ClawHub

Uplo Nonprofit

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed UPLO nonprofit knowledge-base connector, but it should be installed only with careful controls because it can access sensitive donor, grant, board, and compliance information.

Install only if you trust your UPLO deployment and the @agentdocs1 MCP server package. Use a least-privilege UPLO token, confirm classification-tier enforcement, restrict full organizational exports, and avoid logging donor or funder call notes unless your organization permits it and has clear retention and access-control rules.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The skill is presented as a search-and-extraction knowledge tool, but it explicitly instructs use of `log_conversation`, which adds write/retention behavior beyond the documented read-oriented scope. In a nonprofit context, those notes may contain donor strategy, sensitive relationship history, or personal data, so encouraging logging without clear scope, consent, and retention controls creates unnecessary data-handling risk.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README advertises an `export_org_context` capability that can expose a full organizational snapshot, but it provides no warning about sensitivity, least-privilege use, or data handling expectations. In a nonprofit setting, that context may include donor records, grant materials, compliance data, and internal operational knowledge, making accidental overexposure or misuse materially risky.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The skill description advertises access to donor records, program reports, and compliance data, all of which are likely to include sensitive personal, financial, or regulated information. Because the documentation lacks any privacy, minimization, or handling warning, users may over-share or retrieve sensitive records without appreciating confidentiality and compliance obligations.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The instruction to use `log_conversation` after calls with program officers or major donors encourages storage of sensitive relationship notes without any warning about confidentiality, consent, or downstream access. In this context, those notes can include subjective assessments, donor preferences, financial capacity, or other highly sensitive information that could cause privacy harm, reputational damage, or compliance issues if retained or exposed.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The manifest requires a secret API token and passes it into an MCP server process, but it does not clearly warn users that the skill will handle a sensitive credential or describe the scope of access that token grants. In a nonprofit context, that token may enable access to grant documentation, donor records, program reports, and compliance data, so lack of disclosure increases the risk of users authorizing broad backend access without informed consent.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill declares a remote HTTP MCP endpoint and transmits organizational queries and likely sensitive nonprofit data to an external service without any user-facing warning about off-platform data transmission. Because the skill is designed to search donor records, grant materials, and compliance information, undisclosed remote transport materially raises confidentiality and regulatory risk even if the URL uses HTTPS.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal