ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Uplo Operations

v1.0.0

AI-powered operations knowledge management. Search process documentation, capacity plans, resource allocation data, and KPI dashboards with structured extrac...

0· 138·0 current·0 all-time
by@roojenkins

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for roojenkins/uplo-operations.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Uplo Operations" (roojenkins/uplo-operations) from ClawHub.
Skill page: https://clawhub.ai/roojenkins/uplo-operations
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install uplo-operations

ClawHub CLI

Package manager switcher

npx clawhub@latest install uplo-operations
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name, README, SKILL.md, and skill.json all describe an operations knowledge connector (search_knowledge, search_with_context, export_org_context, etc.), which is coherent with the stated purpose. However, the registry metadata lists no required config/env, while skill.json clearly declares required configuration (agentdocs_url and api_key). This mismatch is unexpected and should be reconciled.
Instruction Scope
SKILL.md instructs the agent to call MCP tools (search_knowledge, search_with_context, export_org_context, flag_outdated, propose_update, log_conversation). Those actions are appropriate for an operations knowledge skill and do not instruct reading unrelated local files or arbitrary env vars. Note: the operations data accessed (org context, capacity plans, SOPs) is highly sensitive by nature—this is within-scope but high-impact data if misused.
!
Install Mechanism
Although the registry lists no install spec, README and skill.json indicate the skill expects an MCP server launched via npx @agentdocs1/mcp-server (--http). That entails downloading/executing an npm package at runtime and starting an HTTP service. Pulling code via npx from a public registry is a moderate-to-high risk without auditing the package and its source. The lack of an explicit install spec in registry metadata makes the runtime behavior less transparent.
!
Credentials
skill.json requires agentdocs_url and api_key (appropriate for connecting to a UPLO instance). But registry metadata declared no required env/config — an inconsistency. The api_key gives access to potentially sensitive organizational knowledge; ensure the key's scope is least-privilege (read-only where possible) and that the platform will securely store/use it.
Persistence & Privilege
The skill is not always-installed and does not request global privileges. However, its mcp command will run a local HTTP MCP server (per skill.json/README), which may persist while the agent is active and expose an endpoint to which data flows. Autonomous invocation is allowed by default — consider whether you want the agent to be able to fetch org context or export snapshots without explicit user confirmation.
What to consider before installing
This skill appears to do what it says (connect to UPLO to search SOPs, capacity plans, KPIs) but there are two red flags you should address before installing: 1) Metadata mismatch: the platform registry lists no required config, yet the included skill.json requires an agentdocs_url and api_key. Confirm with the publisher which credentials are actually needed and why the registry metadata omitted them. 2) Runtime install & network exposure: the skill expects to launch an MCP server via npx @agentdocs1/mcp-server (downloads and runs an npm package and starts an HTTP endpoint). Before proceeding: - Verify the npm package @agentdocs1/mcp-server is from a trusted publisher and review its code or provenance (or use a vetted internal mirror). - Limit the API key to the minimum permissions (read-only, scoped to the knowledge base) and rotate it after testing. - Ensure the MCP endpoint is configured securely (use HTTPS if possible, local binding only if you don't want external exposure). - Consider running this skill in a sandbox or staging org account first and audit the traffic and logs. Finally, decide whether you want the agent to be able to autonomously call export_org_context or log_conversation; if not, restrict autonomous invocation or require manual approval for those actions. If you need more certainty, ask the skill author for a signed package release, a vetted install artifact, and explicit documentation about API key scopes and the @agentdocs1/mcp-server package source.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bc7rk2n8z96aqe53fhx6mjd839a42
138downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@roojenkins
latest
Download

UPLO Operations

Operations is the connective tissue of any organization — the processes, playbooks, capacity models, and performance metrics that keep everything running. This skill connects your AI assistant to UPLO's structured extraction of operational knowledge: SOPs, runbooks, capacity plans, incident postmortems, vendor SLAs, and the KPI data that tells you whether things are actually working.

Session Start

Load your ops context to understand your role, team scope, and current operational priorities:

use_mcp_tool: get_identity_context

Then pull the latest on anything that might need immediate attention:

use_mcp_tool: search_knowledge query="active incidents open action items SLA breaches capacity warnings"
use_mcp_tool: get_directives

Directives for operations teams typically cover efficiency targets, cost reduction mandates, and service level commitments — knowing these frames every decision you make.

When to Use

  • A process just broke and you need the runbook — fast. What are the exact steps for failover?
  • Calculating whether you have enough capacity (people, systems, physical space) for a projected demand increase next quarter
  • Pulling the vendor SLA terms for a service that's been underperforming so you can initiate a formal review
  • Building a business case for process automation by finding where manual steps create the most bottlenecks
  • Preparing for an operational review meeting with executive leadership — need KPI trends, not just snapshots
  • Investigating why cycle time increased on a key process and what changed in the last 60 days
  • Onboarding a new operations manager who needs to understand the full process landscape

Example Workflows

Incident Response and Postmortem

Something went wrong and you need to contain it, then learn from it.

use_mcp_tool: search_knowledge query="runbook incident response procedure for payment processing failures"
use_mcp_tool: search_knowledge query="previous incidents payment processing root cause analysis postmortem"
use_mcp_tool: search_with_context query="payment processing system dependencies upstream downstream SLA obligations"

The first search gets you the immediate playbook. The second surfaces prior incidents so you can check whether this is a recurring pattern. The context search maps system dependencies so you understand blast radius.

Quarterly Capacity Planning

You need to model whether current resources can handle projected Q3 volume.

use_mcp_tool: search_knowledge query="capacity utilization rates by team department Q1 Q2 actual vs planned"
use_mcp_tool: search_knowledge query="demand forecast projections Q3 volume transaction throughput"
use_mcp_tool: search_knowledge query="hiring plan headcount approved positions open requisitions operations"
use_mcp_tool: export_org_context

The org context export gives you the current organizational structure overlaid with capacity data, making it clear where you have headroom and where you're already running hot.

Key Tools for Operations

search_knowledge — Your primary tool for finding SOPs, runbooks, KPI data, and process documentation. Operations data is often spread across wikis, shared drives, and ticketing systems — UPLO consolidates it into searchable structured records. Example: "order fulfillment process cycle time SLA target vs actual last 6 months"

search_with_context — Operations is all about dependencies. A process change in one area cascades through others. This tool follows those connections. Example: "upstream dependencies for the monthly close process including data feeds handoffs and approval gates"

export_org_context — Generates a snapshot of your operational structure: teams, systems, processes, and their interconnections. Use it to brief new team members or to give leadership a helicopter view of operational health.

flag_outdated — Stale runbooks are dangerous. If you encounter a procedure that references a decommissioned system, an old vendor, or a changed approval chain, flag it immediately. Example: flag a disaster recovery plan that still references the on-prem data center you migrated off of 18 months ago.

propose_update — After a process improvement, push the updated procedure back into the knowledge base. Don't let the documentation drift from reality. Example: update the customer onboarding SOP to reflect the new automated verification step.

Tips

  • Operations documents tend to use internal jargon and acronyms heavily. Search using both the acronym and the full name: "MTTR mean time to repair" or "NPS net promoter score customer operations" — this catches documents regardless of which form they used.
  • When you find conflicting SOPs (two different procedures for the same process), don't just pick one. Use flag_outdated on the stale version AND report_knowledge_gap to note the conflict so the process owner can reconcile them.
  • Time-series KPI data is most useful when you search with specific date ranges rather than asking for "the latest" — this lets you build trend lines and spot degradation patterns.
  • After any significant operational change (new vendor, process redesign, system migration), use log_conversation to document the rationale and expected outcomes. This creates an audit trail that's invaluable when someone later asks "why did we change this?"

Comments

Loading comments...