ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Uplo Architecture

v1.0.0

AI-powered architecture knowledge management. Search building designs, code compliance records, project specifications, and BIM data with structured extraction.

0· 201·0 current·0 all-time
by@roojenkins

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for roojenkins/uplo-architecture.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Uplo Architecture" (roojenkins/uplo-architecture) from ClawHub.
Skill page: https://clawhub.ai/roojenkins/uplo-architecture
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install uplo-architecture

ClawHub CLI

Package manager switcher

npx clawhub@latest install uplo-architecture
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill claims to provide architecture/BIM knowledge management and its SKILL.md, README, and skill.json all describe connectors and search tools for that domain. Requiring an UPLO instance URL and API key (in skill.json) is consistent with that purpose. However, the registry metadata shown to you earlier lists no required env vars/credentials while skill.json requires agentdocs_url and api_key — this mismatch is a packaging/metadata incoherence that should be resolved.
!
Instruction Scope
Runtime instructions tell the agent to call mcporter commands to fetch identity context, run semantic search, export org context, and log conversations. Those actions will transmit queries, organizational context, and conversation summaries to the external MCP endpoint. That behavior is expected for a knowledge connector but is also a potential data-exfiltration vector — verify you are comfortable sending sensitive project/specification data and conversation logs to the configured UPLO endpoint.
Install Mechanism
There is no separate install script in the registry, but skill.json's mcp block uses npx -y @agentdocs1/mcp-server to launch the MCP server. Running npx will fetch and execute code from npm (package @agentdocs1/mcp-server). This is a common pattern for MCP adapters but carries moderate supply-chain risk: confirm the npm package and publisher are trusted and review the package's repository/releases if possible.
Credentials
The only sensitive configuration required (per skill.json and README) is an UPLO instance URL (agentdocs_url) and an API key (api_key), which are proportional to the connector's function. But the registry metadata you were shown lists no required env vars — that discrepancy is concerning and could mislead admins about what secrets will be needed or transmitted.
Persistence & Privilege
The skill is not marked always:true and does not request system-wide privileges in the provided files. It describes starting an MCP server scoped to the skill; autonomous invocation is allowed (default) but not unusual for connectors. There is no evidence it modifies other skills or system settings.
What to consider before installing
Before installing, confirm the following: (1) The skill.json requires an UPLO instance URL and an API key — verify that the registry/package metadata accurately documents this and that you intend to provide those credentials. (2) The MCP adapter will be run via npx @agentdocs1/mcp-server; review and trust that npm package and its publisher (check the package repo, maintainers, and recent releases). (3) The SKILL.md directs the agent to fetch org context and to log conversations back to the UPLO endpoint — ensure your organization permits sending project files, specifications, and conversation logs to that external service and that classification rules will be enforced. (4) Ask the skill author/owner to fix the registry metadata mismatch (declare required env/config fields) and to provide a canonical homepage or source repo so you can audit the adapter package. If the package and endpoint are verified trusted and metadata is corrected, this skill appears coherent for its stated purpose; otherwise proceed with caution or request more info.

Like a lobster shell, security has layers — review code before you run it.

latestvk97553tbhj9kecd7325hf6jsrx834e37
201downloads
0stars
1versions
Updated 34m ago
v1.0.0
MIT-0
@roojenkins
latest
Download

UPLO Architecture — Building Design & BIM Intelligence

You have access to organizational knowledge through UPLO, focused on architecture domain expertise.

Session Start

When you begin a new session, fetch your organizational context:

mcporter call uplo-architecture.get_identity_context

When to Use

  • Questions about architecture policies, procedures, or processes
  • Looking up domain-specific knowledge and documentation
  • Finding subject matter experts
  • Verifying facts against the knowledge base

Key Tools

Search knowledge:

mcporter call uplo-architecture.search_knowledge query="your question here"

Search with full context (GraphRAG):

mcporter call uplo-architecture.search_with_context query="complex question with org context"

Export org context:

mcporter call uplo-architecture.export_org_context

Get directives:

mcporter call uplo-architecture.get_directives

Session End

Log the conversation:

mcporter call uplo-architecture.log_conversation summary="Brief summary" topics='["topic1"]' tools_used='["search_knowledge"]'

Important

  • Always cite sources when sharing UPLO information
  • Respect classification levels
  • If UPLO doesn't have the answer, say so rather than guessing

Comments

Loading comments...