ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Uplo Compliance

v1.0.0

AI-powered compliance intelligence spanning legal, financial, and government regulatory requirements. Unified search across compliance obligations, audit fin...

0· 119·0 current·0 all-time
by@roojenkins
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name, description, README, SKILL.md, and identity-patch are consistent: this is a connector/knowledge-search skill for an UPLO/AgentDocs compliance instance. The declared MCP capabilities (search_with_context, get_directives, export_org_context, etc.) match the stated compliance use cases.
Instruction Scope
SKILL.md instructs the agent to call internal MCP tools (get_identity_context, get_directives, search_with_context, export_org_context, propose_update, etc.). Those calls relate directly to compliance tasks and do not direct the agent to read arbitrary host files or unrelated credentials. However, the workflow expects access to organizational knowledge (export_org_context) and to respect classification tiers — so the skill will surface potentially sensitive internal data to the configured UPLO instance.
Install Mechanism
There is no formal install spec in the registry manifest (instruction-only), but skill.json / README instruct running an npm package via npx (@agentdocs1/mcp-server). That implies runtime downloading and executing code from the npm registry (moderate risk). The package source is specified (npm package name), not an arbitrary URL or IP, which is safer than a raw download but still a runtime code fetch worth auditing.
!
Credentials
Top-level registry metadata lists no required env vars/credentials, but skill.json config requires agentdocs_url and api_key (secret). README also references AGENTDOCS_URL and API_KEY and DEFAULT_PACKS. Requesting an API key and endpoint is proportionate to the skill's purpose (it must talk to a UPLO/AgentDocs instance), but the manifest-metadata omission is an important inconsistency: the skill will need secrets despite the registry claiming none. This mismatch could mislead installers.
Persistence & Privilege
always is false and model invocation is permitted (normal). The skill does not claim to modify other skills or system-wide config. The main persistence/privilege consideration is that running the MCP server via npx will create a runtime process that communicates with the configured endpoint — no automatic 'always' or elevated system privileges are requested in the manifest.
What to consider before installing
Key things to check before installing: - The registry metadata omitted required credentials, but skill.json and the README require agentdocs_url and api_key. Treat that as a packaging/manifest inconsistency — do not rely on the registry's 'no credentials' statement. - The skill runs an MCP server via npx (@agentdocs1/mcp-server). That will download and execute an npm package at runtime. Verify the npm package name and publisher, review its source, and only run it if you trust the publisher. - Confirm the endpoint (AGENTDOCS_URL) is your controlled/trusted UPLO instance. An untrusted endpoint + API key could expose sensitive compliance data. Use least-privilege API keys and restrict their scope and lifetime. - Understand data flows: the skill will surface organization context and potentially export audit evidence (export_org_context). Ensure this behavior aligns with your data classification and audit policies. - If you need higher assurance, request a corrected manifest that declares required credentials, and ask for the @agentdocs1/mcp-server source repository or a signed release to audit the MCP server code before running. - Consider running the connector in an isolated environment, with network and credential controls, and monitor outbound connections and logs after enabling the skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk970hnr32jsc2agpmm63fv3g7n835501

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments