ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Uplo Accounting

v1.0.0

AI-powered accounting knowledge management. Search bookkeeping records, tax preparation documents, audit support files, and financial statement workpapers wi...

0· 127·0 current·0 all-time
by@roojenkins
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
Functionality (searching accounting docs, GraphRAG, exporting org context) is coherent with the name/description and the skill.json's declared MCP integration. However the registry metadata presented earlier claimed no required credentials or config, while skill.json requires an agentdocs_url and an API_KEY — that discrepancy is unexplained and reduces trust.
Instruction Scope
SKILL.md restricts actions to MCP calls (mcporter call uplo-accounting.<tool>) and polite rules (cite sources, respect classification). Those calls are within the skill's stated purpose. Two practical concerns: (1) SKILL.md expects a 'mcporter' CLI available, but required-binaries was declared as none; (2) SKILL.md includes logging (log_conversation) and export_org_context which will transmit org data to the configured UPLO endpoint — expected for this skill but sensitive, so verify policies and data minimization.
Install Mechanism
Registry contains no install spec (instruction-only), which is lower technical risk. README suggests using 'clawhub install' or running an MCP server via 'npx @agentdocs1/mcp-server' — that would download/run code from npm at install/runtime. Because the skill itself doesn't enforce that, users may inadvertently execute external packages; verify the npm package owner/contents before running.
!
Credentials
skill.json legitimately requires config.agentdocs_url and config.api_key (secret) to access a UPLO instance. Those credentials are proportionate to the claimed purpose. The concern is that the registry metadata you were shown reported no required env/config; this mismatch could lead to accidental omission of credentials or misuse. Also ensure the API key has least privilege (read-only for search, not broad admin) because the skill can export org context and log conversations.
Persistence & Privilege
The skill does not request always:true and does not modify other skills. It is instruction-only with no packaged code run by default, so it does not demand elevated platform presence.
What to consider before installing
This skill appears to be a legitimate accounting knowledge connector, but there are red flags you should address before installing or providing credentials: - Confirm source and authenticity: the package lists no homepage and the registry owner is opaque; verify this extension actually comes from your vendor or a trusted UPLO provider. - Resolve the metadata mismatch: skill.json requires agentdocs_url and api_key, but the registry display claimed no required credentials — do not ignore the credential requirement. - Restrict the API key: if you provide an API_KEY, ensure it is scoped minimally (read/search only) and revocable. Avoid using org-wide admin keys. - Verify tooling: SKILL.md expects the 'mcporter' CLI and README suggests using 'npx @agentdocs1/mcp-server' (downloads from npm). Only run those tools after vetting the npm package owner and reviewing package contents. - Be cautious with exported data and logging: the skill can export_org_context and log_conversation; verify what conversation metadata is sent and whether that complies with internal data-handling and classification rules. - Testing: first connect to a non-production UPLO instance (or a limited test tenant) to validate behavior and see exactly what data is transmitted. If you cannot confirm the vendor or validate the npm package and API key scope, treat this skill as untrusted and avoid supplying production credentials or sensitive data.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bv8dfqjpxfsmwds03q6xs9x835hbc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments