Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Uplo Github
v1.0.0AI-powered GitHub knowledge management. Search repository metadata, code review standards, issue tracking, and team workflows with structured extraction.
⭐ 0· 70·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to provide org-wide GitHub knowledge and the included skill.json/config (agentdocs_url + api_key) describes connecting to an external UPLO MCP server to perform searches — this is coherent. However, the registry metadata at the top of the submission claimed 'Required env vars: none' while skill.json requires an instance URL and API key, which is an inconsistency in the package metadata.
Instruction Scope
SKILL.md instructs only to call UPLO-related operations (get_identity_context, search_knowledge, search_with_context, etc.) and does not direct the agent to read unrelated local files or arbitrary environment variables. It does, however, imply the agent will send repository metadata, issues, PR text, and other org data to the configured UPLO instance — expected for this type of skill but a potentially sensitive data flow that should be authorised.
Install Mechanism
The skill package itself has no install spec, yet README and skill.json indicate runtime behavior that uses npx to start an MCP server ("npx -y @agentdocs1/mcp-server --http"). That implies dynamic download/execution of an npm package at runtime (moderate risk). The package source (@agentdocs1/mcp-server) is referenced but no pinned release URL or checksum is provided. This remote install/exec behavior is not fully declared in the top-level metadata and increases risk.
Credentials
skill.json requires agentdocs_url and api_key (API token) which are proportional to the purpose (the service needs credentials to receive and index GitHub data). However the submitted registry metadata incorrectly listed 'none' for required env vars; that mismatch could mislead users. The API key has access to potentially broad organizational data on the UPLO instance, so only provide it to a trusted instance and with least privilege.
Persistence & Privilege
The skill does not request always:true, does not ask to modify other skills or system-wide config, and has normal autonomous-invocation defaults. There is no evidence it demands system-level persistence or escalated privileges.
What to consider before installing
Before installing or enabling: (1) confirm the required configuration (agentdocs_url and api_key) — the package metadata incorrectly listed no env vars; (2) only point the skill at an UPLO instance you control or fully trust, because repository contents, issues, PR text and CODEOWNERS will be sent there; (3) be aware the skill expects to run an MCP server via npx (@agentdocs1/mcp-server) which will download/execute code at runtime — prefer a vetted/pinned package or run it in a restricted environment; (4) limit the API key scope if possible and get organizational approval for sharing repository metadata with the configured service; (5) if you need higher assurance, ask the publisher for a signed release URL, package checksum, or an install spec that avoids implicit npx downloads.Like a lobster shell, security has layers — review code before you run it.
latestvk978e0r6q95q0te1m7dt09wfnx838721
License
MIT-0
Free to use, modify, and redistribute. No attribution required.