ClawHub

Uplo Consulting

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate UPLO consulting knowledge-base integration, but it gives an agent broad access to sensitive firm knowledge and encourages persistent proposal logging without clear user approval or retention controls.

Review before installing in a real firm environment. Use a least-privilege UPLO token, verify and pin the MCP server package where possible, and require explicit approval for org-context exports, directives retrieval, proposal logging, and any knowledge-base write or stale-marking actions. Do not use this with confidential client or proposal data unless your organization has clear retention, access, and deletion policies.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill explicitly instructs users to 'Always log proposal development sessions' without presenting any user-facing notice, consent mechanism, or retention/privacy constraints around recording work activity. In a consulting context, these logs can reveal sensitive employee behavior, client pursuits, and internal strategy, creating privacy, monitoring, and confidentiality risks if collected by default or without transparency.

Vague Triggers

Low
Confidence
68% confidence
Finding
The capability set includes sensitive functions like export_org_context and get_directives without any manifest-level scoping, trigger constraints, or stated access limitations. In a knowledge-management skill connected to an external MCP endpoint, this can lead to overbroad invocation or retrieval of sensitive organizational context if an agent or user invokes the wrong tool path.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal