Uplo Devops
ReviewAudited by ClawScan on May 10, 2026.
Overview
This DevOps knowledge skill appears purpose-aligned, but it can access, export, and persist broad infrastructure information with limited documented scoping or user approval.
Review this carefully before installing in a production DevOps environment. Use a least-privilege UPLO token, verify the external MCP package, avoid full organization exports unless truly needed, and require confirmation before the agent logs incidents or changes knowledge-base state.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may mark runbooks or infrastructure documentation as outdated, which could influence how teams respond during incidents.
The skill documents tools that can change knowledge-base state and encourages aggressive use. This is purpose-aligned, but operational documentation flags can affect incident responders.
**flag_outdated** — ... Flag these aggressively — someone will use them during an incident.
Require explicit user approval before changing or flagging operational documentation, and show the exact document and reason first.
The agent may retrieve information according to the permissions of the configured account or token.
The skill is designed to use identity and access-tier information to retrieve restricted DevOps content. That is expected for this integration, but it is sensitive authority.
This loads your team assignments (platform, SRE, application), on-call rotation status, and access tier. Some production configurations and credentials documentation are restricted by clearance.
Use a least-privilege UPLO token, prefer read-only access unless write tools are required, and avoid granting access to credential documentation unless necessary.
Installing or running the skill may execute whatever version of that npm package is resolved at runtime.
The runtime depends on an external npm package invoked without a pinned version, and the package code is not included in the reviewed artifacts.
"command": "npx", "args": ["-y", "@agentdocs1/mcp-server", "--http"]
Verify the package provenance, pin a specific audited version, and review the MCP server code before use in sensitive environments.
Sensitive operational context could be exposed in a conversation or reused beyond the specific task the user intended.
A full organizational context export is broad and could pull sensitive infrastructure, incident, ownership, and security information into the agent context without documented scoping or approval.
`export_org_context` | Full organizational context snapshot
Make broad exports opt-in, require confirmation, support narrower service/team scopes, and redact secrets or restricted security details by default.
Incident details may be stored in the knowledge system and later surfaced to other users or tasks.
The skill instructs routine persistence of incident-investigation summaries, which may contain service names, root causes, remediation steps, and security-relevant details. The artifacts do not describe retention, redaction, or user approval.
Use `log_conversation` after every incident investigation, even false alarms.
Ask before logging, show the exact summary to be saved, redact sensitive details, and document retention and access controls.
Infrastructure-related prompts and results may be sent to the configured UPLO instance.
The skill communicates with a configured MCP endpoint. This is expected for the UPLO integration, but DevOps queries and retrieved context cross a service boundary.
"transport": "http", "url": "${config.agentdocs_url}/mcp"Use only trusted UPLO instance URLs, ensure HTTPS is used, and confirm the instance’s access controls and logging policies.