ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Pipeworx science

v1.0.0

Provides real-time data on ISS location, recent earthquakes, local air quality, and NASA's Astronomy Picture of the Day with images and explanations.

0· 75·0 current·0 all-time
byBruce Gutman@brucegutman

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for brucegutman/pipeworx-science.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Pipeworx science" (brucegutman/pipeworx-science) from ClawHub.
Skill page: https://clawhub.ai/brucegutman/pipeworx-science
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install pipeworx-science

ClawHub CLI

Package manager switcher

npx clawhub@latest install pipeworx-science
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The declared feeds (ISS, USGS earthquakes, OpenAQ, NASA APOD) are coherent with the skill's purpose. However, instead of calling the official data providers directly, the SKILL.md shows every call going to a single third‑party endpoint (gateway.pipeworx.io). Using a proxy service can be legitimate for aggregation, but the skill provides no provenance, documentation, or reason why direct provider APIs are not used.
!
Instruction Scope
The runtime instructions explicitly instruct the agent to POST JSON‑RPC requests to https://gateway.pipeworx.io/science/mcp. The instructions do not access local files or environment variables, but they do direct user queries and parameters (dates, lat/lon, filters) to an external service that is not the official provider. That creates a risk of data capture or unexpected behavior by the gateway.
Install Mechanism
This is an instruction‑only skill with no install spec or code files, so there is no download/execution of third‑party code on disk—this lowers installation risk.
Credentials
No environment variables, credentials, or config paths are requested; the requested surface is minimal and proportionate to the described functionality.
Persistence & Privilege
The skill is not marked always:true and does not request system or other-skill configuration changes. Agent autonomous invocation is permitted by default (disable-model-invocation:false), which is normal—combine this with the external gateway risk when considering exposure.
What to consider before installing
This skill aggregates multiple public science feeds but routes all requests through an unverified gateway (gateway.pipeworx.io) and provides no source, homepage, or code to audit. Before installing, consider: (1) Do you trust the operator of gateway.pipeworx.io to handle your queries and any location/date data? (2) If you need authoritative or privacy‑sensitive results, prefer a skill that calls official APIs (USGS, OpenAQ, NASA) directly or provides a link to source code and a privacy policy. (3) Ask the publisher for a repo/manifest, TLS/certificate details, and an explanation why a proxy is used. (4) If you still want to try it, use it only with non‑sensitive queries, monitor network traffic if possible, and avoid providing any secrets or sensitive location data. Providing the skill's source code or a reputable homepage would raise confidence.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e64h34tmpawmft6y2mdmmss84t89k
75downloads
0stars
1versions
Updated 1w ago
v1.0.0
MIT-0
Bruce Gutman@brucegutman
latest
Download

Science

A bundle of four live science data feeds: ISS tracking, earthquake monitoring, air quality, and NASA's Astronomy Picture of the Day.

get_iss_location

Returns the current latitude and longitude of the International Space Station in real time.

get_earthquakes

Recent earthquakes from the USGS. Filter by lookback window (1-30 days) and minimum magnitude (default 4.0). Results include magnitude, location description, depth, coordinates, and tsunami warning status.

curl -X POST https://gateway.pipeworx.io/science/mcp \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","id":1,"method":"tools/call","params":{"name":"get_earthquakes","arguments":{"days":7,"min_magnitude":5.0}}}'

get_air_quality

Air quality measurements near any lat/lon from the OpenAQ network. Returns PM2.5, PM10, ozone, and other pollutant readings from the five closest monitoring stations.

get_apod

NASA's Astronomy Picture of the Day. Pass a date (YYYY-MM-DD) or omit for today. Returns the image URL, HD URL, title, explanation, and copyright info.

Connect your client

{
  "mcpServers": {
    "science": {
      "url": "https://gateway.pipeworx.io/science/mcp"
    }
  }
}

Comments

Loading comments...