uplo-clinical 安全扫描报告 — 可信 | ClawSafe

5 /100

uplo-clinical

AI-powered clinical operations intelligence spanning pharmaceutical development and healthcare delivery

UPLO Clinical is a legitimate clinical operations knowledge management skill that connects to a documented UPLO MCP server via standard configuration—no executable scripts, no shell access, and no suspicious behaviors beyond expected SaaS connectivity.

技能名称uplo-clinical

分析耗时27.7s

引擎pi

✓

可以安装

Approve for use. The skill is a pure documentation/configuration package for a clinical SaaS product. No action required beyond standard API key security practices.

安全发现 1 项

严重性	安全发现	位置
低危	Third-party MCP server dependency 供应链 The skill relies on @agentdocs1/mcp-server package from npm. This is a standard MCP pattern and the dependency is explicitly declared. `@agentdocs1/mcp-server` → Verify npm package authenticity before use; this is standard practice for MCP integrations.	`skill.json:21`

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`NONE`	—	No file access in any files
网络访问	`READ`	`READ`	✓ 一致	skill.json:17 - MCP server connects to configured UPLO instance
命令执行	`NONE`	`NONE`	—	No shell execution found
环境变量	`NONE`	`NONE`	—	No environment variable access
技能调用	`NONE`	`NONE`	—	No inter-skill invocation
剪贴板	`NONE`	`NONE`	—	No clipboard access
浏览器	`NONE`	`NONE`	—	No browser automation
数据库	`NONE`	`NONE`	—	No direct DB access

10 项发现

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/ClawHub-uplo-clinical-blue

README.md:5

🔗

中危外部 URL 外部 URL

https://clawhub.com/skills/uplo-clinical

README.md:5

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/MCP-21_tools-green

README.md:6

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/schemas-15-orange

README.md:7

🔗

中危外部 URL 外部 URL

https://uplo.ai/schemas

README.md:7

🔗

中危外部 URL 外部 URL

https://your-instance.uplo.ai

README.md:24

🔗

中危外部 URL 外部 URL

https://clawhub.com/skills/uplo-healthcare

README.md:61

🔗

中危外部 URL 外部 URL

https://clawhub.com/skills/uplo-knowledge-management

README.md:62

🔗

中危外部 URL 外部 URL

https://clawhub.com/skills/uplo-pharma

README.md:63

🔗

中危外部 URL 外部 URL

https://app.uplo.ai

skill.json:17

目录结构

4 文件 · 11.5 KB · 224 行

Markdown 3f · 175L JSON 1f · 49L

├─ 📝 identity-patch.md Markdown 9L · 1.8 KB

├─ 📝 README.md Markdown 71L · 2.7 KB

├─ 📋 skill.json JSON 49L · 1.2 KB

└─ 📝 SKILL.md Markdown 95L · 5.8 KB

依赖分析 1 项

包名	版本	来源	已知漏洞	备注
`@agentdocs1/mcp-server`	`latest`	npm	否	Pinned version recommended for production use

安全亮点

✓ No executable scripts present—pure configuration and documentation

✓ All capabilities are explicitly declared in SKILL.md and skill.json

✓ No shell or filesystem access requests

✓ API key properly marked as secret in skill.json config

✓ No obfuscation or base64-encoded payloads

✓ No credential harvesting beyond what's required for service auth

✓ No suspicious network patterns (only documented UPLO service URLs)

✓ Clear documentation of what the MCP server does

✓ No sensitive files accessed (no .ssh, .env, or config file scanning)