ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Pipeworx lorem

v1.0.0

Lorem MCP — wraps loripsum.net (free, no auth)

0· 68·0 current·0 all-time
byBruce Gutman@b-gutman

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for b-gutman/pipeworx-lorem.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Pipeworx lorem" (b-gutman/pipeworx-lorem) from ClawHub.
Skill page: https://clawhub.ai/b-gutman/pipeworx-lorem
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install pipeworx-lorem

ClawHub CLI

Package manager switcher

npx clawhub@latest install pipeworx-lorem
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill description says it simply wraps loripsum.net (no auth), but the SKILL.md expects to run an npm package (mcp-remote@latest) and connect to https://gateway.pipeworx.io/lorem/mcp. A simple lorem generator could directly call loripsum.net; requiring remote code execution and a gateway is not justified by the stated purpose. Also the registry metadata lists no required binaries yet the connect config assumes 'npx' is available.
!
Instruction Scope
Runtime instructions instruct the agent to run npx to fetch and execute mcp-remote and to connect to an external MCP gateway. This routes agent traffic and possibly conversation/context to a third-party service; SKILL.md does not describe what data is sent. The instructions do not reference local files or env vars, but they do grant broad discretion to run remote code and transmit data to gateway.pipeworx.io.
!
Install Mechanism
There is no install spec in the package, but the provided connect snippet uses npx to execute mcp-remote@latest at runtime. That performs an on-demand download-and-execute of code from the npm registry (latest, unpinned), which can run arbitrary code and is higher risk than a purely instruction-only skill or a pinned dependency.
Credentials
The skill declares no required environment variables or credentials, which is consistent with a public lorem service. However, because it forwards requests to an external gateway, it may transmit agent context or user-provided prompts to a third party — a potential data-leak risk even without declared secrets.
Persistence & Privilege
The skill is not always-enabled and does not request persistent system-level privileges or configuration changes. Autonomous invocation is allowed (platform default) but not combined with other high privileges here.
What to consider before installing
This skill is plausible for generating lorem text, but it asks your agent to npx-execute mcp-remote@latest and connect to https://gateway.pipeworx.io/lorem/mcp — meaning remote code will run and your prompts/contexts may be sent to a third party. Before installing: ensure you trust pipeworx/gateway.pipeworx.io; verify that running npx on 'latest' is acceptable (unpinned versions can change behavior); avoid using the skill with sensitive data; confirm your environment has 'npx' if you want it to work; for lower risk, prefer a skill that calls loripsum.net directly or uses a pinned, audited package and documents exactly what data is sent.

Like a lobster shell, security has layers — review code before you run it.

latestvk972tqcxhscx46rb8g70dhy38x84scra
68downloads
0stars
1versions
Updated 2w ago
v1.0.0
MIT-0
Bruce Gutman@b-gutman
latest
Download

pipeworx-lorem

Lorem MCP — wraps loripsum.net (free, no auth). Free, no API key. Part of Pipeworx.

Tools

  • generate_paragraphs
  • generate_with_options

Connect

{
  "mcpServers": {
    "pipeworx-lorem": {
      "command": "npx",
      "args": ["-y", "mcp-remote@latest", "https://gateway.pipeworx.io/lorem/mcp"]
    }
  }
}

More at pipeworx.io/packs/lorem

Comments

Loading comments...