ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Uplo Facilities

v1.0.0

AI-powered facilities knowledge management. Search building management records, maintenance schedules, space planning data, and vendor service documentation...

0· 124·0 current·0 all-time
by@roojenkins

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for roojenkins/uplo-facilities.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Uplo Facilities" (roojenkins/uplo-facilities) from ClawHub.
Skill page: https://clawhub.ai/roojenkins/uplo-facilities
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install uplo-facilities

ClawHub CLI

Package manager switcher

npx clawhub@latest install uplo-facilities
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name, README, SKILL.md, identity patch, and skill.json consistently describe a facilities knowledge connector to a UPLO/AgentDocs MCP server (search_knowledge, search_with_context, export_org_context, etc.), which is coherent with the stated purpose. However, the registry summary presented to you earlier lists no required environment variables or primary credential while the included skill.json and README explicitly require an AGENTDOCS_URL and an API_KEY — a manifest/metadata mismatch that should be resolved before trusting the skill.
Instruction Scope
SKILL.md only instructs the agent to use knowledge APIs (get_identity_context, get_directives, search_knowledge, etc.) and to surface or flag facilities documents. It does not ask the agent to read arbitrary local files, system secrets, or to send data to third-party endpoints beyond the configured UPLO/AgentDocs instance. The scope matches the stated purpose.
!
Install Mechanism
Although the registry lists this as instruction-only, README and skill.json direct the platform to run an MCP server using 'npx -y @agentdocs1/mcp-server --http' (or equivalent). Using npx at runtime will fetch and execute code from the npm registry (package @agentdocs1/mcp-server). That is a moderate-risk install pattern: the code executed is external and can run arbitrary actions. Confirm the npm package publisher and review its source before allowing the agent to run it.
Credentials
The skill.json requires two configuration items: agentdocs_url (your UPLO instance URL) and api_key (MCP token). Those are appropriate and proportionate for connecting to an external UPLO service. The concern is the mismatch: the registry summary at the top claimed 'Required env vars: none' while the packaged metadata requires credentials. Also ensure the API key scoped to minimal access (read-only search) rather than broad admin privileges.
Persistence & Privilege
The skill does not request always:true and does not declare system config paths or cross-skill modifications. It relies on an identity/context provided by the org and normal autonomous invocation (disable-model-invocation=false), which is expected for an integration of this type.
What to consider before installing
Before installing: 1) Resolve the metadata mismatch — the registry said 'no credentials' but skill.json and README require AGENTDOCS_URL and API_KEY. 2) Verify provenance: the skill owner is unknown and there's no homepage; confirm you trust UPLO and the npm package @agentdocs1/mcp-server. 3) Inspect the npm package source (or vendor-provided code) and verify what the MCP server does (does it proxy data through a vendor, run locally, store data?). 4) Use least-privilege credentials: create an API key scoped only to the needed read/search operations and avoid admin keys. 5) If you must install, consider running the MCP server in an isolated environment (not with full org credentials) until you vet it. 6) If you need higher confidence, ask the publisher for a homepage, source repo, or signed release and a description of where exported org context data is stored or transmitted.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a0qsyp62pcje0se0rf4pxwx838xrc
124downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@roojenkins
latest
Download

UPLO Facilities — Building Operations & Space Management Intelligence

Facilities operations generate enormous volumes of documentation that rarely get searched effectively: preventive maintenance schedules, building automation system configurations, lease abstracts, space utilization studies, vendor service agreements, and capital improvement plans. UPLO makes all of it queryable so your facilities team can stop digging through filing cabinets and shared drives.

When to Use

  • The maintenance supervisor asks which HVAC units are due for filter replacement this month and who the contracted vendor is
  • A department head requests 500 additional square feet of office space and you need to check current vacancy across the portfolio
  • Someone reports a recurring water leak on the third floor and you want to see if there is a history of plumbing issues in that zone
  • The CFO asks for the total annual spend on janitorial services across all locations
  • A project manager needs the load-bearing capacity of the warehouse mezzanine before approving new equipment installation
  • You need to verify whether the elevator inspection certificate for Building C is current or expired
  • The energy manager wants to compare utility consumption across buildings to identify the worst performers

Session Start

Load your organizational context first. Facilities data spans multiple buildings, campuses, and sometimes business units with different access controls. Your identity context determines which properties you can query.

get_identity_context

Check for active directives — these often include space consolidation mandates, energy reduction targets, or capital freeze periods that affect facilities decisions.

get_directives

Example Workflows

Emergency Repair Coordination

A chiller failure is reported at the downtown office during a July heat wave. The facilities manager needs to act fast.

search_knowledge query="chiller specifications and maintenance history for 200 Main Street downtown office"

search_with_context query="HVAC service contracts and emergency response SLAs for the downtown campus"

search_knowledge query="backup cooling procedures or portable AC deployment protocol for critical server rooms"

Lease Renewal Analysis

Three office leases expire within the next 18 months. The real estate team needs to decide: renew, renegotiate, or consolidate.

search_with_context query="current lease terms, square footage, and occupancy rates for offices expiring in 2027"

search_knowledge query="space utilization study results and hoteling desk adoption rates"

get_directives

Cross-reference the utilization data with any active consolidation or remote-work directives before making recommendations.

Key Tools for Facilities

search_knowledge — Your go-to for specific facility lookups: query="fire suppression system inspection report for Warehouse B". Facilities data is often very concrete — equipment serial numbers, inspection dates, vendor contacts — so targeted queries work well.

search_with_context — Use when a facilities question involves organizational relationships. For example, query="which teams are allocated to the fourth floor of the Riverside building and what are their growth projections" requires connecting space assignments with departmental data.

export_org_context — Useful for annual capital planning. Exports the complete organizational view so you can cross-reference facility conditions with strategic priorities and departmental needs in a single document.

flag_outdated — Facilities documentation decays constantly. Equipment gets replaced, vendors change, inspection certificates expire. When you find a document referencing a decommissioned boiler or an old vendor contract number, flag it: entry_id="..." reason="References Allied Mechanical as HVAC vendor; contract transferred to Summit Building Services in January 2026"

Tips

  • Facilities questions often have a physical dimension that matters. When searching, include the building name, floor, or campus in your query. "HVAC maintenance" returns too much; "HVAC maintenance Building C rooftop units" gets you the right records.
  • Vendor service agreements and maintenance schedules are living documents. Always check the effective dates on any contract or schedule you surface — procurement may have renegotiated terms since the document was ingested.
  • Capital improvement projects generate documentation across multiple phases (feasibility study, design specs, bid documents, punch lists, close-out reports). A single search may only surface one phase. Run follow-up queries if you need the full project arc.
  • When someone asks "who handles X" for a building, the answer might be an internal maintenance team or an external vendor depending on the service type and location. Check both organizational members and vendor contracts.

Comments

Loading comments...