ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Uplo Healthcare

v1.0.0

AI-powered healthcare knowledge management. Search clinical notes, care plans, lab results, prescriptions, and patient pathways with structured extraction.

0· 187·0 current·0 all-time
by@roojenkins

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for roojenkins/uplo-healthcare.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Uplo Healthcare" (roojenkins/uplo-healthcare) from ClawHub.
Skill page: https://clawhub.ai/roojenkins/uplo-healthcare
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install uplo-healthcare

ClawHub CLI

Package manager switcher

npx clawhub@latest install uplo-healthcare
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The skill is presented as an organizational knowledge/clinical-protocol search tool and the declared capabilities (search_knowledge, search_with_context, get_directives, export_org_context) align with that purpose. Requiring a UPLO instance URL and an API key (via skill.json) is proportionate for a hosted knowledge service. However, the registry metadata provided to you earlier claims no required env/config, which contradicts skill.json's required config entries (agentdocs_url and api_key).
Instruction Scope
SKILL.md instructs the agent to call functions such as get_identity_context, get_directives, search_knowledge, search_with_context, and export_org_context — all within the stated domain (organizational policies, directives, and protocols). The instructions explicitly caution against surfacing PHI. One operational caution: export_org_context can produce large organizational exports; this is consistent with the skill's purpose but is also a high-scope action that could expose broad organizational data if misused.
!
Install Mechanism
There is no explicit install spec, but skill.json's mcp configuration relies on running an npm package via npx (@agentdocs1/mcp-server). Fetching and executing code with npx at runtime is a moderate-risk install pattern: it's common for connectors but it downloads and runs external code. The manifest uses an unpinned npx invocation (-y, latest), which increases risk because it will fetch whatever is current in the registry rather than a reviewed version.
Credentials
The only sensitive configuration required by the skill.json is an agentdocs_url and an api_key — these are appropriate for a hosted UPLO MCP connector. This is proportional to the stated purpose. However, the registry metadata you were shown earlier listed no required env vars/credentials, which is inconsistent with skill.json and README (both of which require API key and URL). Confirming which record is authoritative is important before deploying credentials.
Persistence & Privilege
The skill does not request always:true and does not attempt to modify other skills. The declared MCP transport is HTTP to the provided service URL; normal for a connector. There is no indication the skill modifies system-wide agent settings beyond launching its own MCP server process.
Scan Findings in Context
[regex_scan_empty] expected: The regex-based scanner found nothing to analyze because this is an instruction-only skill with no code files. That is expected for many connector/manifest-only skills, but it means you should review external package usage and the skill.json manifest manually.
Assessment
What to check before installing: - Confirm the source: verify the UPLO vendor and the author identity (UPLO / @agentdocs1) and prefer installing only from a trusted internal registry or a vetted vendor page. - Validate configuration mismatch: the registry metadata you received claims no required envs, but skill.json and README require an agentdocs_url and api_key. Clarify which is correct before supplying credentials. - Audit the npm package: skill.json/README indicate usage of an npx command that will fetch @agentdocs1/mcp-server. Inspect that npm package (versioned release, publisher, recent change history) or ask for a pinned, auditable release before allowing runtime fetches. - Use least privilege for credentials: issue an API key scoped only to the capabilities the skill needs (read/search/export) and avoid giving it access to PHI or unrelated services. - Control export actions: treat export_org_context as sensitive. Limit who can invoke exports, require approval/auditing, and verify exported data does not include PHI or overly broad organizational data. - Prefer pinned versions: request that the skill manifest reference a pinned package version (not an implicit latest via npx -y) or allow hosting the MCP server internally. - Logging & auditing: ensure all queries and exports are logged and reviewed; ensure the integration complies with your privacy/HIPAA policies. If you want, I can list concrete questions to ask the publisher or a checklist for an operator to safely deploy this connector.

Like a lobster shell, security has layers — review code before you run it.

latestvk973fzpe8yqk9knrecehmaady1838byb
187downloads
0stars
1versions
Updated 22h ago
v1.0.0
MIT-0
@roojenkins
latest
Download

UPLO Healthcare — Clinical Protocol & Care Coordination Intelligence

Healthcare organizations produce vast quantities of structured and unstructured documentation: clinical practice guidelines, formulary decisions, quality measure specifications, credentialing records, compliance training documentation, care pathway definitions, and departmental operating procedures. UPLO makes this institutional knowledge searchable so clinicians, administrators, and quality teams can find authoritative answers without calling three departments.

Important: UPLO indexes organizational knowledge documents (policies, protocols, guidelines). It does not store or provide access to individual patient health records (PHI). All queries return organizational reference materials, not patient data.

Session Start

Healthcare data sensitivity requires careful attention to your access tier. Credentialing committee deliberations, peer review records, and incident investigation details carry statutory protections beyond standard classification.

get_identity_context

Check for active directives — these may include Joint Commission readiness priorities, CMS Conditions of Participation focus areas, or active quality improvement initiatives.

get_directives

When to Use

  • A hospitalist asks for the current sepsis screening protocol and whether it was updated after the Surviving Sepsis Campaign 2024 guidelines
  • The pharmacy director needs to know the formulary status of a newly approved biologic and the P&T committee's rationale for the tier decision
  • Quality management asks which core measures the organization is underperforming on and what improvement plans are in place
  • A nurse manager wants the patient fall prevention protocol and the root cause analysis summary from the last sentinel event
  • Credentialing staff need to verify the privileging criteria for a new surgical procedure being added to the department
  • The compliance officer asks whether the organization's HIPAA breach notification procedures align with the latest OCR guidance
  • An administrator preparing for a Joint Commission survey needs the current status of all previously cited deficiencies

Example Workflows

Clinical Protocol Clarification

An ED physician is treating a patient with suspected stroke and needs to confirm the organization's tPA administration criteria and the teleneurology consultation process.

search_knowledge query="acute ischemic stroke protocol including tPA inclusion criteria and time windows"

search_with_context query="teleneurology consultation process including contact information, hours of availability, and escalation for after-hours coverage"

The context-aware search pulls in the neurology department profile, on-call structures, and related quality metrics.

Regulatory Survey Preparation

A CMS validation survey is scheduled for next month. The quality director needs to verify readiness across multiple Conditions of Participation.

search_knowledge query="infection control plan and antibiotic stewardship program documentation"

search_with_context query="patient rights policies including informed consent procedures, advance directive protocols, and grievance resolution process"

export_org_context

Use the full context export to systematically cross-reference documented policies against each Condition of Participation.

Key Tools for Healthcare

search_knowledge — Direct lookup of clinical protocols, formulary decisions, and compliance documentation: query="blood transfusion consent requirements and massive transfusion protocol activation criteria". Clinical staff need precise, citable answers.

search_with_context — Healthcare questions often involve interdisciplinary relationships. A query like query="discharge planning process for patients requiring home health services including case management referral criteria and preferred vendor list" needs to connect clinical protocols with administrative processes and vendor relationships.

get_directives — Healthcare leadership directives often reflect regulatory urgency. A CMS Condition-level deficiency, a quality measure that dropped below threshold, or a new accreditation standard all generate directives that should inform your recommendations.

report_knowledge_gap — Undocumented clinical protocols create patient safety risk. If a clinician asks about a procedure and no protocol exists, report it as high priority: topic="pediatric procedural sedation protocol for radiology" description="No documented sedation protocol found for pediatric imaging procedures despite performing approximately 200 sedated MRIs annually"

flag_outdated — Clinical guidelines evolve. If you find a protocol citing a superseded guideline or a drug that was removed from the formulary, flag it immediately: entry_id="..." reason="Protocol references chlorhexidine bathing frequency from 2018 SHEA guidelines; updated 2025 guidelines changed recommendations for non-ICU settings"

Tips

  • Healthcare operates under multiple overlapping regulatory frameworks (CMS CoPs, Joint Commission standards, state licensure, specialty board requirements). A single clinical question may touch several of them. Use search_with_context when the regulatory landscape is complex.
  • Peer review and credentialing records have special legal protections in most jurisdictions (state peer review privilege statutes). Even if your clearance permits access, treat these documents with heightened sensitivity and note their privileged status in any summary.
  • Quality measure data is only meaningful in context. A mortality rate, readmission rate, or infection rate needs the denominator, risk adjustment methodology, and comparison benchmark to be interpretable. Search for the measure specification alongside the reported data.
  • Healthcare terminology is heavily acronymed and varies between organizations. If a search returns no results, try the expanded form (e.g., "venous thromboembolism prophylaxis" instead of "VTE ppx") or check for institution-specific naming conventions.

Comments

Loading comments...