Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Outline MCP
v1.3.4Model Context Protocol (MCP) bridge for Outline (getoutline.com). Enables AI agents to search, read, create, and manage documents, collections, and comments...
⭐ 0· 114·0 current·0 all-time
bySamuel Lie@samuellie
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
high confidencePurpose & Capability
Name/description state an Outline MCP bridge and the skill requires OUTLINE_API_KEY, OUTLINE_URL, Node and npm and includes MCP client code — these are appropriate and expected for connecting to an Outline workspace and performing document/attachment operations.
Instruction Scope
SKILL.md and the scripts explicitly include local filesystem access for bulk upload and an 'upload' action that reads files from paths provided to the agent. This behavior is within the declared purpose (bulk file/media uploads) but expands the agent's ability to read arbitrary absolute paths on the host — a sensitive capability which SKILL.md does warn about.
Install Mechanism
Install is a single npm install (no remote download of arbitrary archives). package.json depends on @modelcontextprotocol/sdk and package-lock references standard npm packages — this is a normal npm dependency install pattern.
Credentials
Only OUTLINE_API_KEY and OUTLINE_URL are required and OUTLINE_API_KEY is declared as primary. These are the expected secrets for an Outline integration and are proportionate to the skill's functionality.
Persistence & Privilege
always is false and the skill does not request system-wide config changes. It does not persist itself or modify other skills. Autonomous invocation is allowed (platform default) but is not combined with other unusual privileges.
Assessment
This skill appears to do what it claims (an Outline MCP bridge) and needs your Outline API key and MCP URL. The main risk is its upload/bulk-sync tools: they read arbitrary absolute file paths on the host (via fs.readFileSync) and then upload those files to your Outline workspace. Before installing: 1) Only enable this skill on trusted hosts or in isolated containers; do not run it on multi-tenant or developer laptops with sensitive files. 2) Use an Outline API key with the minimum privileges possible and rotate it if exposed. 3) Consider removing or disabling the 'upload'/'bulk-sync' tools if you only need read/metadata features. 4) Inspect or vendor the npm dependencies (package-lock.json) before running npm install, and run npm install in an environment where you can audit network activity. 5) Monitor logs for unexpected file access and restrict the user account running OpenClaw (don't run as root). If you want a lower-risk alternative, request a read-only skill variant that does not accept host file paths or that only accepts files explicitly staged by an operator.scripts/bulk_sync.mjs:22
Environment variable access combined with network send.
scripts/mcp_bridge.mjs:11
Environment variable access combined with network send.
scripts/bulk_sync.mjs:70
File read combined with network send (possible exfiltration).
scripts/mcp_bridge.mjs:78
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk975yt402vh05hfv64srgjaa4984c82s
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Binsnode, npm
EnvOUTLINE_API_KEY, OUTLINE_URL
Primary envOUTLINE_API_KEY