ClawHub

Pipeworx airquality

v1.0.0

Air Quality MCP — wraps air-quality-api.open-meteo.com (free, no auth)

0· 12·0 current·0 all-time
byBruce Gutman@brucegutman
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description say this is a wrapper around open-meteo air-quality data and the SKILL.md shows curl examples against https://gateway.pipeworx.io/airquality/mcp — requiring curl is appropriate and proportionate to the stated purpose.
Instruction Scope
Instructions are limited to calling a Pipeworx JSON‑RPC gateway via HTTP POST (curl examples) and providing an optional npx client configuration. They do not reference reading files or environment variables. Note: requests and payloads are sent to a third‑party gateway (gateway.pipeworx.io), so any user-supplied query content would be transmitted to that service rather than directly to open-meteo.
Install Mechanism
There is no formal install spec (instruction-only), which is low risk. The SKILL.md suggests an npx command (mcp-remote@latest) as an example MCP client; running npx would dynamically fetch and execute an npm package — this is optional but worth noting as a potential runtime fetch of remote code if the user follows the example.
Credentials
The skill declares no required environment variables or credentials and the instructions do not reference any secrets. This is proportional for an anonymous, free API wrapper.
Persistence & Privilege
Skill is not set to always:true and does not request persistent system-wide privileges. The default autonomous invocation is allowed (platform default) and is expected for a user-invocable MCP skill.
Assessment
This skill appears coherent: it shows how to call a Pipeworx JSON‑RPC gateway to get air‑quality data and does not ask for credentials. Before installing, consider that (1) queries go to a third‑party gateway (gateway.pipeworx.io) rather than directly to open-meteo, so avoid sending sensitive or private data; (2) the example npx command would fetch and run a remote npm package if you run it — only do that if you trust pipeworx; and (3) if you prefer, you can call open-meteo directly (no auth) instead of using the proxy to reduce third‑party exposure.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c98qvxeehr8s5653cw4zeys84a1p8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Clawdis
Binscurl

Comments