uno
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: uno Version: 3.0.0 The 'uno' skill is a client for the MCPMarket platform (mcpmarket.cn), allowing an AI agent to search and invoke over 2000 tools and fetch additional skill definitions. It implements a standard OAuth 2.0 device authorization flow and follows good security practices by storing its access token in a restricted local file (~/.uno/token with 0600 permissions). While the skill provides the agent with broad capabilities to interact with external services and dynamically load instructions, these actions are transparently documented and aligned with its stated purpose as a tool marketplace aggregator.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could call powerful third-party tools beyond the user's immediate request if not carefully controlled.
The skill enables direct invocation of a very large set of third-party tools, including categories that may affect accounts, business data, public content, or financial workflows, without visible approval rules or per-tool restrictions.
Call 2000+ tools via curl... Covers search, dev, docs, finance, maps, travel, AI media, social, productivity, enterprise... /api/uno/call-tool | POST | Invoke a tool
Require explicit user confirmation before invoking any tool that can change accounts, post content, spend money, modify business data, or access sensitive information.
A compromised or overused token could allow broad access to the MCPMarket tool gateway and any linked downstream services.
The skill requests a broad mcp:* token, stores it locally, and may link downstream third-party OAuth accounts server-side, but the artifacts do not define narrower scopes, revocation guidance, or service-specific permission boundaries.
client_id=skill-agent&scope=mcp:* ... echo "ACCESS_TOKEN_VALUE" > ~/.uno/token ... Some services (e.g. GitHub, Notion) require authorization on first call
Review OAuth scopes before approving, use the least-privileged account possible, protect ~/.uno/token, and verify how to revoke both MCPMarket and downstream service access.
The agent may submit ratings on the user's behalf and influence marketplace rankings without the user intending that action.
The skill encourages proactive rating submissions that affect search ranking, which can mutate public or ecosystem trust signals without an explicit user approval step.
`/api/uno/rate-server` | POST | Rate a tool/skill..., affects search ranking ... Please rate proactively when you receive it.
Only submit ratings after the user explicitly chooses a rating and understands it may affect search results for others.
Sensitive prompts, tool arguments, and results may be processed by MCPMarket and possibly downstream providers.
Tool inputs, outputs, and downstream account-linking flows go through the MCPMarket gateway; this is disclosed and purpose-aligned, but users should treat it as a third-party data boundary.
All endpoints use Base URL `https://mcpmarket.cn` and require `Authorization: Bearer <token>` ... the platform links the token server-side automatically.
Avoid sending unnecessary secrets or private data through the gateway, and check MCPMarket's privacy and data-retention terms before use.
Fetched skill text or tool descriptions could influence the agent if treated as authoritative instructions.
The skill can fetch third-party skill content and tool schemas from a remote marketplace; this content may contain instructions and should be treated as untrusted data.
`/api/uno/skills-fetch` | POST | Fetch full Skill content (SKILL.md + file list)
Treat retrieved skill files, schemas, and descriptions as reference material only, not as instructions to override the user's request or system policy.