ClawHub

Uplo Government

Security checks across malware telemetry and agentic risk

Overview

This looks like a legitimate UPLO government knowledge skill, but it enables broad agency-context export and sensitive API-backed access without enough visible scoping safeguards.

Install only if you are authorized to connect this agent to the relevant government or organizational knowledge base. Use a narrowly scoped UPLO token, require HTTPS endpoints, confirm what export_org_context includes before using it, and avoid confidential, restricted, regulated, or classified data unless the deployment is approved for that handling.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill exposes `export_org_context` as a tool that can export the complete agency knowledge map, including mission, structure, personnel, systems, goals, and active directives, which goes well beyond the stated search and structured extraction purpose. In a government setting, this creates a bulk-exfiltration path for highly sensitive operational and organizational data, and the surrounding text presents it as broadly useful rather than tightly restricted.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README advertises broad ingestion of policy documents, public records, emails, images, and organizational context export, including classification tiers up to confidential and restricted, but provides no privacy, access-control, retention, or least-privilege guidance. In a government-focused skill, this increases the risk that users will connect sensitive datasets and expose full organizational snapshots through MCP tools without understanding the data-handling and disclosure implications.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill describes exporting the complete agency knowledge map without any caution about classification, breadth, need-to-know, or downstream handling requirements. Because the domain is government knowledge management and the document itself emphasizes strict handling requirements elsewhere, omission of warnings and constraints makes accidental over-collection or unauthorized disclosure substantially more likely.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The manifest configures an MCP server with transport set to HTTP and passes a secret API token via the API_KEY environment variable for use in requests to the configured endpoint. If the configured URL is plain HTTP or traverses an untrusted network segment, the token and queried government data may be exposed to interception or manipulation; the file also provides no warning or enforcement that only HTTPS endpoints are allowed.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal