Back to skill
Skillv1.0.0
VirusTotal security
Uplo Finance · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 7:36 AM
- Hash
- 97a959a408a489b86a426d9b57c770e39cddf929298b809c83419f5227a02b4a
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: uplo-finance Version: 1.0.0 The skill provides high-privilege access to sensitive financial data, including audit workpapers, tax provisions, and M&A materials, using tools like 'export_org_context' and 'search_with_context'. While these capabilities are aligned with the stated purpose of financial intelligence, the skill utilizes 'npx' to execute a remote package (@agentdocs1/mcp-server) and requires a secret API key for a remote endpoint (uplo.ai). The combination of broad data access permissions and remote code execution via a third-party package meets the criteria for a suspicious classification, despite the professional and compliance-oriented instructions found in SKILL.md and identity-patch.md.
- External report
- View on VirusTotal