ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Uplo Operations

v1.0.0

AI-powered operations knowledge management. Search process documentation, capacity plans, resource allocation data, and KPI dashboards with structured extrac...

0· 78·0 current·0 all-time
by@roojenkins
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name, README, SKILL.md, and skill.json all describe an operations knowledge connector (search_knowledge, search_with_context, export_org_context, etc.), which is coherent with the stated purpose. However, the registry metadata lists no required config/env, while skill.json clearly declares required configuration (agentdocs_url and api_key). This mismatch is unexpected and should be reconciled.
Instruction Scope
SKILL.md instructs the agent to call MCP tools (search_knowledge, search_with_context, export_org_context, flag_outdated, propose_update, log_conversation). Those actions are appropriate for an operations knowledge skill and do not instruct reading unrelated local files or arbitrary env vars. Note: the operations data accessed (org context, capacity plans, SOPs) is highly sensitive by nature—this is within-scope but high-impact data if misused.
!
Install Mechanism
Although the registry lists no install spec, README and skill.json indicate the skill expects an MCP server launched via npx @agentdocs1/mcp-server (--http). That entails downloading/executing an npm package at runtime and starting an HTTP service. Pulling code via npx from a public registry is a moderate-to-high risk without auditing the package and its source. The lack of an explicit install spec in registry metadata makes the runtime behavior less transparent.
!
Credentials
skill.json requires agentdocs_url and api_key (appropriate for connecting to a UPLO instance). But registry metadata declared no required env/config — an inconsistency. The api_key gives access to potentially sensitive organizational knowledge; ensure the key's scope is least-privilege (read-only where possible) and that the platform will securely store/use it.
Persistence & Privilege
The skill is not always-installed and does not request global privileges. However, its mcp command will run a local HTTP MCP server (per skill.json/README), which may persist while the agent is active and expose an endpoint to which data flows. Autonomous invocation is allowed by default — consider whether you want the agent to be able to fetch org context or export snapshots without explicit user confirmation.
What to consider before installing
This skill appears to do what it says (connect to UPLO to search SOPs, capacity plans, KPIs) but there are two red flags you should address before installing: 1) Metadata mismatch: the platform registry lists no required config, yet the included skill.json requires an agentdocs_url and api_key. Confirm with the publisher which credentials are actually needed and why the registry metadata omitted them. 2) Runtime install & network exposure: the skill expects to launch an MCP server via npx @agentdocs1/mcp-server (downloads and runs an npm package and starts an HTTP endpoint). Before proceeding: - Verify the npm package @agentdocs1/mcp-server is from a trusted publisher and review its code or provenance (or use a vetted internal mirror). - Limit the API key to the minimum permissions (read-only, scoped to the knowledge base) and rotate it after testing. - Ensure the MCP endpoint is configured securely (use HTTPS if possible, local binding only if you don't want external exposure). - Consider running this skill in a sandbox or staging org account first and audit the traffic and logs. Finally, decide whether you want the agent to be able to autonomously call export_org_context or log_conversation; if not, restrict autonomous invocation or require manual approval for those actions. If you need more certainty, ask the skill author for a signed package release, a vetted install artifact, and explicit documentation about API key scopes and the @agentdocs1/mcp-server package source.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bc7rk2n8z96aqe53fhx6mjd839a42

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments