ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Uplo Energy

v1.0.0

AI-powered energy sector knowledge management. Search power generation records, grid management data, regulatory filings, and safety protocols with structure...

0· 116·0 current·0 all-time
by@roojenkins

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for roojenkins/uplo-energy.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Uplo Energy" (roojenkins/uplo-energy) from ClawHub.
Skill page: https://clawhub.ai/roojenkins/uplo-energy
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install uplo-energy

ClawHub CLI

Package manager switcher

npx clawhub@latest install uplo-energy
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill claims to connect to an UPLO knowledge base and exposes search/graph tools — requiring an UPLO URL and API key is reasonable. However, the registry metadata lists no required env vars while skill.json declares config entries (agentdocs_url and api_key). That mismatch is incoherent: the skill will expect credentials even though the registry says none.
Instruction Scope
SKILL.md instructs the agent to run domain-specific tools (search_with_context, search_knowledge, get_directives, etc.) and to verify identity and classification before querying CEII. It does not instruct arbitrary file reads, unrelated credential collection, or exfiltration to unexpected endpoints beyond the UPLO instance.
!
Install Mechanism
There is no formal install spec in the registry, but skill.json defines an MCP runtime that uses `npx -y @agentdocs1/mcp-server --http`. That implies the runtime will fetch and run an npm package at use-time. Dynamic npx pulls are higher-risk than pre-reviewed installs because they execute remote code; confirm the @agentdocs1/mcp-server package provenance and contents before allowing the skill to invoke it.
Credentials
Requesting an UPLO URL and API key is proportional to a knowledge-base client. The concern is the missing declaration in registry-level required env vars and the skill manifest relying on those secrets. The skill will pass AGENTDOCS_URL/API_KEY to the MCP server process; ensure the API key has least privilege and that the host URL is trusted.
Persistence & Privilege
The skill does not request 'always: true' or any elevated persistent privileges. It appears to run on demand and does not modify other skills or system-wide settings in the provided materials.
What to consider before installing
This skill appears to be a client for an UPLO knowledge base and legitimately needs an UPLO URL and API key — but the package has three red flags you should resolve before installing: 1) Registry metadata vs manifest mismatch: the registry claims no required env vars, yet skill.json requires agentdocs_url and api_key. Treat the skill as requiring credentials until you verify otherwise. 2) Dynamic npm execution: the skill manifest runs `npx @agentdocs1/mcp-server`. That will fetch and execute a remote npm package at runtime. Verify the package name, its publisher, and inspect its source (or ask the vendor for a signed release) before allowing execution. 3) Unknown origin/homepage: the skill's source/homepage fields are empty even though README references uplo.ai. Verify the publisher identity (is this the official UPLO distribution?) and prefer skills with a clear source and release artifacts. Practical steps: - Confirm the publisher and check the npm package (@agentdocs1/mcp-server) source and recent versions. - Only provide an API key scoped with the minimum permissions and with an expiry/rotation policy, and point AGENTDOCS_URL to a trusted domain (prefer your organization's instance). - If possible, sandbox the skill’s MCP process or audit network activity when first running it. - If you need stronger assurance, ask the maintainer to update registry metadata to declare required env vars and provide a pinned, reviewable install artifact rather than implicit npx execution. If you cannot verify the package provenance or the publisher, treat this skill as higher-risk and do not provide sensitive credentials or CEII data to it.

Like a lobster shell, security has layers — review code before you run it.

latestvk9751z1x3jjyn2b87zew6y16m9839c4k
116downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@roojenkins
latest
Download

UPLO Energy — Generation-to-Grid Intelligence

The energy sector runs on documentation: NERC compliance evidence, generation performance reports, outage analyses, environmental permits, rate case filings, and safety management system records. These documents are produced by operations, compliance, engineering, environmental, and regulatory affairs teams that rarely share a common system. UPLO Energy indexes this sprawl so a plant manager preparing for a NERC audit and a regulatory analyst drafting a rate case filing can both find what they need without navigating six different document repositories.

Session Start

Energy operations involve safety-critical and CEII (Critical Energy Infrastructure Information) data. Your clearance and role assignment must be verified before any queries.

get_identity_context

get_directives

Active directives in energy often include NERC compliance deadlines, planned outage schedules, emergency operations procedures during weather events, and rate case filing timelines. These are not informational — they drive daily operations.

When to Use

  • Preparing NERC CIP compliance evidence and need to locate the specific access control documentation for a cyber asset at a generating facility
  • Investigating a forced outage and need to find the root cause analysis from similar equipment failures across the fleet
  • A rate case is being filed and the regulatory team needs historical capital expenditure justification, O&M cost trends, and load forecast methodology documentation
  • Environmental compliance requires pulling the air permit conditions, continuous emissions monitoring (CEMS) data reports, and EPA reporting documentation for an upcoming inspection
  • Operations planning needs the current transmission constraint studies and generation dispatch order documentation
  • A safety incident occurred and the investigation team needs the JSA (Job Safety Analysis), switching orders, and lockout/tagout procedures that were in effect
  • Onboarding a new reliability coordinator who needs to understand the balancing authority area, transmission topology, and interconnection agreements

Example Workflows

NERC CIP Audit Preparation

A NERC audit is scheduled in 60 days. The compliance team needs to assemble evidence for CIP-007 (System Security Management).

search_with_context query="NERC CIP-007 system security management patch management cyber assets evidence"

Pull the specific documentation for security patch implementation:

search_knowledge query="patch management program BES cyber assets implementation records compliance"

Find the electronic access control documentation:

search_knowledge query="electronic access point monitoring BES cyber system network security CIP-005"

Export the organizational context to map cyber asset owners to the compliance evidence:

export_org_context

log_conversation summary="Assembled CIP-007 and CIP-005 evidence package for NERC audit; identified patch compliance records and EAP monitoring documentation" topics='["NERC-CIP","audit","cybersecurity","compliance"]' tools_used='["search_with_context","search_knowledge","export_org_context"]'

Forced Outage Root Cause Analysis

A 500 MW combined-cycle unit tripped offline due to a combustion turbine compressor issue. The plant engineer needs to investigate.

search_with_context query="combustion turbine compressor trip forced outage similar events root cause fleet"

search_knowledge query="GE 7FA compressor blade inspection borescope findings maintenance records"

Check if there is an OEM service bulletin related to this failure mode:

search_knowledge query="GE service bulletin technical information letter compressor blade cracking 7FA"

Report a gap if the maintenance records are incomplete:

report_knowledge_gap query="Unit 3 combustion turbine compressor maintenance history borescope interval records"

Key Tools for Energy

search_with_context — Energy questions span organizational boundaries. "Are we compliant with CIP-007?" touches cybersecurity, operations, maintenance, and IT documentation. Graph traversal assembles this cross-functional evidence. Example: search_with_context query="transmission line relay settings protection coordination study 230kV"

search_knowledge — Direct lookup for known documents: a specific NERC standard evidence file, a plant operating procedure, an environmental permit, or a maintenance record. Example: search_knowledge query="air quality permit Title V Facility 004 conditions NOx limits"

get_directives — Energy directives are operationally binding. A planned outage schedule, a generation curtailment order, or a NERC compliance deadline flows through here. Missing a directive can result in reliability standard violations.

flag_outdated — Operating procedures, relay settings, and protection coordination studies must match the current configuration. A relay setting document that does not reflect the latest short circuit study is a reliability risk. Flag immediately.

report_knowledge_gap — Undocumented maintenance history, missing calibration records for CEMS equipment, or absent protection coordination studies are compliance gaps. Reporting them creates accountability.

log_conversation — NERC standards require evidence of systematic review. Logging your compliance evidence assembly sessions creates an auditable record that demonstrates due diligence.

Tips

  • NERC standard identifiers (CIP-007-6 R2, FAC-008-3, TPL-001-5) are indexed as structured fields. Query by standard and requirement number for precise results.
  • CEII data is classified at the restricted tier. If queries about transmission topology, generation interconnection, or critical infrastructure locations return no results, it is likely a clearance issue. Contact your CEII custodian.
  • Forced outage investigations benefit from fleet-wide searches. A compressor blade issue on Unit 3 may have been seen on Unit 7 two years ago. Use search_with_context with equipment model identifiers to find cross-unit patterns.
  • Environmental permit conditions often contain specific numerical limits (NOx lb/hr, SO2 ppm, particulate matter mg/m3). Include these units in your search terms — the extraction engine indexes them as structured fields alongside the regulatory limits.

Comments

Loading comments...