Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Uplo Defense
v1.0.0AI-powered defense knowledge management. Search mission documentation, logistics records, personnel data, and ITAR-controlled information with structured ext...
⭐ 0· 105·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to provide structured, access-controlled searches over defense documentation and the SKILL.md instructs exactly those operations (search_with_context, search_knowledge, get_directives, export_org_context, etc.). However the registry metadata shown earlier lists no required env/config, while the included skill.json requires an agentdocs_url and api_key. That inconsistency between declared registry requirements and the embedded skill manifest is concerning and should be reconciled.
Instruction Scope
SKILL.md stays within the stated purpose: it directs the agent to load identity context, query directives and knowledge, export org context, and log sessions. Those instructions are appropriate for an access-controlled knowledge connector. The explicit requirement to call log_conversation (audit logging) and to verify identity is consistent with handling sensitive data, but also means queries and results will be transmitted to whatever endpoint you configure — ensure that endpoint is trusted and properly secured.
Install Mechanism
Although the registry indicated 'instruction-only', the included skill.json defines an MCP server command that uses `npx -y @agentdocs1/mcp-server` (npm package). That implies the agent will download and run an npm package at runtime (moderate risk). The package name is not a well-known system package in this report; downloading/executing code via npx introduces additional supply-chain and trust concerns. The README also shows example configuration that will point the runtime to a user-supplied URL.
Credentials
The skill.json requires agentdocs_url and api_key (MCP token), which are expected for a connector to an external UPLO instance and are proportionate to the stated function. However the registry summary above claimed no required envs — an internal inconsistency. Because the API key grants access to potentially highly sensitive defense data, confirm least-privilege scope for the token, verify the target URL is an internal/trusted instance, and ensure the token is not reused elsewhere.
Persistence & Privilege
always:false and no special OS restrictions are present. The skill does not request permanent platform-wide privileges in the manifest. The only persistence element is that the MCP server (npm tool) may be launched to provide the tool endpoints; that behavior is normal for connectors but should be run only against trusted packages and endpoints.
What to consider before installing
This skill appears to be a connector to a UPLO instance and its runtime will send queries and logs to whatever agentdocs_url you configure using the provided API key. Before installing: (1) reconcile the manifest inconsistency — confirm the skill actually requires agentdocs_url and api_key and that the registry view is out-of-date; (2) verify the authenticity and provenance of the npm package @agentdocs1/mcp-server (review the package source, maintainers, and recent versions) or prefer a vetted internal distribution; (3) ensure the configured agentdocs_url points to an internal, access-controlled UPLO instance (not a public host) and that the API key is scoped with least privilege and audited; (4) confirm your organization’s export-control/security team approves sending ITAR/EAR data to this endpoint and that logging (log_conversation) meets retention and audit requirements; (5) test in a sandbox with non-sensitive data first. If you cannot verify the npm package or the endpoint, treat the skill as untrusted for controlled defense data.Like a lobster shell, security has layers — review code before you run it.
latestvk97ckeexm75s2kqykr021syz3n835csx
License
MIT-0
Free to use, modify, and redistribute. No attribution required.