ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Uplo Logistics

v1.0.0

AI-powered logistics knowledge management. Search shipment records, warehouse procedures, fleet data, and customs documentation with structured extraction.

0· 75·0 current·0 all-time
by@roojenkins
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill claims to provide logistics knowledge access and the included files (README.md, SKILL.md, skill.json) all describe connecting to an UPLO MCP server using an instance URL and API key—this is consistent with the stated purpose. However, the registry metadata at the top of the report said 'Required env vars: none' and 'Primary credential: none' while skill.json declares required config entries (agentdocs_url and api_key). That metadata mismatch is an incoherence that should be clarified.
Instruction Scope
SKILL.md directs the agent to query UPLO tools (search_knowledge, search_with_context, export_org_context, get_directives, etc.) and to always 'pull current logistics context' at session start. Those instructions stay within the skill's stated domain (no local file/secret harvesting or arbitrary external endpoints are instructed). However, some commands (export_org_context, search_knowledge) can surface large amounts of sensitive org data (shipments, contracts, HTS codes, PII). The skill instructs broad context pulls by default, which increases data-access scope even if technically consistent with the purpose.
!
Install Mechanism
There is no formal install spec in the registry, but skill.json (and README) expect to run an MCP server via npx: '@agentdocs1/mcp-server --http'. That means at runtime the agent/system will fetch and execute a package from the npm ecosystem. This is moderate-to-high risk because code is fetched and executed dynamically, the package is not version-pinned in the examples (no specific semver/sha), and the package origin and contents are unverified in the bundle. If you install/run this, verify the npm package, prefer pinned/verified releases, and audit the package source.
Credentials
The only sensitive configuration the skill requires (per skill.json) is an UPLO instance URL and an API key, which are proportionate for a connector to an external knowledge service. That said, the top-level registry metadata incorrectly reported no required env/config — this discrepancy should be resolved. Also consider granting the API key least privilege and confirm what operations the MCP token allows (read-only vs. export/export_org_context).
Persistence & Privilege
The skill does not request 'always: true' and does not declare system-wide config paths. The skill's behavior is to run an MCP server process and call MCP tools; this is expected for a connector and does not, on its face, request elevated platform privileges. Still note that running the MCP server will open a local HTTP transport and may persist/manage conversation logs depending on the MCP implementation—verify that behavior before deploying in production.
What to consider before installing
Before installing or enabling this skill: - Resolve the metadata mismatch: ask the publisher why the registry lists no required credentials while skill.json requires agentdocs_url and api_key. - Treat the API key as sensitive: use a token with least privilege and rotate it if you later revoke access. Confirm whether the token can export data and whether export_org_context will produce full org dumps. - Audit the runtime package: confirm the npm package '@agentdocs1/mcp-server' exists, review its source and recent releases, and prefer a pinned version (and ideally a checksum) rather than allowing npx to fetch the latest implicitly. - Consider running the MCP server in an isolated environment (test / staging) first so you can monitor network requests and filesystem activity. - Ask the vendor for documentation describing exactly what data flows out of the MCP server and what 'export_org_context' and 'log_conversation' do (where data is stored/transmitted). - If you need stricter guarantees, request a signed release or host the server yourself rather than relying on npx at runtime. These steps will reduce the risk from dynamic package execution and large-scale data access prompted by the skill's default instructions.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e9fd954gz2ebdx9kwqafwq98384p0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments