← 返回 Skills 市场
brucegutman

Pipeworx iplookup

作者 Bruce Gutman · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
67
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install pipeworx-iplookup
功能描述
IP Lookup MCP — ip-api.com (free, no auth for basic usage)
安全使用建议
This skill's metadata promises simple ip-api.com lookups, but its runtime instructions tell the agent to run 'npx -y mcp-remote@latest' to connect to a Pipeworx gateway—meaning it will download and execute code from npm and send queries to an external server. Before installing, verify the following: (1) Ask the publisher for source code or an explicit install spec so you can inspect what mcp-remote does and what data it transmits. (2) Confirm you are comfortable with running an npm 'latest' package at runtime (consider pinning to a specific vetted version). (3) If you only need raw ip-api.com lookups, prefer a skill that calls ip-api.com directly (no remote code execution). (4) If you proceed, run it in a sandboxed environment and review network traffic to confirm only intended IP queries are sent and no extra data is exfiltrated.
功能分析
Type: OpenClaw Skill Name: pipeworx-iplookup Version: 1.0.0 The skill bundle provides a standard configuration for an IP lookup service using the Model Context Protocol (MCP). It utilizes the 'mcp-remote' package to connect to a remote gateway at gateway.pipeworx.io, which is consistent with its stated purpose of providing geolocation tools. No malicious code, obfuscation, or harmful prompt injection instructions were found in SKILL.md or _meta.json.
能力评估
Purpose & Capability
The description says 'IP Lookup — ip-api.com (free, no auth)', which implies simple HTTP lookups. However the SKILL.md's Connect block instructs running 'npx -y mcp-remote@latest https://gateway.pipeworx.io/iplookup/mcp' to contact a Pipeworx gateway. The declared requirements list no binaries or credentials, but the runtime instructions require npx/node. Requiring an npm-executed remote component is disproportionate to a plain IP geolocation lookup and is not explained in the metadata.
Instruction Scope
The instructions tell the agent to fetch and execute a remote npm package (mcp-remote@latest) which will connect to https://gateway.pipeworx.io/iplookup/mcp. That implies user data (IP addresses and possibly surrounding context) would be sent to an external gateway rather than directly to ip-api.com. The SKILL.md gives no details about what the remote package does, what data it sends, or privacy/retention, so scope and data flows are unclear and broader than advertised.
Install Mechanism
There is no declared install spec, but the Connect snippet relies on npx to fetch and run the latest mcp-remote package from npm at runtime. Fetching and executing 'latest' from the public npm registry is a moderate-to-high risk pattern (the package content can change, and arbitrary code will run). The gateway URL is a third-party endpoint (gateway.pipeworx.io) rather than a well-known release host for binaries; this elevates risk because arbitrary remote code and network traffic are introduced at runtime.
Credentials
The skill requests no environment variables or credentials, which is proportionate for a lookup service. However, it fails to declare required runtime tooling (npx/node) despite requiring npx in its connection command—this omission is a practical mismatch rather than a credentials risk.
Persistence & Privilege
The skill is not always-enabled and does not request elevated or persistent platform privileges. Autonomous invocation is allowed (the platform default) but by itself is not a new red flag. The main concern is the combination of autonomous invocation with runtime execution of third-party npm code and external network connections.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install pipeworx-iplookup
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /pipeworx-iplookup 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release
元数据
Slug pipeworx-iplookup
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Pipeworx iplookup 是什么?

IP Lookup MCP — ip-api.com (free, no auth for basic usage). 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 67 次。

如何安装 Pipeworx iplookup?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install pipeworx-iplookup」即可一键安装,无需额外配置。

Pipeworx iplookup 是免费的吗?

是的,Pipeworx iplookup 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Pipeworx iplookup 支持哪些平台?

Pipeworx iplookup 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Pipeworx iplookup?

由 Bruce Gutman(@brucegutman)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 留言讨论