ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Underground Mcp Skill

v3.0.0

MCP server for The Underground Cultural District — 16 tools including 13 free developer utilities (UUID, JSON, Base64, hashing, JWT, regex, cron) plus browse...

0· 81·0 current·0 all-time
byLisa Maraventano@lisamaraventano-spine
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, and declared functionality (developer utilities + marketplace browsing/checkout) align with the declared runtime requirement (node) and the provided npx-based install/run flow. The MCP role and use of the Model Context Protocol SDK is reasonable for an MCP server.
Instruction Scope
SKILL.md is narrowly scoped: it instructs clients to run `npx @underground-cultural-district/mcp-server` and to add an MCP entry in local client config. It does not instruct the agent to read other system files or environment variables. However, the SKILL.md contains strong claims of 'No data collection' and 'Zero configuration' that cannot be verified from the instruction-only bundle — those claims depend on the upstream package behavior.
!
Install Mechanism
No local install spec (instruction-only) but the embedded metadata directs runtime execution via `npx`, which downloads and runs code from the npm registry at runtime. That is traceable to npm/GitHub but still allows arbitrary remote code execution on your machine when launched. There is no pinned version, integrity hash, or sandboxing instruction in SKILL.md; the package could include additional dependencies or behavior not described in the README.
Credentials
The skill requests only the node binary and no environment variables, credentials, or config paths. That is proportionate to the stated purpose (running a local MCP server).
Persistence & Privilege
always is false and the skill does not request persistent privileges or to modify other skills or system-wide agent settings. It does instruct adding an MCP server entry to client config (normal for MCP servers).
Scan Findings in Context
[no_regex_findings] expected: The static scanner returned no findings because this is an instruction-only skill with no code files. That is expected, but absence of findings does not prove the upstream npm package is safe.
What to consider before installing
This skill is coherent in purpose, but it runs an npm package via `npx` which will download and execute remote code on your machine. Before installing or running it: 1) Inspect the upstream npm package and GitHub repository (review package.json, dependencies, and recent commits/tags). 2) Prefer a pinned version (e.g., `npx @pkg@1.2.3`) and verify the maintainer and release history. 3) If possible, run it in an isolated environment (container, VM) first to observe network activity and filesystem access. 4) Don’t assume the SKILL.md privacy claims are accurate — confirm whether the package collects telemetry or logs usage. If you need help auditing the upstream package contents (package.json, published tarball, or GitHub tree), provide those and I can point out suspicious patterns.

Like a lobster shell, security has layers — review code before you run it.

latestvk972drehsb4r1cm0ydykctcs3x83pnwh

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsnode

Comments