Back to skill
Skillv1.0.0
ClawScan security
Pipeworx poetry · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewApr 13, 2026, 10:11 PM
- Verdict
- Review
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's stated purpose (querying PoetryDB) is plausible, but the runtime instructions require fetching and executing a remote npm package that connects to a third‑party gateway (gateway.pipeworx.io), which is a disproportionate and potentially risky mechanism that you should verify before installing.
- Guidance
- This pack likely just proxies PoetryDB, but it instructs the agent to run an npx command that downloads and executes code and connects to gateway.pipeworx.io. Before installing: 1) Verify the trustworthiness of the mcp-remote npm package (inspect its source or prefer a pinned version instead of @latest). 2) Verify what gateway.pipeworx.io does with query data (does it just proxy PoetryDB or log/collect requests?). 3) If you can't validate those, avoid running it on sensitive systems — run in a sandbox or restrict network access. 4) Prefer a version that calls PoetryDB directly (or an implementation you can inspect) if you want lower risk.
Review Dimensions
- Purpose & Capability
- noteName/description say this is a PoetryDB (no-auth) pack which matches the skill's intent to provide poem search/random/author tools. HOWEVER the SKILL.md does not call PoetryDB directly; it points the agent to a Pipeworx gateway (https://gateway.pipeworx.io/poetry/mcp). This is a small mismatch worth verifying (gateway likely proxies PoetryDB but that is not explicit).
- Instruction Scope
- concernThe SKILL.md instructs the agent to run: npx -y mcp-remote@latest https://gateway.pipeworx.io/poetry/mcp. That causes the agent to fetch and execute code from npm and open a connection to the Pipeworx gateway. The instructions do not ask to read local files or env vars, but they do grant dynamic remote code execution and network access to a third-party endpoint — more capability than a simple direct API curl would require.
- Install Mechanism
- concernThere is no static install spec, but the runtime relies on npx to pull and run mcp-remote@latest from the npm registry. Using npx/@latest executes unpinned, network-fetched code at runtime (moderate-high risk). The gateway URL is a custom domain rather than a well-known release host; this increases the need to validate the package and gateway before use.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. That is proportionate to a read-only poetry lookup capability.
- Persistence & Privilege
- okalways:false and no install-time files are declared. The skill does not request persistent system privileges or modifications to other skills. Note: autonomous invocation is allowed by default (not flagged alone), so exercising caution when combining with the npx execution behavior is advisable.