ClawHub

Uplo Customer 360

v1.0.0

AI-powered customer lifecycle intelligence spanning sales, customer success, and retail. Unified search across pipeline data, account health, and customer an...

0· 101·0 current·0 all-time
by@roojenkins
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill is presented as a Customer-360 / revenue intelligence integration and the declared capability set (search_with_context, search_knowledge, get_directives, export_org_context) matches that purpose. The skill.json requires an agentdocs_url and an api_key (MCP token) which are appropriate and proportional for connecting to a remote UPLO/MCP service.
Instruction Scope
SKILL.md contains only high-level runtime calls (get_identity_context, get_directives, search_with_context, search_knowledge, log_conversation, report_knowledge_gap, etc.). These are scoped to querying and logging customer knowledge and do not instruct reading unrelated local files or exfiltrating data to arbitrary endpoints. The identity-patch explicitly asks to respect classification tiers and not to fabricate data.
Install Mechanism
There is no formal install spec, but README and skill.json's mcp section indicate the MCP server is launched via `npx @agentdocs1/mcp-server --http`. Running via npx will fetch and run an npm package at runtime (moderate risk compared with instruction-only skills). This is expected for an MCP-backed skill but you should verify the npm package's provenance (@agentdocs1) before running in a sensitive environment.
Credentials
The only required configuration in skill.json is an UPLO instance URL and an API key (marked secret). Those are proportionate for a service that needs to access customer data. Note: the top-level metadata reported 'Required env vars: none' (platform metadata) but the skill.json clearly defines required config fields — ensure the platform will prompt for/secure the api_key before enabling the skill.
Persistence & Privilege
The skill does not request always:true and uses the platform default allowing autonomous invocation (disable-model-invocation:false), which is normal for skills. The skill does not request system-wide config changes or access to other skills' credentials.
Assessment
This skill appears coherent for connecting to an UPLO Customer 360 service, but review these points before installing: - Confirm provenance of the MCP npm package (@agentdocs1/mcp-server). npx will download and execute code; validate the package and its maintainer. - Treat the API key as sensitive: grant least privilege, rotate regularly, and ensure logs/audit are enabled on the UPLO instance. - Verify the agentdocs_url points to a trusted UPLO instance you control (not a third-party server). The skill will access your org's customer data via that endpoint. - Check that the platform/installer will prompt for and securely store the api_key (skill.json requires it even if portal metadata lists no env vars). - If you have strict autonomous-execution policies, consider setting disable-model-invocation or reviewing when the agent is allowed to call this skill. If you want a deeper review, provide the npm package name/version for the MCP server or the UPLO instance domain so I can list specific checks to perform (package audit, contact owner, required API scopes).

Like a lobster shell, security has layers — review code before you run it.

latestvk975gy0e5r8snp8st320rjewx9835gqt

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments