ClawHub

Uplo Github

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed UPLO GitHub knowledge-search skill, but it can expose sensitive organizational GitHub context if connected with broad permissions.

Install only if you trust UPLO and the configured UPLO instance with your organization's GitHub metadata and discussions. Use a least-privilege MCP token, keep it out of committed/shared config files, rotate it as needed, and be careful with export_org_context because it may return broad internal repository and team context.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The README materially expands the apparent scope from GitHub-focused knowledge management to broad document ingestion and organization-wide knowledge services. That mismatch can mislead users into granting broader trust, data access, or deployment approval than the skill name and stated purpose suggest, increasing the chance of oversharing sensitive non-GitHub content.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
Tools such as full organizational context export and directive retrieval exceed a narrow GitHub knowledge-management expectation and imply access to sensitive enterprise information. In a skill presented as GitHub-focused, these capabilities raise the risk of unintended data exposure, excessive privilege, and user misunderstanding about what the integration can access or exfiltrate.

Description-Behavior Mismatch

Low
Confidence
84% confidence
Finding
Describing the product as an organizational digital twin indicates a platform-wide knowledge layer rather than a focused GitHub helper. This broad framing makes the skill more dangerous in context because users may install it for repository workflows while unknowingly enabling access patterns associated with much wider organizational data aggregation.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README instructs users to configure an API key for a service capable of search and export over organizational knowledge, but it does not warn about sensitive data handling, key protection, or access minimization. This omission can lead to insecure deployments, accidental indexing of confidential material, and exposure of broad enterprise context through misconfigured clients or shared environments.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal