Skillv1.0.0

ClawScan security

Pipeworx ukpolice · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewApr 6, 2026, 8:06 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill is plausibly a wrapper around UK police data, but it routes queries to a third‑party gateway and its runtime instructions imply installing/running remote code (npx) that the metadata does not declare — these mismatches and the external endpoint risk warrant caution.
Guidance: This skill appears to be a simple wrapper around UK police data, but it forwards queries to a third‑party gateway (gateway.pipeworx.io) rather than calling data.police.uk directly. Before installing or using it, consider: 1) Trust: verify the operator (pipeworx.io) and their privacy/security practices because your location queries (lat/lng and time) will be sent to that service; 2) Runtime risk: if you enable the MCP config the example runs `npx mcp-remote@latest` — that will download and execute code from npm (you should only do that if you trust the package and have Node/npm installed); 3) Incoherence: the skill metadata fails to list npx/node as a required binary despite the example using it. If you want a lower-risk alternative, call data.police.uk directly (their API is public) or request a version of this skill that documents and pins any required runtime packages and explicitly names required binaries.

Review Dimensions

Purpose & Capability: noteName/description (street-level UK police data) match the examples and required binary (curl). However the supplied MCP example uses `npx mcp-remote@latest`, implying Node/npm (npx) is needed — but the skill's metadata does not declare node/npx as a required binary. That mismatch is an incoherence.
Instruction Scope: concernSKILL.md's primary runtime example POSTs JSON to https://gateway.pipeworx.io/ukpolice/mcp. That will transmit user-supplied location/month queries to a third‑party service rather than directly to data.police.uk. The instructions do not request reading local files or extra env vars, but they do send potentially sensitive location data off‑host.
Install Mechanism: concernThere is no formal install spec (instruction‑only), which is low risk on its own. But the MCP config example instructs use of `npx mcp-remote@latest`, which would fetch and run code from the npm registry at runtime. Running `npx ...@latest` executes remote code and is not enumerated in the skill's required binaries — this is an installation/execution risk if the user follows that example.
Credentials: okThe skill declares no environment variables or credentials, which is appropriate for public police data. No hidden env/credential access is apparent in SKILL.md.
Persistence & Privilege: okThe skill is not always: true, does not request persistent privileges, and is user-invocable only. It does not attempt to modify other skills or system settings in the provided instructions.