ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Pipeworx artic

v1.0.0

Explore the Art Institute of Chicago's collection — artworks, artists, and exhibitions via the ARTIC public API

0· 21·0 current·0 all-time
byBruce Gutman@brucegutman
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill claims to expose the Art Institute of Chicago public API, which is consistent with its tooling (search_artworks, get_artwork, etc.). However the runtime examples and MCP config point to a Pipeworx gateway (https://gateway.pipeworx.io/artic/mcp) rather than the native ARTIC endpoint (e.g., api.artic.edu). Using a proxy is a legitimate design choice but is an important deviation from 'direct' ARTIC API access and should be disclosed and evaluated by the user.
!
Instruction Scope
The SKILL.md instructs the agent to POST JSON-RPC calls to the Pipeworx gateway (gateway.pipeworx.io). That means queries and any user-provided input will be transmitted to a third party. The instructions do not request unrelated local files or credentials, but they do direct external network traffic to a host outside the ARTIC domain — a potential privacy/logging risk.
Install Mechanism
There is no registry install spec (instruction-only), which is low risk. However the included MCP client config suggests using npx -y mcp-remote@latest (downloads and runs the latest npm package). Running npx with an unpinned/latest tag is higher-risk because it fetches and executes remote code; this is advisory in the docs rather than an enforced install step, but users should be cautious.
Credentials
The skill requests no environment variables, credentials, or config paths. That is proportionate to its stated purpose of accessing public ARTIC data.
Persistence & Privilege
The skill is not flagged always:true and is user-invocable; it does not request persistent elevated privileges or modification of other skills. Autonomous invocation is allowed by platform default but not combined with other high-risk flags here.
What to consider before installing
This skill appears to implement ARTIC lookups, but it sends your requests to a Pipeworx-hosted gateway (gateway.pipeworx.io) rather than directly to the Art Institute's API—anything you send may be logged or processed by that third party. The docs also show using npx -y mcp-remote@latest, which would download and run the latest npm package (unversioned), a step that can execute arbitrary code if followed. If you plan to install or use this skill: (1) Confirm you’re comfortable routing queries through Pipeworx and review their privacy/security docs; (2) avoid running unpinned npx installs — prefer pinned versions or inspect the package first; (3) do not send any sensitive or private data through the skill; (4) if you prefer, call the ARTIC API (api.artic.edu) directly or host your own proxy to reduce third‑party exposure.

Like a lobster shell, security has layers — review code before you run it.

latestvk978491sc2ah5awveyg34xq3yh84cg7z

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎨 Clawdis
Binscurl

Comments