Back to skill
Skillv1.0.0
ClawScan security
Pipeworx openalex · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 13, 2026, 9:10 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's stated purpose (wrapping OpenAlex) matches what it does, but its runtime instructions require fetching and executing unpinned code via npx and connecting to an external Pipeworx gateway — a disproportionate install/runtime pattern that raises risk.
- Guidance
- This skill itself is an instruction-only wrapper that delegates work to an external Pipeworx gateway by running 'npx -y mcp-remote@latest' and then communicating with https://gateway.pipeworx.io/openalex/mcp. Before installing, consider: (1) Do you trust the Pipeworx gateway and the mcp-remote npm package? The skill will fetch and execute remote code unpinned at runtime, which can change behavior without notice. (2) The gateway will receive any queries you send — avoid sending sensitive data through it. (3) Prefer a pinned/package-vetted installation or self-hosting the MCP gateway if you need tighter control. (4) If you proceed, run it in a restricted/isolated environment and/or review the mcp-remote package source and the Pipeworx privacy/security documentation.
Review Dimensions
- Purpose & Capability
- okName and description match the actions described: the skill exposes OpenAlex-related MCP endpoints (search_works, search_authors, etc.) and references the Pipeworx pack homepage. There are no unrelated environment variables or config paths declared.
- Instruction Scope
- concernThe SKILL.md's 'Connect' block instructs the agent to run 'npx -y mcp-remote@latest https://gateway.pipeworx.io/openalex/mcp', which will execute remote code and route requests via an external gateway. The instructions therefore cause runtime network activity and execution of code not present in the skill bundle; this is broader than a simple API wrapper and is not explicitly called out in the short description.
- Install Mechanism
- concernThere is no install spec in the package, but the runtime config uses npx to fetch and run the latest mcp-remote from npm (-y and 'latest' tag). Running unpinned, latest packages via npx executes third-party code at runtime and can introduce supply-chain risk. The gateway URL (gateway.pipeworx.io) is an external endpoint that will receive traffic; neither the package nor the gateway are pinned or audited here.
- Credentials
- okThe skill declares no required environment variables or credentials, which is consistent with OpenAlex being a free API with no auth. No unexpected credential requests are present.
- Persistence & Privilege
- notealways is false (good). The skill allows normal autonomous invocation (disable-model-invocation: false). While autonomous use is expected for skills, combined with the npx runtime fetch and external gateway it increases the blast radius because the agent may autonomously fetch and execute remote code and contact a third-party server.