ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Pipeworx altos

v1.0.0

Provides real estate market intelligence including inventory trends, active listings, pending sales, new listings, and downloadable data files for specified...

0· 14·0 current·0 all-time
byBruce Gutman@brucegutman
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, and SKILL.md functions (market_stats, inventory_trend, active_listings, etc.) are coherent and match the provided MCP server URL for an Altos data gateway.
Instruction Scope
SKILL.md is brief and focused on querying regional real-estate data and includes a config snippet pointing at https://gateway.pipeworx.io/altos/mcp. It does not instruct the agent to read unrelated files or secrets, but the doc is truncated and provides no authentication or privacy guidance.
Install Mechanism
Instruction-only skill with no install spec and no code files — nothing is written to disk by an installer, which reduces install-time risk.
!
Credentials
The skill expects network calls to an external gateway but declares no required environment variables or primary credential. Real-world usage of an external API typically requires API keys or tokens; the lack of declared auth is a discrepancy (it may rely on implicit/global credentials or omit necessary security guidance). The gateway domain is not a well-known official Altos/MLS domain, which increases the need for verification.
Persistence & Privilege
always:false and no config paths or system-modifying instructions are present. The skill does not request elevated/persistent privileges in the metadata.
What to consider before installing
This skill appears to be a thin wrapper around an external real-estate data gateway, but it comes from an unknown source and omits authentication details. Before installing: 1) Ask the publisher for provenance and an official homepage or repository; verify the gateway domain (gateway.pipeworx.io) is legitimate and authorized to serve Altos data. 2) Confirm how the agent is expected to authenticate (API key, token) and ensure credentials are not implicitly assumed. 3) Restrict the skill's network access or test in a low-privilege environment first, and avoid installing on agents that have access to sensitive credentials. If you cannot verify the provider or authentication model, do not enable autonomous invocation or install the skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk975wb9qs2sbt2yy57x8ehvafd85ah8v
14downloads
0stars
1versions
Updated 2h ago
v1.0.0
MIT-0
Bruce Gutman@brucegutman
latest
Download

Altos

Altos Research MCP — Real estate market intelligence

altos_market_stats

Get current market snapshot for a region (e.g., "San Francisco, CA"). Returns inventory count, new l

altos_inventory_trend

Track weekly inventory changes for a region (e.g., "Austin, TX"). Returns trends in inventory, new l

altos_active_listings

Search active property listings in a region (e.g., "Denver, CO"). Returns address, price, beds, bath

altos_pending_sales

Find properties under contract in a region (e.g., "Miami, FL"). Returns address, price, beds, baths,

altos_new_listings

Get freshly listed properties (under one week on market) for a region (e.g., "Boston, MA"). Returns

altos_list_files

Browse downloadable regional real estate data files. Returns catalog with file names, formats, and d

{
  "mcpServers": {
    "altos": {
      "url": "https://gateway.pipeworx.io/altos/mcp"
    }
  }
}

Comments

Loading comments...