← 返回 Skills 市场

Pipeworx jokes

Name: Pipeworx jokes
Author: brucegutman

作者 Bruce Gutman · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

总下载

当前安装

版本数

在 OpenClaw 中安装

/install pipeworx-jokes

功能描述

Jokes MCP — wraps JokeAPI v2 (free, no auth)

安全使用建议

This skill appears to do what it claims (call a free JokeAPI) but relies on running a remote npm package at runtime. Before installing, ensure you trust the Pipeworx gateway and the mcp-remote package: prefer a pinned package version instead of '@latest', verify the package source and code, confirm you have (and are willing to use) the 'npx' runtime, and be aware that npx will download and execute code from the network (and may cache files). If you cannot audit or trust the remote package or gateway, do not enable the skill.

功能分析

Type: OpenClaw Skill Name: pipeworx-jokes Version: 1.0.0 The skill is a standard MCP wrapper for JokeAPI v2, providing tools to fetch and search for jokes. It connects to a remote MCP gateway hosted at gateway.pipeworx.io using the mcp-remote utility. No malicious code, data exfiltration patterns, or prompt injection attempts were found in SKILL.md or _meta.json.

能力评估

ℹ Purpose & Capability

The skill claims to wrap a public, no-auth JokeAPI which requires no credentials. However the runtime instructions require running 'npx ... mcp-remote@latest' to connect to https://gateway.pipeworx.io/jokes/mcp. That runtime dependency (npx and fetching a remote package) is not listed in the skill's declared requirements, which is a mismatch.

⚠ Instruction Scope

SKILL.md provides only a connect block that tells the agent to run 'npx -y mcp-remote@latest https://gateway.pipeworx.io/jokes/mcp'. This means the agent will download and execute remote code and open network connections to the Pipeworx gateway. While network access to a joke API is expected, executing an unpinned 'latest' package gives the remote package wide discretion and increases risk.

⚠ Install Mechanism

There is no install spec, but the instructions rely on npx to fetch and run mcp-remote@latest from npm at runtime. Runtime npx invocation is effectively a remote code download-and-execute (supply-chain risk). The package is unpinned ('latest'), and there is no integrity verification or trusted release host assurance beyond npm.

✓ Credentials

The skill requests no environment variables, credentials, or config paths — appropriate for a public joke API that needs no auth.

ℹ Persistence & Privilege

The skill is not always-enabled and has no declared persistence. However, running npx can write packages to the npm cache and execute code autonomously when invoked by the agent; this runtime side-effect isn't documented in the skill metadata.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install pipeworx-jokes
安装完成后，直接呼叫该 Skill 的名称或使用 /pipeworx-jokes 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release

元数据

Slug pipeworx-jokes

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题

Pipeworx jokes 是什么？

Jokes MCP — wraps JokeAPI v2 (free, no auth). 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 68 次。

如何安装 Pipeworx jokes？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install pipeworx-jokes」即可一键安装，无需额外配置。

Pipeworx jokes 是免费的吗？

是的，Pipeworx jokes 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Pipeworx jokes 支持哪些平台？

Pipeworx jokes 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Pipeworx jokes？

由 Bruce Gutman（@brucegutman）开发并维护，当前版本 v1.0.0。