ClawHub

Gov Environment

v1.0.0

EPA air quality data and HUD foreclosure listings. 2 tools for environmental and housing intelligence.

0· 335·0 current·0 all-time
byMartin@martc03
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (EPA air quality + HUD foreclosures) matches the declared tools and parameters. Requesting the mcporter binary is coherent if the agent needs to register MCP servers. However the skill routes calls through a third-party MCP server (environmental-compliance-mcp.apify.actor) rather than calling government APIs directly; that proxying is not explained and is notable.
!
Instruction Scope
SKILL.md tells the agent to run `mcporter add ...` or to edit `~/.openclaw/mcp.json` to add the remote server. The instructions therefore modify a user config file and will direct queries to an external apify.actor endpoint. The skill does not instruct reading any unrelated local files or env vars, but the implicit change to the MCP config (a user-level config path) is not declared in the skill metadata and may persistently redirect agent traffic.
Install Mechanism
This is an instruction-only skill with no install spec or code files, so nothing is written by the skill itself. That is the lowest-risk install model. The only runtime dependency declared is the mcporter binary, which is reasonable for registering MCP servers.
Credentials
No environment variables or credentials are requested, which is appropriate. However, the skill's runtime relies on a remote third-party MCP service (apify.actor) to fulfill queries; this means user queries and potentially query context will be sent to that external host — a privacy/consent consideration even though no secrets are requested.
Persistence & Privilege
The SKILL.md explicitly shows adding an entry to `~/.openclaw/mcp.json`, which will persistently register a remote server for future agent runs. The skill itself does not request always:true or system-level privileges, but it does instruct a persistent modification to the user's agent config. That persistent registration increases the blast radius if the remote endpoint is untrusted.
What to consider before installing
This skill appears to provide the advertised EPA/HUD data, but it does so by instructing your agent to add a third-party MCP endpoint (environmental-compliance-mcp.apify.actor). Before installing, verify the external service: review the referenced GitHub repo and the apify actor, confirm you trust that endpoint, and understand what data will be sent there. If you prefer not to route queries through a proxy, consider implementing a skill that calls the official EPA/HUD APIs directly or run the mcporter command manually and inspect `~/.openclaw/mcp.json` before accepting the change. If you handle sensitive prompts or PII, avoid registering unknown external MCP servers or sandbox network access while you vet the service.

Like a lobster shell, security has layers — review code before you run it.

latestvk9791s9d2srbvm06j11rbt5mt981zp5p

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🌿 Clawdis
Binsmcporter

Comments