ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Uplo Nonprofit

v1.0.0

AI-powered nonprofit knowledge management. Search grant documentation, donor records, program reports, and compliance data with structured extraction.

0· 121·0 current·0 all-time
by@roojenkins

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for roojenkins/uplo-nonprofit.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Uplo Nonprofit" (roojenkins/uplo-nonprofit) from ClawHub.
Skill page: https://clawhub.ai/roojenkins/uplo-nonprofit
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install uplo-nonprofit

ClawHub CLI

Package manager switcher

npx clawhub@latest install uplo-nonprofit
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, README, SKILL.md, and identity-patch all describe nonprofit knowledge management and list tools (search_knowledge, search_with_context, export_org_context, get_directives) that match that purpose. However, registry metadata reported 'Required env vars: none' while skill.json declares required configuration (agentdocs_url and api_key). That mismatch reduces confidence in the package metadata.
Instruction Scope
SKILL.md only instructs the agent to call MCP tools (use_mcp_tool: search_knowledge, search_with_context, get_directives, etc.) and to respect classification tiers. It does not instruct the agent to read arbitrary local files or unrelated environment variables, nor to send data to endpoints outside the configured UPLO/agentdocs MCP server. Scope of instructions is consistent with the stated purpose.
!
Install Mechanism
The skill is instruction-only in the registry, but README and skill.json show an implicit runtime install using `npx -y @agentdocs1/mcp-server` (and the README suggests a 'clawhub install'). That means code will be fetched from the npm registry at runtime; this is a moderate-risk install mechanism because arbitrary package contents will be downloaded and executed locally. The registry did not include an explicit install spec, which is an inconsistency and reduces auditability.
!
Credentials
The functionality reasonably requires an UPLO instance URL and an API token (agentdocs_url and api_key in skill.json). That credential request is proportionate to the purpose. However, the registry metadata advertised 'none' for required env/config, while skill.json requires these two config entries (api_key is secret). The discrepancy is a coherence problem and could mislead administrators about what secrets they must provide.
Persistence & Privilege
The skill does not request always:true, does not declare system-wide config paths, and is user-invocable only. It does require network access to the configured MCP server, but that is reasonable for a remote knowledge-service integration and does not request elevated or permanent platform privileges.
What to consider before installing
Before installing: 1) Confirm provenance — the skill.json references an npm package (@agentdocs1/mcp-server) that will be fetched via npx; verify that package on the npm registry and confirm the publisher is trusted. 2) Expect to provide an agentdocs_url and an API key — only supply an API key scoped with least privilege and not a broad or admin token. 3) Because the registry metadata omitted required config, treat the manifest as incomplete and verify all required config/permissions before use. 4) Review privacy and compliance: the skill will surface donor PII and financial/compliance documents—ensure access controls, logging, and data handling meet your legal and policy requirements. 5) If you cannot validate the external npm package or vendor, run the skill in an isolated sandbox environment first, and rotate any keys after testing. If you need more certainty, ask the publisher for a signed release, clear provenance, or a vetted install artifact that you can audit offline.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d357tar0c5mn188tmx88nhh838qa3
121downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@roojenkins
latest
Download

UPLO Nonprofit

Nonprofits generate mountains of documentation — grant proposals, funder reports, board minutes, program evaluations, donor correspondence, compliance filings — yet the institutional knowledge often lives in the heads of a few long-tenured staff. This skill gives your AI assistant structured access to your organization's knowledge base so that grant deadlines don't slip, reporting requirements aren't missed, and program learnings carry forward even when team members move on.

Session Start

Start by understanding your organizational context and current strategic priorities. For nonprofits, directives often reflect multi-year strategic plans, annual fundraising goals, and board-approved program priorities.

use_mcp_tool: get_identity_context
use_mcp_tool: get_directives

Then check for anything time-sensitive — upcoming grant deadlines, pending funder reports, or board action items:

use_mcp_tool: search_knowledge query="upcoming grant deadlines funder report due dates board action items next 30 days"

When to Use

  • Writing a grant proposal and need to pull outcome data, logic models, and budget templates from previous successful applications
  • Preparing a board packet and need to assemble program updates, financial summaries, and committee reports
  • A program officer from a foundation is asking about your evaluation methodology — find the relevant program evaluation framework
  • Checking restricted vs. unrestricted fund balances before committing to a new program expansion
  • Onboarding a new development director who needs to understand donor history and cultivation strategies
  • Responding to an audit request for documentation on how grant funds were allocated and spent
  • Figuring out which foundations in your pipeline fund youth workforce development in the Midwest

Example Workflows

Grant Proposal Development

You're applying to a new foundation and need to assemble supporting materials from your track record.

use_mcp_tool: search_knowledge query="program outcomes data youth employment placement rates graduation rates last two years"
use_mcp_tool: search_with_context query="successful grant proposals workforce development logic model theory of change"
use_mcp_tool: search_knowledge query="organizational budget functional expenses program service ratio"

The structured extraction pulls outcome metrics as typed data (percentages, counts, dollar amounts) rather than buried-in-narrative text, making it straightforward to populate funder application forms.

Funder Report Compilation

A major foundation's annual report is due in two weeks. You need to gather data across multiple program areas.

use_mcp_tool: search_knowledge query="Ford Foundation grant #2024-1187 deliverables milestones reporting requirements"
use_mcp_tool: search_knowledge query="program participants served demographics outputs outcomes July 2024 through June 2025"
use_mcp_tool: search_knowledge query="expenditure reports grant fund allocation budget to actual variance"

Match deliverables from the original grant agreement against actual program data and financials to build the narrative and data tables the funder expects.

Key Tools for Nonprofits

search_knowledge — Search across grant documents, program reports, donor records, and board materials in one query. The extraction engine recognizes nonprofit-specific structures like logic models, grant budgets, and outcome frameworks. Example: "evidence-based practices mentoring program RCT quasi-experimental evaluation results"

search_with_context — Trace relationships between grants, programs, and outcomes. A single program might have multiple funding sources with different reporting requirements. Example: "all funding sources and reporting obligations for the East Side Community Health Initiative"

export_org_context — Produces a structured overview of your organization: programs, staff, governance, and strategic direction. Extremely useful when introducing your org to new funders or partners who want to understand your capacity.

get_directives — Pulls board-approved strategic priorities, annual fundraising targets, and programmatic focus areas. Essential for ensuring that grant-seeking aligns with organizational strategy rather than chasing dollars.

report_knowledge_gap — Identify missing documentation that could hurt you in an audit or site visit. No evaluation plan for a major program? No conflict of interest policy on file? Flag it before a funder asks.

Tips

  • Grant terminology matters in search. Use funder-specific language: "deliverables" vs "milestones" vs "benchmarks" — different foundations use different terms, and your extracted documents will reflect whatever language was in the original grant agreement.
  • Nonprofit financial data follows specific structures (functional expenses, program service ratios, cost allocation plans). Search with these terms to get structured financial data rather than narrative descriptions.
  • Use log_conversation after calls with program officers or major donors. These relationship notes are gold for cultivation strategy, and they're the first thing lost when a development officer leaves.
  • When preparing for a site visit, use export_org_context to generate a comprehensive briefing document rather than assembling it manually from scattered files.

Comments

Loading comments...