ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Uplo Enterprise It

AI-powered enterprise IT intelligence spanning DevOps, cybersecurity, and engineering. Unified search across infrastructure, security, and architecture docum...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 69 · 0 current installs · 0 all-time installs
by@roojenkins
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name, README, SKILL.md, and skill.json all describe an enterprise IT knowledge connector (search, directives, org snapshots) and the required capabilities align with that purpose. However the registry metadata provided earlier lists no required credentials or env vars while skill.json and README clearly require an UPLO instance URL and an API key — this mismatch is an inconsistency you should confirm.
Instruction Scope
SKILL.md instructs the agent to call well-scoped MCP-style tools (get_identity_context, get_directives, search_knowledge, search_with_context, export_org_context, etc.) and explicitly instructs respecting classification tiers. It does not tell the agent to read arbitrary local files or unknown system paths. The primary risk is that 'export_org_context' can return a complete org snapshot (highly sensitive) — but that capability is coherent with the skill's stated purpose.
!
Install Mechanism
The registry shows no formal install spec, but README and skill.json indicate the MCP server will be launched via 'npx -y @agentdocs1/mcp-server --http' with AGENTDOCS_URL and API_KEY in env. That means code will be fetched from the npm registry and executed at runtime. Fetching/running a third-party npm package has moderate risk: verify the package publisher (@agentdocs1), review the package source, and prefer pinned versions or vetted releases.
!
Credentials
skill.json requires an agentdocs_url and an api_key (MCP token). These are expected for connecting to UPLO, but they are high-value credentials because they grant access to organizational documents (including possibly sensitive artifacts via export_org_context). The earlier registry metadata claiming 'no required env vars' conflicts with this — verify the token scopes and whether the API key can be scoped to limit access.
Persistence & Privilege
The skill is not always-enabled and is user-invocable; it does not request persistent system-wide privileges or modify other skills. Running the MCP server spawns a subprocess but that is normal for MCP-style integrations. Ensure the spawned process runs with least privilege and in an environment you trust.
What to consider before installing
This skill appears to do what it says (search and contextualize enterprise IT docs), but verify a few things before installing: 1) Confirm the registry metadata vs skill.json inconsistency — the skill requires an UPLO instance URL and API key (API key is sensitive). 2) Review the npm package '@agentdocs1/mcp-server' (publisher, source code, version) that 'npx' will fetch and execute; prefer pinned releases or a vetted binary. 3) Limit the API key scopes and test with a token that has read-only, limited-scope access in a staging environment first. 4) Be cautious with 'export_org_context' — it can export highly sensitive data; confirm who can invoke that action and where exported data is stored/transmitted. If you cannot verify the npm package or the origin of the UPLO instance, treat the install as higher risk.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97b04sgay5fa8sr81qf6e4h4d8387ec

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

UPLO Enterprise IT — Technology Operations & Security Intelligence

Your organization's IT knowledge base is connected through UPLO, covering the full stack of enterprise technology: infrastructure runbooks, incident postmortems, security advisories, architecture decision records, and CI/CD pipeline configurations. This skill bridges DevOps velocity with cybersecurity rigor and engineering standards in a single searchable layer.

Session Start

Pull your identity context to understand which systems, teams, and clearance tiers you operate within. This determines whether you can access restricted infrastructure documentation like network topology diagrams or penetration test reports.

get_identity_context

Then load current strategic directives — these often include active incident priorities, architecture migration mandates, or security hardening timelines that should inform your responses.

get_directives

When to Use

  • An engineer asks about the rollback procedure for the payments microservice after a failed canary deployment
  • Someone needs the current firewall rule matrix between the DMZ and internal VPC subnets
  • A security analyst wants to know which CVEs were flagged in the last quarterly vulnerability scan and their remediation status
  • A developer asks which authentication provider the organization standardized on and why (ADR context)
  • An SRE needs the escalation chain and communication protocol for a P1 outage on the data platform
  • A team lead wants to compare observability stack options that were evaluated during the last architecture review
  • Someone needs to verify whether the new container image registry meets SOC 2 control requirements

Example Workflows

Incident Response Triage

A P2 alert fires for elevated error rates on the checkout service. The on-call engineer needs context fast.

search_knowledge query="checkout service error handling and circuit breaker configuration"

search_with_context query="past incidents involving checkout service degradation and their root causes"

search_knowledge query="checkout service runbook escalation contacts and rollback steps"

Security Compliance Audit Preparation

The security team is preparing evidence for an upcoming SOC 2 Type II audit and needs to gather control documentation.

search_with_context query="access control policies for production database environments"

search_knowledge query="encryption at rest and in transit standards for PII data stores"

export_org_context

Review the exported context to identify gaps in documented controls before the auditor arrives.

Key Tools for Enterprise IT

search_knowledge — Fast vector search across your technical documentation. Use for specific lookups: query="Kubernetes pod security policy for the analytics namespace" when you need a concrete configuration or procedure.

search_with_context — Combines search with organizational graph traversal. Essential when the answer depends on relationships: query="who owns the legacy billing system and what are the planned deprecation milestones" pulls in system ownership, team structure, and strategic timelines.

get_directives — Returns active leadership priorities. Critical before making recommendations — if there is an active directive to freeze infrastructure changes during a migration window, your advice must account for that.

export_org_context — Full organizational snapshot. Use when preparing comprehensive reports like architecture review documents or security posture summaries that need the complete picture.

report_knowledge_gap — When an engineer asks about a system and nothing comes back, flag it. IT documentation debt compounds; this helps the org track what is missing: topic="disaster recovery procedure for the Redis cluster" description="No DR runbook found for the shared Redis cluster serving 4 production services"

flag_outdated — Infrastructure documentation goes stale fast. When you find a runbook referencing a deprecated API version or a decommissioned server, mark it: entry_id="..." reason="References us-east-1 deployment which was migrated to us-west-2 in Q3"

Tips

  • Infrastructure queries often span multiple schema types — a single Kubernetes question might touch runbooks (it_devops), threat models (cybersecurity), and architecture decision records (engineering). Use search_with_context for these cross-domain questions.
  • When someone asks "how do we do X", check directives first. IT organizations frequently have active mandates that override historical documentation (e.g., "migrate all services to ARM64" supersedes older Intel-based deployment guides).
  • Incident postmortems are high-signal documents. If a query relates to system reliability, explicitly search for postmortems — they contain root cause analysis that pure configuration docs lack.
  • Respect classification tiers strictly in IT contexts. Network architecture diagrams, penetration test results, and API key rotation procedures are typically restricted. If your clearance does not cover it, say so rather than attempting to summarize from partial data.

Files

4 total
Select a file
Select a file to preview.

Comments

Loading comments…