ClawHub

Pipeworx advice

v1.0.0

Crowdsourced life advice — search, browse, or grab a random slip of wisdom from the Advice Slip API

0· 57·0 current·0 all-time
byBruce Gutman@brucegutman
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the instructions: the pack calls a public advice API via HTTP and exposes three simple tools (random/search/get). Required binaries (curl) and no env vars align with this purpose.
Instruction Scope
SKILL.md shows only HTTP calls to gateway.pipeworx.io/advice/mcp and example curl usage — this stays within the advertised scope. The MCP client config example uses npx to run mcp-remote@latest (which would download and run code from npm if used); that is not declared in required binaries and is optional/example-only, but it is a runtime action with higher trust implications if the agent actually executes it.
Install Mechanism
No install spec and no code files: the skill is instruction-only and writes nothing to disk. This is the lowest-risk install model.
Credentials
The skill requests no environment variables, secrets, or config paths — proportional to a public read-only advice API. No unrelated credentials are requested.
Persistence & Privilege
always:false and default autonomous invocation are appropriate for this tool. The skill does not request persistent system-wide changes or elevated privileges.
Assessment
This pack is straightforward: it issues HTTP requests to an external advice API and doesn't ask for credentials. Before installing, confirm you trust the endpoint (https://gateway.pipeworx.io) since user queries and results traverse that service. Also note the MCP client example uses npx to fetch mcp-remote@latest — running that would download and execute code from the npm registry, so only allow it on machines where you trust remote package execution. If you prefer stricter control, use the demonstrated curl calls directly and avoid the npx/mcp-remote route.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ffgp547ckm6eaw9218aywjh84dt2e

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

💡 Clawdis
Binscurl

Comments