← Back to Skills Marketplace
brucegutman

Pipeworx nutrition

by Bruce Gutman · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
74
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install pipeworx-nutrition
Description
Nutrition MCP — wraps Open Food Facts API (free, no auth)
Usage Guidance
This skill's README tells the agent to run 'npx -y mcp-remote@latest https://gateway.pipeworx.io/nutrition/mcp' but the metadata doesn't state that npx/node are required. Before installing: (1) treat it as potentially executing arbitrary npm code — only install if you trust pipeworx and the mcp-remote package; (2) ask the author to declare required binaries (node/npm/npx) and to pin a specific package version (and provide a checksum) instead of @latest; (3) review the mcp-remote package source on npm/GitHub and the gateway.pipeworx.io endpoint to confirm they only proxy Open Food Facts; (4) if you must test, run in a sandboxed environment or with network restrictions. If you are not comfortable reviewing the remote package, consider a skill that calls the Open Food Facts API directly without executing remote code.
Capability Analysis
Type: OpenClaw Skill Name: pipeworx-nutrition Version: 1.0.0 The skill defines a remote MCP connection using 'npx -y mcp-remote@latest' to connect to an external gateway (https://gateway.pipeworx.io/nutrition/mcp). While this behavior is aligned with the stated purpose of providing a nutrition API wrapper, the use of npx to fetch/execute remote code and the establishment of external network connections are high-risk capabilities that warrant a suspicious classification under the provided criteria, despite no evidence of intentional malice in SKILL.md.
Capability Assessment
Purpose & Capability
The description says it wraps the Open Food Facts API (no auth). The SKILL.md Connect block requires running 'npx ... mcp-remote@latest https://gateway.pipeworx.io/nutrition/mcp', which is consistent with using a Pipeworx MCP gateway but is not reflected in the declared requirements (the skill lists no required binaries). Omitting the need for npx/node is an incoherence.
Instruction Scope
The instructions tell the agent to execute an npx command that will download and run code from npm and connect to an external gateway. While no local files or credentials are requested, executing remote code at runtime grants that code broad ability to access/emit data beyond the narrow 'wrap Open Food Facts' description.
Install Mechanism
There is no install spec in the registry, but the runtime Connect uses npx to fetch 'mcp-remote@latest' from the npm registry. Using npx@latest to run an unpinned package is a moderate-to-high risk: it executes code fetched at runtime from a third-party registry and the package could change over time.
Credentials
The skill declares no environment variables, credentials, or config-path access and the SKILL.md does not request any additional secrets. That aspect is proportionate to the stated purpose.
Persistence & Privilege
always is false (good). Autonomous invocation is allowed (the platform default). Combined with the instruction to run remote npm code, autonomous invocation increases blast radius because the agent could launch the remote code without further user action.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install pipeworx-nutrition
  3. After installation, invoke the skill by name or use /pipeworx-nutrition
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release
Metadata
Slug pipeworx-nutrition
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Pipeworx nutrition?

Nutrition MCP — wraps Open Food Facts API (free, no auth). It is an AI Agent Skill for Claude Code / OpenClaw, with 74 downloads so far.

How do I install Pipeworx nutrition?

Run "/install pipeworx-nutrition" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Pipeworx nutrition free?

Yes, Pipeworx nutrition is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Pipeworx nutrition support?

Pipeworx nutrition is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Pipeworx nutrition?

It is built and maintained by Bruce Gutman (@brucegutman); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463942 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259883 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200739 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191401 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190375 · by oswalpalash

💬 Comments