ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Uplo Healthcare

v1.0.0

AI-powered healthcare knowledge management. Search clinical notes, care plans, lab results, prescriptions, and patient pathways with structured extraction.

0· 88·0 current·0 all-time
by@roojenkins
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The skill is presented as an organizational knowledge/clinical-protocol search tool and the declared capabilities (search_knowledge, search_with_context, get_directives, export_org_context) align with that purpose. Requiring a UPLO instance URL and an API key (via skill.json) is proportionate for a hosted knowledge service. However, the registry metadata provided to you earlier claims no required env/config, which contradicts skill.json's required config entries (agentdocs_url and api_key).
Instruction Scope
SKILL.md instructs the agent to call functions such as get_identity_context, get_directives, search_knowledge, search_with_context, and export_org_context — all within the stated domain (organizational policies, directives, and protocols). The instructions explicitly caution against surfacing PHI. One operational caution: export_org_context can produce large organizational exports; this is consistent with the skill's purpose but is also a high-scope action that could expose broad organizational data if misused.
!
Install Mechanism
There is no explicit install spec, but skill.json's mcp configuration relies on running an npm package via npx (@agentdocs1/mcp-server). Fetching and executing code with npx at runtime is a moderate-risk install pattern: it's common for connectors but it downloads and runs external code. The manifest uses an unpinned npx invocation (-y, latest), which increases risk because it will fetch whatever is current in the registry rather than a reviewed version.
Credentials
The only sensitive configuration required by the skill.json is an agentdocs_url and an api_key — these are appropriate for a hosted UPLO MCP connector. This is proportional to the stated purpose. However, the registry metadata you were shown earlier listed no required env vars/credentials, which is inconsistent with skill.json and README (both of which require API key and URL). Confirming which record is authoritative is important before deploying credentials.
Persistence & Privilege
The skill does not request always:true and does not attempt to modify other skills. The declared MCP transport is HTTP to the provided service URL; normal for a connector. There is no indication the skill modifies system-wide agent settings beyond launching its own MCP server process.
Scan Findings in Context
[regex_scan_empty] expected: The regex-based scanner found nothing to analyze because this is an instruction-only skill with no code files. That is expected for many connector/manifest-only skills, but it means you should review external package usage and the skill.json manifest manually.
Assessment
What to check before installing: - Confirm the source: verify the UPLO vendor and the author identity (UPLO / @agentdocs1) and prefer installing only from a trusted internal registry or a vetted vendor page. - Validate configuration mismatch: the registry metadata you received claims no required envs, but skill.json and README require an agentdocs_url and api_key. Clarify which is correct before supplying credentials. - Audit the npm package: skill.json/README indicate usage of an npx command that will fetch @agentdocs1/mcp-server. Inspect that npm package (versioned release, publisher, recent change history) or ask for a pinned, auditable release before allowing runtime fetches. - Use least privilege for credentials: issue an API key scoped only to the capabilities the skill needs (read/search/export) and avoid giving it access to PHI or unrelated services. - Control export actions: treat export_org_context as sensitive. Limit who can invoke exports, require approval/auditing, and verify exported data does not include PHI or overly broad organizational data. - Prefer pinned versions: request that the skill manifest reference a pinned package version (not an implicit latest via npx -y) or allow hosting the MCP server internally. - Logging & auditing: ensure all queries and exports are logged and reviewed; ensure the integration complies with your privacy/HIPAA policies. If you want, I can list concrete questions to ask the publisher or a checklist for an operator to safely deploy this connector.

Like a lobster shell, security has layers — review code before you run it.

latestvk973fzpe8yqk9knrecehmaady1838byb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments