← Back to Skills Marketplace
Pipeworx jokes
by
Bruce Gutman
· GitHub ↗
· v1.0.0
· MIT-0
68
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install pipeworx-jokes
Description
Jokes MCP — wraps JokeAPI v2 (free, no auth)
Usage Guidance
This skill appears to do what it claims (call a free JokeAPI) but relies on running a remote npm package at runtime. Before installing, ensure you trust the Pipeworx gateway and the mcp-remote package: prefer a pinned package version instead of '@latest', verify the package source and code, confirm you have (and are willing to use) the 'npx' runtime, and be aware that npx will download and execute code from the network (and may cache files). If you cannot audit or trust the remote package or gateway, do not enable the skill.
Capability Analysis
Type: OpenClaw Skill
Name: pipeworx-jokes
Version: 1.0.0
The skill is a standard MCP wrapper for JokeAPI v2, providing tools to fetch and search for jokes. It connects to a remote MCP gateway hosted at gateway.pipeworx.io using the mcp-remote utility. No malicious code, data exfiltration patterns, or prompt injection attempts were found in SKILL.md or _meta.json.
Capability Assessment
Purpose & Capability
The skill claims to wrap a public, no-auth JokeAPI which requires no credentials. However the runtime instructions require running 'npx ... mcp-remote@latest' to connect to https://gateway.pipeworx.io/jokes/mcp. That runtime dependency (npx and fetching a remote package) is not listed in the skill's declared requirements, which is a mismatch.
Instruction Scope
SKILL.md provides only a connect block that tells the agent to run 'npx -y mcp-remote@latest https://gateway.pipeworx.io/jokes/mcp'. This means the agent will download and execute remote code and open network connections to the Pipeworx gateway. While network access to a joke API is expected, executing an unpinned 'latest' package gives the remote package wide discretion and increases risk.
Install Mechanism
There is no install spec, but the instructions rely on npx to fetch and run mcp-remote@latest from npm at runtime. Runtime npx invocation is effectively a remote code download-and-execute (supply-chain risk). The package is unpinned ('latest'), and there is no integrity verification or trusted release host assurance beyond npm.
Credentials
The skill requests no environment variables, credentials, or config paths — appropriate for a public joke API that needs no auth.
Persistence & Privilege
The skill is not always-enabled and has no declared persistence. However, running npx can write packages to the npm cache and execute code autonomously when invoked by the agent; this runtime side-effect isn't documented in the skill metadata.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install pipeworx-jokes - After installation, invoke the skill by name or use
/pipeworx-jokes - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release
Metadata
Frequently Asked Questions
What is Pipeworx jokes?
Jokes MCP — wraps JokeAPI v2 (free, no auth). It is an AI Agent Skill for Claude Code / OpenClaw, with 68 downloads so far.
How do I install Pipeworx jokes?
Run "/install pipeworx-jokes" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Pipeworx jokes free?
Yes, Pipeworx jokes is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Pipeworx jokes support?
Pipeworx jokes is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Pipeworx jokes?
It is built and maintained by Bruce Gutman (@brucegutman); the current version is v1.0.0.
More Skills