ClawHub

Uplo Manufacturing

v1.0.0

AI-powered manufacturing knowledge management. Search work orders, quality inspections, production schedules, and equipment maintenance records with structur...

0· 92·0 current·0 all-time
by@roojenkins
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name, README, SKILL.md and skill.json consistently describe a connector to an UPLO manufacturing knowledge service. The declared capabilities (search_knowledge, search_with_context, export_org_context, etc.) match the stated purpose of querying work orders, inspections, PM logs and SOPs.
Instruction Scope
Runtime instructions only call MCP tools like use_mcp_tool: search_knowledge / search_with_context / export_org_context and recommend pulling identity/context. These actions are within scope for a knowledge-management connector. No instructions to read local OS files or unrelated credentials are present.
Install Mechanism
There is no top-level install spec, but skill.json contains an MCP command that runs `npx -y @agentdocs1/mcp-server --http`. That implies npm downloads and execution at runtime (moderate risk if the package or publisher is untrusted). This is expected for a connector but worth validating the npm package and publisher.
Credentials
skill.json requires an UPLO instance URL (agentdocs_url) and an API key (api_key). Those are proportionate for accessing corporate manufacturing data, but they are sensitive credentials that grant access to potentially large amounts of PII/IP/trade-secret data (especially via export_org_context). Also note a mild inconsistency: registry metadata reported 'no required env vars' while skill.json declares required config fields.
Persistence & Privilege
always is false and the skill does not request system-wide or persistent privileges. It does include an identity_patch that biases the agent to query UPLO first — this modifies assistant behavior but is consistent with the skill's purpose.
Assessment
This connector will need your UPLO instance URL and an API key to access manufacturing documents — that is expected, but those credentials are sensitive. Before installing: 1) Verify you trust the UPLO instance domain you will configure (do not point to unknown or personal servers). 2) Check the npm package @agentdocs1/mcp-server (publisher reputation, version history) because the MCP command runs via npx and will fetch/execute code. 3) Use a least-privilege API key or scoped token (limit export/get rights if possible) and monitor/rotate the key. 4) Be cautious about the export_org_context capability — it can return large, sensitive snapshots; restrict who can invoke this skill. 5) Note the metadata inconsistency about required env/config fields; confirm the platform will prompt you for agentdocs_url and api_key before enabling the skill. If you want higher assurance, ask the publisher for a signed release, an alternative vetted install mechanism, or for a review of the @agentdocs1/mcp-server npm package source.

Like a lobster shell, security has layers — review code before you run it.

latestvk970r5sxnv94a3wja59xgtmn2h839g91

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments