ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Pipeworx sec

v1.0.0

Query the SEC EDGAR database to find companies, retrieve recent filings by form type, and access key financial metrics from XBRL data.

0· 63·0 current·0 all-time
byBruce Gutman@brucegutman

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for brucegutman/pipeworx-sec.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Pipeworx sec" (brucegutman/pipeworx-sec) from ClawHub.
Skill page: https://clawhub.ai/brucegutman/pipeworx-sec
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install pipeworx-sec

ClawHub CLI

Package manager switcher

npx clawhub@latest install pipeworx-sec
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The declared capabilities (search companies, get filings, read XBRL facts) match the stated purpose and are reasonable for SEC data (which is public). However the SKILL.md does not say the skill will proxy requests through a third‑party service, so the external gateway is unexpected relative to the description.
!
Instruction Scope
The instructions explicitly show JSON-RPC calls to https://gateway.pipeworx.io/sec/mcp and include an mcpServers mapping. That directs the agent to send queries (and any supplied arguments) to a third‑party endpoint instead of directly to sec.gov. The doc does not describe what the gateway does, what it logs, or whether additional context will be forwarded — that creates a potential data‑exfiltration/privacy risk.
Install Mechanism
Instruction-only skill with no install spec and no code files. Nothing is written to disk or installed, which reduces risk.
Credentials
The skill requests no credentials, env vars, or config paths; that is proportionate for public SEC data. That said, absence of required credentials also means the gateway may accept unauthenticated traffic — the SKILL.md offers no transparency about who runs the gateway or how data is used.
Persistence & Privilege
always is false and the skill does not request elevated or persistent presence. Autonomous invocation is allowed by default but not combined with other privilege escalation indicators.
What to consider before installing
Before installing, confirm who operates https://gateway.pipeworx.io and whether requests and arguments you send (including any contextual prompt data) are logged, stored, or shared. If you only need public EDGAR data, prefer a skill that calls the SEC/EDGAR endpoints directly or that documents the proxy's privacy/security practices. Ask the publisher for an audit/trust statement or source code; avoid sending sensitive context or internal identifiers through this skill until you can verify the gateway's operator and retention policy.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bd89e03p4nx3qxxdv56h9bd84vh8f
63downloads
0stars
1versions
Updated 1w ago
v1.0.0
MIT-0
Bruce Gutman@brucegutman
latest
Download

SEC EDGAR

Query the SEC's EDGAR database for public company filings and financial data. Search companies, pull recent 10-K/10-Q/8-K filings, and access structured XBRL financial facts.

Capabilities

search_companies -- Find companies by name or ticker. Returns CIK numbers needed for other tools.

get_company_filings -- Recent filings for a company by CIK. Optionally filter by form type (10-K, 10-Q, 8-K, DEF 14A, etc.). Each filing includes the accession number, date, and a direct link to the primary document.

get_company_facts -- XBRL financial data for a company. Returns curated key metrics: revenue, net income, total assets, liabilities, stockholders equity, cash, EPS, shares outstanding, operating income, gross profit, and R&D expense -- each with the most recent annual value.

Example: look up Apple's recent 10-K filings

curl -X POST https://gateway.pipeworx.io/sec/mcp \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","id":1,"method":"tools/call","params":{"name":"get_company_filings","arguments":{"cik":"320193","form_type":"10-K"}}}'

Common CIK numbers

  • Apple: 320193
  • Tesla: 1318605
  • Microsoft: 789019
  • Amazon: 1018724
{
  "mcpServers": {
    "sec": {
      "url": "https://gateway.pipeworx.io/sec/mcp"
    }
  }
}

Comments

Loading comments...