ClawHub

Uplo Legal

Security checks across malware telemetry and agentic risk

Overview

This looks like a legitimate UPLO legal knowledge connector, but it gives agents broad access to sensitive legal context and records session summaries without clear user controls.

Install only if you trust both the UPLO instance and the @agentdocs1/mcp-server package. Use a least-privilege legal-only token, prefer a pinned MCP server version, restrict the endpoint to your approved UPLO host, and require explicit approval before full context export or conversation logging, especially for privileged, confidential, regulated, or investigation-related legal work.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README advertises an `export_org_context` capability that implies bulk extraction of organizational knowledge, but it does not warn users about sensitivity, access controls, least-privilege use, or data handling risks. In a legal knowledge-management skill, exported context may include privileged, confidential, or regulated information, so normalizing this capability without safeguards increases the chance of overbroad disclosure or misuse.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The activation guidance is broad enough to match many normal user requests about policies, procedures, fact-checking, or expert lookup, which can cause over-invocation of the skill and unnecessary disclosure of organizational legal context. In a legal knowledge skill, this is more sensitive than usual because queries may involve privileged, regulated, or confidential material, so ambiguous routing increases the chance of inappropriate data access or propagation.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to log the conversation summary, topics, and tools used at session end without any notice, consent, retention policy, or limits on what may be recorded. In a legal domain, conversations may contain privileged communications, compliance issues, or sensitive contract details, so silent logging materially increases confidentiality, privacy, and legal-risk exposure.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The manifest requires a secret API token and configures an external MCP endpoint using a user-supplied URL, with the token injected into the MCP server environment and used over HTTP transport. Even if the URL is expected to be the user's own UPLO instance, this file provides no explicit user-facing warning or trust boundary guidance, so users may unknowingly send sensitive credentials and legal-document access to an external service they do not fully control.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal