ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Pipeworx dicebear

v1.0.0

Generate unique avatar images from any seed text — 30+ styles including pixel art, initials, and abstract shapes

0· 79·0 current·0 all-time
byBruce Gutman@brucegutman

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for brucegutman/pipeworx-dicebear.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Pipeworx dicebear" (brucegutman/pipeworx-dicebear) from ClawHub.
Skill page: https://clawhub.ai/brucegutman/pipeworx-dicebear
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: curl
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install pipeworx-dicebear

ClawHub CLI

Package manager switcher

npx clawhub@latest install pipeworx-dicebear
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill is an instruction-only wrapper for DiceBear-style avatar generation and only needs an HTTP client (curl). That aligns with the description. However, the SKILL.md includes an MCP config that invokes 'npx mcp-remote@latest', but the declared required binaries list does not mention 'npx'/'node', which is an inconsistency.
Instruction Scope
Runtime instructions show simple POSTs to a Pipeworx gateway which return DiceBear SVG URLs — no instructions to read local files or environment variables. However, the SKILL.md includes an MCP config (npx mcp-remote connecting to https://gateway.pipeworx.io/dicebear/mcp) that, if followed, would run third-party code and establish a remote tool endpoint; that broadens the agent’s action surface beyond the basic curl example.
!
Install Mechanism
There is no formal install spec (lowest disk risk), but the provided MCP config recommends running 'npx -y mcp-remote@latest ...'. Using npx with @latest will download and execute code from the npm registry on demand — a higher-risk operation not declared in required binaries. The SKILL.md suggests running remote code without pinning a version or providing provenance.
Credentials
No environment variables, credentials, or config paths are requested — appropriate for an avatar generator. Still, avatar seed strings would be sent to a third-party gateway (gateway.pipeworx.io); if seeds include personal data (emails, usernames) this is a privacy concern because the gateway receives that data.
Persistence & Privilege
The skill does not request always: true and is user-invocable only. It does not itself modify agent config automatically. However, the MCP config is intended to be added to an agent's mcpServers (a manual change) and running mcp-remote would create a persistent remote tool endpoint — a user action that grants ongoing remote capability.
What to consider before installing
This skill appears to do what it says (produce deterministic avatar URLs) but two things merit caution: (1) the SKILL.md suggests using 'npx -y mcp-remote@latest' to connect to a Pipeworx gateway — running npx@latest executes code from npm and is risky unless you trust and pin the package and version; (2) avatar seeds are sent to a third-party gateway (gateway.pipeworx.io), so avoid sending secrets or personally-identifying strings unless you trust that service. If you only need avatar URLs, consider calling the official DiceBear API directly (api.dicebear.com) or running vetted client code you control. If you choose to use the MCP approach, inspect and pin the mcp-remote package source, and avoid 'npx -y ...@latest'.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

👤 Clawdis
Binscurl
latestvk975cvarnfts9zztc4h3rc6f3n84d8d3
79downloads
0stars
1versions
Updated 2w ago
v1.0.0
MIT-0
Bruce Gutman@brucegutman
latest
Download

DiceBear Avatars

Generate deterministic, unique avatars from any seed string. Same seed always produces the same avatar. Choose from 30+ art styles including pixel art, bottts (robots), initials, adventurer, and more. Returns SVG URLs you can embed directly.

Tools

  • generate_avatar — Generate an avatar URL for a given style and seed. The seed can be a username, email, or any string.
  • list_styles — Returns all available avatar styles with descriptions.

When to use

  • Default profile pictures for new users (deterministic = no database storage needed)
  • Generating unique icons for items, categories, or projects
  • Placeholder images during design prototyping
  • Chat applications that need distinct avatars per participant

Example

Generate a robot-style avatar for the seed "alice":

curl -s -X POST https://gateway.pipeworx.io/dicebear/mcp \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","id":1,"method":"tools/call","params":{"name":"generate_avatar","arguments":{"style":"bottts","seed":"alice"}}}'

{
  "url": "https://api.dicebear.com/7.x/bottts/svg?seed=alice",
  "style": "bottts",
  "seed": "alice"
}

Popular styles

adventurer, avataaars, bottts, fun-emoji, icons, identicon, initials, lorelei, micah, miniavs, notionists, open-peeps, personas, pixel-art, rings, shapes, thumbs

MCP config

{
  "mcpServers": {
    "pipeworx-dicebear": {
      "command": "npx",
      "args": ["-y", "mcp-remote@latest", "https://gateway.pipeworx.io/dicebear/mcp"]
    }
  }
}

Comments

Loading comments...