Back to skill
Skillv1.0.0
ClawScan security
Pipeworx zenquotes · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewApr 6, 2026, 8:04 PM
- Verdict
- Review
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's stated purpose (fetching ZenQuotes) is simple, but the runtime instructions direct the agent to call a third‑party Pipeworx gateway and to bootstrap remote code via npx — actions that are not clearly justified by the description and introduce moderate risk.
- Guidance
- This skill could be benign (a simple quotes proxy) but the README asks you to contact a remote Pipeworx gateway and to bootstrap remote code with npx. Before installing or running it, consider: 1) Verify who operates https://gateway.pipeworx.io and whether you trust that operator to see any data the agent sends; 2) Avoid running npx mcp-remote@latest on a privileged host — inspect the package source first or run it in a sandbox; 3) If you prefer a simpler setup, ask the author why the gateway is needed instead of calling the public ZenQuotes API directly; and 4) If you will route any sensitive context through the agent while this skill is enabled, do not enable it until you confirm the data-handling policy of the remote service.
Review Dimensions
- Purpose & Capability
- noteName and description promise quotes from ZenQuotes, which is plausible. However, the SKILL.md points all traffic at gateway.pipeworx.io rather than directly to a ZenQuotes API; this is a minor mismatch that could be legitimate (a proxy/service) but is not explained in the README.
- Instruction Scope
- concernThe examples instruct POSTing to https://gateway.pipeworx.io/zenquotes/mcp and the Setup block instructs adding an mcpServers entry that launches npx mcp-remote@latest pointed at that gateway. That directs the agent to connect to and execute commands against a remote MCP endpoint and to bootstrap remote code via npx — behavior beyond merely fetching quotes and which can transmit arbitrary request/response data to the external gateway.
- Install Mechanism
- concernThe package has no formal install spec, but the SKILL.md tells users to run npx mcp-remote@latest, which will download and execute code from npm at runtime. Using npx to pull the latest remote package is a moderate-to-high risk action because it runs remote code that isn't vetted by this skill bundle.
- Credentials
- okNo environment variables, secrets, or config paths are requested by the skill metadata. The lack of requested credentials is proportionate to a read-only quotes service.
- Persistence & Privilege
- okalways is false and there are no indications the skill demands persistent system-wide privileges or to modify other skills. The skill will be invoked normally and does not claim to auto-enable itself.