippet that runs npx to fetch mcp-remote@latest, which will download and run code from npm. The skill does not instruct reading local files or environment variables, but the npx step grants the skill the ability to execute remotely fetched code on the host if followed.
- Install Mechanism
- concernThere is no formal install spec in the registry, but the SKILL.md recommends using npx to install/execute mcp-remote@latest from the public npm registry. npx fetches and runs code at install time (extract=true equivalent) which is higher risk and should have been declared in an install spec and in required binaries.
- Credentials
- okThe skill declares no required environment variables or credentials, which is proportionate for a read-only holiday lookup. However, queries are sent to an external gateway (pipeworx.io) rather than directly to Nager.Date, so users should be aware query contents (country/year/date) will be transmitted to that third party.
- Persistence & Privilege
- okThe skill is not always-enabled and uses default autonomous invocation; it does not request system-wide config changes or persistent credentials. The main privilege concern is the optional npx install step which could execute code transiently.