Skillv1.0.0

ClawScan security

Pipeworx Pharma Analyst · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 22, 2026, 6:08 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated pharma-analytic purpose matches its tool list, but it directs the agent to an unknown third‑party gateway (gateway.pipeworx.io) without describing data handling or requiring credentials — this creates a risk of sending user/agent context to an external service and is not clearly justified.
Guidance: Before installing or invoking this skill: 1) Ask the publisher for the skill's source, homepage, and a privacy/security policy that explains what data is sent to gateway.pipeworx.io, how long it's retained, and whether it's shared. 2) Do not submit any personal health information (PHI) or sensitive proprietary data until you confirm HIPAA/enterprise compliance and retention controls. 3) If you must test it, use only non-sensitive queries and monitor network activity to see exactly what is transmitted. 4) Prefer an integration that uses official APIs directly (ClinicalTrials.gov, OpenFDA, RxNav) or a documented, trusted aggregator. 5) If you cannot verify the gateway/operator, treat this skill as untrusted and avoid sending confidential data.

Review Dimensions

Purpose & Capability: noteName, description, and listed tools (ClinicalTrials, OpenFDA, RxNorm) align with a pharma analysis skill. However, the SKILL.md embeds a hardcoded external MCP gateway URL (https://gateway.pipeworx.io/mcp?task=pharma%20analysis). Using a third‑party aggregator can be reasonable, but the README doesn't explain why a private gateway is required or what data will be transmitted to it.
Instruction Scope: concernThe instructions instruct the agent to use the listed compound tools and an 'ask_pipeworx' flow that will route queries to the referenced external gateway. The SKILL.md gives no guidance on what conversation context or user data is sent, nor any data minimization, retention, or privacy constraints. 'remember'/'recall' guidance suggests persistent storage of findings without describing where/for how long — increasing the risk that sensitive or PHI data could be transmitted and retained by a third party.
Install Mechanism: okInstruction-only skill with no install spec and no code files — nothing is written to disk and no packages are pulled. This is low-install-risk.
Credentials: noteThe skill requests no environment variables or credentials, which is proportionate. However, the embedded gateway URL means network calls will be made to a third-party endpoint; the absence of declared credentials or privacy details leaves unclear whether the endpoint is public, authenticated, or will log/retain full queries and context.
Persistence & Privilege: okFlags show no 'always: true' and no requests to modify other skills or system settings. Autonomous invocation is allowed by default but not exceptional here.