ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Uplo Environmental

v1.0.0

AI-powered environmental knowledge management. Search impact assessments, compliance monitoring data, sustainability reports, and environmental permits with...

0· 132·0 current·0 all-time
by@roojenkins

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for roojenkins/uplo-environmental.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Uplo Environmental" (roojenkins/uplo-environmental) from ClawHub.
Skill page: https://clawhub.ai/roojenkins/uplo-environmental
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install uplo-environmental

ClawHub CLI

Package manager switcher

npx clawhub@latest install uplo-environmental
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md and README clearly describe an integration with an UPLO/MCP server and imply the need for an instance URL and API key. The included skill.json indeed declares config.agentdocs_url and config.api_key as required. However, the registry summary at the top lists no required env vars or primary credential — a direct mismatch. Requiring an endpoint URL and API token is coherent with the described purpose, but the metadata inconsistency is concerning and may indicate incomplete packaging or a metadata extraction error.
Instruction Scope
SKILL.md instructs the agent to load identity context and to call MCP tools (get_identity_context, search_knowledge, search_with_context, etc.). Those actions are coherent for a knowledge-base skill. Be aware that 'get_identity_context' will load agent identity/authorization context and queries will transmit user queries and extracted document content to the configured UPLO endpoint — expected for this integration but sensitive if the endpoint is external or untrusted.
Install Mechanism
This is an instruction-only skill (no code files), but skill.json / README direct the agent to run an MCP server via npx @agentdocs1/mcp-server --http. Using npx will fetch and execute code from the npm registry at runtime. That is a common pattern but carries moderate risk relative to a self-contained, vetted binary: it executes third-party code dynamically. There is no offline install spec or pinned release URL in the package; verify the npm package source and integrity before allowing execution.
!
Credentials
The skill requires an agentdocs_url and an API key (sensitive secret) to function, which matches the purpose of contacting an organization-specific UPLO instance. However, the registry's declared requirements omitted these, creating a mismatch. The API key gives the skill access to organizational environmental data via the remote MCP endpoint — this is proportionate for the described capability but is high-sensitivity access and should only be granted to a trusted endpoint and vetted package.
Persistence & Privilege
The skill does not request always: true and does not claim to modify other skills or system-wide settings. It is invocable by the user and can be invoked autonomously by the agent (platform default). No elevated or persistent system privileges are requested in the provided files.
What to consider before installing
This skill is designed to connect your agent to an UPLO/MCP knowledge instance and that requires providing an instance URL and a sensitive API key. Before installing: (1) confirm the skill source and owner (the registry metadata lacks a homepage and the owner ID is opaque); (2) verify the npm package @agentdocs1/mcp-server (review its repository, versions, and recent changes) because the agent will run it via npx; (3) ensure the agentdocs_url points to a trusted, internal UPLO instance (not a third‑party or unfamiliar host); (4) treat the API key as highly sensitive — limit its scope and rotate it if used for testing; (5) consider running the skill in a sandboxed environment or with restricted network access first; and (6) resolve the metadata mismatch (registry claims no required credentials while skill.json requires them) with the publisher before granting production access. If you cannot validate the package and endpoint, do not provide your organizational API key.

Like a lobster shell, security has layers — review code before you run it.

latestvk971e9m14vqmffghqppvhzkj0s839vc5
132downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@roojenkins
latest
Download

UPLO Environmental — Impact Assessment & Sustainability Intelligence

UPLO connects you to your organization's environmental knowledge corpus: Environmental Impact Assessments (EIAs), NEPA documentation, air and water quality monitoring records, emissions inventories, remediation tracking, permit conditions, and sustainability performance data. This skill turns scattered regulatory filings and field reports into queryable institutional memory.

Session Start

Begin by loading your identity context. Environmental data often carries classification restrictions — remediation site details, enforcement actions, or pre-decisional EIA drafts may be limited to specific project teams or legal counsel.

get_identity_context

When to Use

  • A project manager asks whether the proposed warehouse expansion triggers a full EIA or qualifies for a categorical exclusion under NEPA
  • An environmental engineer needs the most recent groundwater monitoring results for the former manufacturing site on Industrial Blvd
  • Someone wants to know the organization's Scope 1 and Scope 2 emissions totals from the last CDP disclosure
  • A compliance officer asks which facilities are approaching their Title V permit emission thresholds
  • The sustainability team needs to compile biodiversity offset commitments across all active construction projects
  • A lawyer preparing for a consent decree review needs the timeline of corrective actions taken at the Riverside facility
  • An analyst is building the annual ESG report and needs waste diversion rates by facility for the past three fiscal years

Example Workflows

Permit Renewal Preparation

A facility's NPDES stormwater permit expires in 90 days. The environmental manager needs to assemble renewal documentation.

search_knowledge query="NPDES permit conditions and discharge monitoring reports for the North Plant"

search_with_context query="stormwater best management practices implemented at North Plant and any inspection deficiencies"

search_knowledge query="corrective actions taken after the 2024 stormwater inspection findings at North Plant"

Carbon Footprint Reduction Planning

Leadership has set a 30% emissions reduction target by 2030. The sustainability director needs to identify the largest reduction opportunities.

get_directives

search_with_context query="greenhouse gas emissions breakdown by facility and source category from the most recent inventory"

search_knowledge query="energy efficiency projects completed or planned with estimated emissions reductions"

Key Tools for Environmental

search_with_context — Environmental questions almost always require organizational context. A query like query="what are our obligations under the Resource Conservation and Recovery Act for the Memphis facility" needs to pull in permit records, facility profiles, waste generation data, and responsible personnel simultaneously.

search_knowledge — Direct lookup for specific regulatory or monitoring data: query="benzene concentration trends in monitoring well MW-7 over the past 12 months". Use when you know exactly what data point you need.

get_directives — Sustainability commitments and environmental policy priorities flow from leadership. Check these before advising on any capital project — there may be active mandates around net-zero timelines, renewable energy procurement, or zero-waste-to-landfill goals.

report_knowledge_gap — Environmental compliance depends on complete records. When a query reveals missing monitoring data or undocumented permit conditions, flag it immediately: topic="Phase II ESA for the acquired Elm Street property" description="No environmental site assessment found despite acquisition closing last quarter"

flag_outdated — Regulatory thresholds change. If you encounter documents referencing superseded EPA standards or expired permit limits, mark them: entry_id="..." reason="References 2019 NAAQS ozone standard; EPA revised to 60 ppb in 2025"

Tips

  • Environmental data is inherently temporal. Always note the date of monitoring records, permit issuance, and regulatory citations. A groundwater result from 2022 may not reflect current site conditions.
  • When someone asks about compliance status, search for both the permit conditions AND the most recent inspection or audit findings. Compliance is the gap between the two.
  • Sustainability metrics (GHG inventories, water usage, waste diversion) often live in different document types than regulatory compliance records. Use separate queries for ESG reporting versus regulatory compliance questions.
  • Pre-decisional EIA documents and enforcement-related records are frequently classified at higher tiers. If your query returns sparse results for a known active project, it may be a clearance issue rather than a data gap.

Comments

Loading comments...