Quotewise semantic quote search via MCP
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent hosted quote-search integration, with the main things to notice being its external MCP/npm tooling and optional Quotewise API key use.
This skill appears safe for normal quote search use. Before installing, be comfortable with sending quote queries to Quotewise, only configure QUOTEWISE_API_KEY if you need authenticated features, and treat the npx setup/helper commands as external tooling you should trust before running.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the setup or call helpers may execute npm-distributed tooling on the user's machine.
The skill depends on npx-run external tooling and an optional setup helper that are not bundled in the reviewed artifacts. This is expected for an MCP integration, but users should recognize the external package/provenance dependency.
npx mcporter call "https://mcp.quotewise.io/mcp.<tool>" key=value --output json ... Or run `npx @quotewise/mcp setup` for guided configuration.
Use the direct MCP configuration if you prefer not to run a helper package, and run npx commands only when you trust the package source.
If configured, the local MCP setup may store and use the user's Quotewise API key for account-linked requests.
The optional Quotewise API key is passed as a bearer token into a home-scoped MCP configuration. The credential is declared in metadata and is used for stated features such as collections and higher rate limits.
--header "Authorization=Bearer $QUOTEWISE_API_KEY" --scope home
Set QUOTEWISE_API_KEY only if you need authenticated features, protect the key like any API token, and revoke or rotate it if exposed.
Quote search text and related request parameters may be processed by Quotewise's remote MCP service.
The skill uses a hosted MCP endpoint, so user quote queries and attribution checks are sent to an external service. This is central to the stated functionality and is clearly disclosed.
Use `mcporter` to call the Quotewise MCP endpoint directly: `https://mcp.quotewise.io/mcp.<tool>`
Use the skill for quote-related queries you are comfortable sending to Quotewise, and avoid including secrets or private unrelated text in search prompts.