Skillv1.0.0

ClawScan security

Pipeworx patents · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 13, 2026, 9:10 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's description matches its purpose (a PatentsView wrapper) but its runtime instructions ask the agent to fetch and execute a remote npm package and connect to an external gateway, and the manifest omits the required 'npx' runtime — this mismatch and remote code execution raise concerns.
Guidance: This skill appears to do what it says (wrap PatentsView) but it instructs the agent to run 'npx -y mcp-remote@latest' and connect to https://gateway.pipeworx.io/patents/mcp. That means code will be downloaded and executed from npm and queries (and any agent context) will go to an external server. Before installing: (1) confirm you trust pipeworx.io and the gateway URL; (2) prefer a pinned package version (not @latest) or review the mcp-remote package source on npm/GitHub; (3) ensure Node/npx are available and include them in the skill metadata; (4) avoid sending sensitive data to the connector, or test in a sandbox; (5) if you need stronger guarantees, ask the publisher for a local-only connector or source you can audit. If you cannot verify the remote package and endpoint, treat this skill as risky.

Review Dimensions

Purpose & Capability: concernName and description (Patents MCP wrapping PatentsView) align with the declared tools. However, the SKILL.md requires running 'npx mcp-remote@latest' to connect to https://gateway.pipeworx.io/patents/mcp, yet the skill metadata declares no required binaries. The missing declaration for Node/npm/npx is an incoherence.
Instruction Scope: concernInstructions are short and focused on establishing an MCP connection, but they direct the agent to run npx which will execute code it downloads. That execution and the subsequent connection to gateway.pipeworx.io will send queries (and likely any context the agent includes) to that external server — the SKILL.md does not describe what is transmitted or any privacy/usage guarantees.
Install Mechanism: concernThere is no formal install spec, but the connect snippet uses 'npx -y mcp-remote@latest', which downloads and executes the latest package from the public npm registry at runtime. Unpinned '@latest' installs are higher risk because the code executed can change over time; executing remote npm packages without review is a moderate-to-high risk behavior.
Credentials: noteThe skill declares no environment variables or credentials, which is reasonable for a public PatentsView wrapper. However, it fails to declare required runtime tooling (Node/npx). Also, because the agent will connect to an external gateway, any context or user data sent to that gateway should be considered sensitive unless the endpoint's behavior is verified.
Persistence & Privilege: noteThe skill does not request always:true and follows normal autonomous-invocation defaults. Still, allowing the agent to autonomously run 'npx' and execute downloaded code increases blast radius — autonomous invocation combined with remote code execution is riskier than a purely local/instruction-only skill.