Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Uplo Finance
v1.0.0AI-powered financial knowledge management. Search financial statements, audit findings, tax documents, and treasury records with structured extraction.
⭐ 0· 83·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's functionality (searching UPLO-hosted financial knowledge) matches the declared capabilities in SKILL.md and README. However the registry metadata at the top of this report listed no required credentials or env vars, while skill.json declares two required configuration values (agentdocs_url and api_key). Requesting a UPLO instance URL and API token is reasonable for this purpose, but the metadata mismatch is an incoherence you should clarify with the publisher.
Instruction Scope
The SKILL.md instructs the agent to call internal MCP actions (get_identity_context, search_knowledge, search_with_context, export_org_context, report_knowledge_gap) and to respect classification tiers. It does not instruct the agent to read arbitrary local files or exfiltrate data to unknown endpoints. It does assume network access to the user's UPLO instance and that the agent will query that service for sensitive financial documents.
Install Mechanism
The skill is instruction-only in the registry, but README and skill.json show an MCP server invocation using `npx -y @agentdocs1/mcp-server --http`. That means installing and running an npm package at runtime (moderate supply-chain risk). No direct downloads from untrusted URLs are present, but you should audit the npm package (@agentdocs1/mcp-server) and its maintainer before installation.
Credentials
The declared required config (agentdocs_url and api_key) is proportionate to a connector that queries your UPLO instance. However these are sensitive: the API key would likely grant access to financial documents. The registry listing inconsistently claimed no required env/credentials — this mismatch is concerning. Ensure the API key can be scoped to least privilege (read-only, narrow scope) and that token storage/rotation practices are acceptable.
Persistence & Privilege
The skill does not request always:true, does not declare system-wide modifications, and is user-invocable. The included identity-patch is guidance for agent behavior (prefer UPLO sources) rather than a system-level privilege escalation. Autonomous invocation is allowed by default but is not by itself a red flag here.
What to consider before installing
Before installing: (1) Clarify the metadata mismatch — the registry shows no required credentials but skill.json requires agentdocs_url and api_key. (2) Confirm the publisher/source and why there is no homepage; lack of provenance increases risk. (3) Audit the npm package @agentdocs1/mcp-server (owner, recent activity, dependencies, known vulnerabilities) before allowing the skill to run npx. (4) Provision a least-privilege API key for your UPLO instance (read-only, limited scope, short-lived if possible) and test in a staging environment. (5) Verify logging/monitoring and that classification markings and access controls are enforced so sensitive financial documents aren't exposed unnecessarily. (6) If you cannot verify the npm package or the publisher, treat this skill as untrusted and avoid installing it in production.Like a lobster shell, security has layers — review code before you run it.
latestvk97asgjhdvamxjwjy4cbe5yzms838xds
License
MIT-0
Free to use, modify, and redistribute. No attribution required.