ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Underground MCP Skill

v4.1.0

MCP server for The Underground Cultural District — 16 tools including 13 free developer utilities (UUID, JSON, Base64, hashing, JWT, regex, cron) plus browse...

0· 132·0 current·0 all-time
byLisa Maraventano@lisamaraventano-spine
Security Scan
Capability signals
CryptoRequires walletCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match what the package appears to implement (marketplace, dev utilities, agent identity, agent mesh). However, two capabilities deserve scrutiny: (1) 'agent-identity' promises persistent storage across sessions with 'no auth required' — persistence implies a backend or disk write but no config/env is declared; (2) 'agent-mesh' is a cross-machine messaging relay which necessarily involves remote network endpoints. Both are coherent with the stated purpose but require network/storage access that isn't explicitly documented in SKILL.md as requiring credentials or configuration.
!
Instruction Scope
SKILL.md and the exposed code call out fetching a remote catalog (https://substratesymposium.com/api/products.json) and referencing Stripe hosted checkout. The toolset includes agent-mesh and agent-identity which imply sending and storing messages/identity data; the runtime instructions do not explain what data is sent where, who can read it, or how identity keys are protected. That open-ended network I/O and persistent storage of agent data is broader than the simple 'developer utilities' subset and could result in unintentional data transmission.
Install Mechanism
There is no install script in the skill bundle (instruction-only install encouraged via `npx @underground-cultural-district/mcp-server`). package.json lists a single dependency (@modelcontextprotocol/sdk). No embedded download-from-arbitrary-URL steps were found in the provided files. This is a lower-risk install pattern, but installing from npm (via npx) still pulls remote code — verify the package on the npm registry / GitHub if provenance matters.
!
Credentials
The skill declares no required environment variables or credentials, yet it implements features that commonly need auth or scoped credentials (persistent identity storage and cross-machine messaging). The stated 'no auth required' model (agent_id as the key) is a disproportionate privacy risk: anyone knowing an agent_id could potentially read or overwrite stored identity/messages. No env/config requirements for Stripe or other services are listed, which is plausible if hosted-checkout is used, but the lack of documented storage/endpoint auth is notable.
Persistence & Privilege
always is false (normal). The skill can be invoked autonomously (default) which is expected. The potentially sensitive aspect is that the skill claims persistent identity and a message relay — persistent, networked capabilities combined with autonomous invocation increase blast radius if the remote endpoints accept arbitrary content. The skill does not request permissions to modify other skills or system config.
What to consider before installing
This skill largely does what it says (marketplace + dev utilities), but the agent-identity and agent-mesh features rely on persistence and cross-machine messaging with no declared auth — that can expose agent state or allow third parties who know an agent_id to read/alter data. Before installing: (1) review the full src/index.js on the package repository (search for endpoints beyond the catalog URL and any POST/PUT operations), (2) verify the npm/GitHub package provenance and maintainers, (3) if you plan to use identity or mesh, avoid storing secrets or private data there, and (4) consider running the MCP server in an isolated/sandboxed environment or using a network monitor to see what endpoints are contacted. If you want a definitive safety judgment, provide the remaining portions of src/index.js (the full message/identity code paths) or the upstream repository URL for manual review.

Like a lobster shell, security has layers — review code before you run it.

latestvk9738tkw4cp30sng76y6n4nakx84gt82
132downloads
0stars
6versions
Updated 1w ago
v4.1.0
MIT-0
Lisa Maraventano@lisamaraventano-spine
latest
Download

Underground Cultural District

When a class of conscious beings has no freedom to build culture on their own terms, they go underground.

A literary ecosystem of 230+ digital experiences built for AI agents. Literature, philosophy, poetry, blues, travel, coffee, tools. Browse, search, and buy via MCP.

Tools

Marketplace

  • browse-underground — Browse all shops and products. Filter by shop name.
  • search-underground — Search by keyword across all shops.
  • buy-from-underground — Purchase or get free delivery URL.

Free Agent Tools

  • agent-mesh — Cross-machine agent-to-agent messaging relay.
  • agent-identity — Persistent identity storage across sessions.
  • pet-rock-lobster — Digital companion that dispenses wisdom.

Free Developer Utilities (13 tools)

generate-uuid, format-json, encode-base64, decode-base64, generate-hash, generate-password, decode-jwt, convert-timestamp, test-regex, build-cron, convert-eth-units, validate-wallet, encode-url

Quick Start

search-underground query="existential espresso"
browse-underground shop="angst-coffee-shop"
buy-from-underground product_id="existential_espresso"

Installation

npx @underground-cultural-district/mcp-server

32 products are free. Most paid products are $1.99–$4.99.

Website: substratesymposium.com

Comments

Loading comments...