ClawHub

Pipeworx treasury

v1.0.0

US fiscal data — national debt, Treasury interest rates, and federal spending breakdowns from the Treasury Fiscal Data API

0· 58·0 current·0 all-time
byBruce Gutman@brucegutman
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match the functionality shown: the skill fetches national debt, Treasury rates, and federal spending. Required binary (curl) is reasonable for making HTTP calls. The only discrepancy is the skill's text references the 'Treasury Fiscal Data API' but the examples and setup call a Pipeworx gateway (pipeworx.io) rather than calling the government API directly; this is plausibly a proxy service but users should be aware it's not a direct gov endpoint.
Instruction Scope
The SKILL.md confines itself to issuing JSON-RPC calls to https://gateway.pipeworx.io/treasury/mcp and shows curl examples; it does not instruct reading local files or environment variables. Important privacy note: any data you send in these calls (including prompts or contextual info) will be transmitted to the remote Pipeworx gateway, so the gateway operator can observe it.
Install Mechanism
There is no registry install spec (instruction-only), which is low risk. However the setup snippet recommends running an npx command (npx -y mcp-remote@latest ...) which will download and execute code from npm when run. That is not performed by the registry itself but is an action an operator may take; downloading/executing third-party npm packages carries moderate risk and should be reviewed before use.
Credentials
The skill declares no required environment variables, credentials, or config paths. That is proportionate to its stated purpose of fetching public fiscal data.
Persistence & Privilege
always is false and the skill is user-invocable (normal). The SKILL.md suggests adding an mcpServers entry so the agent can call the remote MCP endpoint; that will allow the agent (and potentially autonomous invocations) to forward prompts and arguments to the external service. This is expected for a remote-backed skill but increases the blast radius for data exposure.
Assessment
This skill appears to do what it says: query US Treasury fiscal data. Before installing or using it, verify you trust the Pipeworx gateway (https://gateway.pipeworx.io and https://pipeworx.io) because the skill routes queries there rather than directly to Treasury.gov. Do not send sensitive or private data through the skill: any prompts, contextual data, or files you include in requests will be visible to the remote service. If you plan to run the suggested setup, review the mcp-remote npm package (its source, maintainers, and recent versions) before executing the npx command. If you need an auditable/direct source, consider calling the official Treasury Fiscal Data API endpoints yourself instead of using the proxy.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ejx80rg4d17kjfttm2taynd84avdk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🇺🇸 Clawdis
Binscurl

Comments