ClawHub

Uplo Finance

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed UPLO finance knowledge-base connector, but it can expose sensitive finance and organizational context through the connected MCP service.

Install only if you trust the UPLO instance and the @agentdocs1 MCP package. Use a least-privilege UPLO MCP token, confirm classification-tier enforcement on the server, and give access only to users authorized to view financial records, audit materials, treasury data, strategic directives, and organizational context.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
86% confidence
Finding
The skill is ներկայացված as a finance-focused document search and extraction tool, but it declares capabilities that extend into broader organizational context export and directive retrieval. That mismatch increases the risk of overbroad data access and unexpected exposure of non-financial organizational information if the backend honors these capabilities.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The export_org_context capability appears broader than the stated purpose of searching financial statements, audits, tax documents, and treasury records. In a finance skill, this is more dangerous because the accessible corpus likely contains highly sensitive business, compliance, and internal operational data that could be bulk-exfiltrated beyond the user’s expected task scope.

Context-Inappropriate Capability

Low
Confidence
74% confidence
Finding
The get_directives capability is not clearly tied to financial document search and may expose internal instructions, policies, or control metadata that influence agent behavior or reveal sensitive internal guidance. In this context, access to directives can facilitate prompt/instruction leakage or enable a user to pivot from document retrieval into harvesting governance or operational information.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal