ClawHub

Quotewise semantic quote search via MCP

v1.0.2

Semantic quote search with source transparency. Find quotes by meaning, not keywords.

3· 1.3k·0 current·0 all-time
by@quotewisio
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (semantic quote search) match the SKILL.md: all examples call a Quotewise MCP endpoint (mcp.quotewise.io) and features (search, attribution, collections) are reflected in the instructions. No unrelated credentials, binaries, or paths are requested.
Instruction Scope
Instructions are narrowly scoped to calling an external MCP API via 'npx mcporter' and configuring a server entry. They reference only the QUOTEWISE_API_KEY for authenticated features and do not instruct reading local files or other env vars. Note: the skill's runtime guidance uses npx to fetch/execute npm packages (mcporter, @quotewise/mcp), which means running third-party code on demand — expected for this workflow but worth acknowledging.
Install Mechanism
There is no formal install spec and no code shipped with the skill (instruction-only). However, the SKILL.md encourages using npx to call mcporter or @quotewise/mcp; npx will download and execute packages from the npm registry, which is a moderate-risk operation if the npm packages are untrusted or compromised.
Credentials
Only one primary credential (QUOTEWISE_API_KEY) is declared and used to enable collections/higher rate limits. This is proportionate to the described features. The instructions do not access additional environment variables or unrelated secrets.
Persistence & Privilege
always is false and the skill is user-invocable. There is no install script, no persistent system modifications, and no requests to modify other skills or system-wide config beyond optional mcporter config entries scoped to the user's home.
Assessment
This skill appears coherent for quote search, but consider these practical points before installing: (1) The skill's workflow uses npx to fetch/execute 'mcporter' or '@quotewise/mcp' from npm — only run those commands if you trust the packages and their publishers. (2) The QUOTEWISE_API_KEY grants access to your account features and rate limits — create a dedicated key with minimal privileges and don't reuse sensitive credentials. (3) Queries and any quotes you submit are sent to mcp.quotewise.io; avoid including sensitive personal data in queries. (4) If you need stronger assurance, verify the referenced endpoints (https://mcp.quotewise.io and https://quotewise.io), review the npm packages' source/repos, and check the service's privacy/terms before providing an API key.

Like a lobster shell, security has layers — review code before you run it.

latestvk972sbv6xdnk2xvjpq5n2hfv1d80r4bt

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📚 Clawdis
Primary envQUOTEWISE_API_KEY

Comments