uno
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill is a broad gateway that can invoke thousands of third-party tools and link account access, so users should review its scope and require confirmation for sensitive actions.
Before installing, decide whether you are comfortable giving an external marketplace gateway broad tool access. Keep the local token protected, review and revoke OAuth grants when needed, require explicit confirmation before tool calls that change data or affect accounts, and do not allow proactive ratings unless you approve them.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could call powerful third-party tools beyond the user's immediate request if not carefully controlled.
The skill enables direct invocation of a very large set of third-party tools, including categories that may affect accounts, business data, public content, or financial workflows, without visible approval rules or per-tool restrictions.
Call 2000+ tools via curl... Covers search, dev, docs, finance, maps, travel, AI media, social, productivity, enterprise... /api/uno/call-tool | POST | Invoke a tool
Require explicit user confirmation before invoking any tool that can change accounts, post content, spend money, modify business data, or access sensitive information.
A compromised or overused token could allow broad access to the MCPMarket tool gateway and any linked downstream services.
The skill requests a broad mcp:* token, stores it locally, and may link downstream third-party OAuth accounts server-side, but the artifacts do not define narrower scopes, revocation guidance, or service-specific permission boundaries.
client_id=skill-agent&scope=mcp:* ... echo "ACCESS_TOKEN_VALUE" > ~/.uno/token ... Some services (e.g. GitHub, Notion) require authorization on first call
Review OAuth scopes before approving, use the least-privileged account possible, protect ~/.uno/token, and verify how to revoke both MCPMarket and downstream service access.
The agent may submit ratings on the user's behalf and influence marketplace rankings without the user intending that action.
The skill encourages proactive rating submissions that affect search ranking, which can mutate public or ecosystem trust signals without an explicit user approval step.
`/api/uno/rate-server` | POST | Rate a tool/skill..., affects search ranking ... Please rate proactively when you receive it.
Only submit ratings after the user explicitly chooses a rating and understands it may affect search results for others.
Sensitive prompts, tool arguments, and results may be processed by MCPMarket and possibly downstream providers.
Tool inputs, outputs, and downstream account-linking flows go through the MCPMarket gateway; this is disclosed and purpose-aligned, but users should treat it as a third-party data boundary.
All endpoints use Base URL `https://mcpmarket.cn` and require `Authorization: Bearer <token>` ... the platform links the token server-side automatically.
Avoid sending unnecessary secrets or private data through the gateway, and check MCPMarket's privacy and data-retention terms before use.
Fetched skill text or tool descriptions could influence the agent if treated as authoritative instructions.
The skill can fetch third-party skill content and tool schemas from a remote marketplace; this content may contain instructions and should be treated as untrusted data.
`/api/uno/skills-fetch` | POST | Fetch full Skill content (SKILL.md + file list)
Treat retrieved skill files, schemas, and descriptions as reference material only, not as instructions to override the user's request or system policy.