中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 15/100
上次扫描:21 小时前 重新扫描
15 /100
uplo-agriculture
AI-powered agricultural knowledge management. Search crop management records, livestock data, compliance documentation, and sustainability reports.
This is a legitimate agricultural knowledge management skill using the MCP protocol with no malicious code present, though the unversioned npx package dependency poses a minor supply chain risk.
技能名称uplo-agriculture
分析耗时52.4s
引擎pi
可以安装
Consider pinning the MCP server version (e.g., `@agentdocs1/[email protected]` instead of `@agentdocs1/mcp-server`) to prevent unexpected updates. Otherwise safe to use.

安全发现 1 项

严重性 安全发现 位置
低危
Unpinned MCP server package version 供应链
The skill installs @agentdocs1/mcp-server using npx -y without version pinning, allowing any version to be installed. This could lead to unexpected behavior if the package is updated.
"args": ["-y", "@agentdocs1/mcp-server", "--http"]
→ Pin the package version: @agentdocs1/[email protected] or @agentdocs1/[email protected]
 skill.json:22
资源类型声明权限推断权限状态证据
网络访问 READ READ ✓ 一致 HTTP transport to configured UPLO endpoint via MCP protocol
环境变量 READ READ ✓ 一致 Reads AGENTDOCS_URL and API_KEY from config/env
文件系统 NONE NONE No filesystem access declared or observed
命令执行 NONE NONE No shell commands executed; mcporter calls are tool invocations
技能调用 WRITE WRITE ✓ 一致 Uses mcporter to invoke UPLO MCP tools
10 项发现
🔗
中危 外部 URL 外部 URL
https://img.shields.io/badge/ClawHub-uplo-agriculture-blue
README.md:5
🔗
中危 外部 URL 外部 URL
https://clawhub.com/skills/uplo-agriculture
README.md:5
🔗
中危 外部 URL 外部 URL
https://img.shields.io/badge/MCP-21_tools-green
README.md:6
🔗
中危 外部 URL 外部 URL
https://img.shields.io/badge/schemas-4-orange
README.md:7
🔗
中危 外部 URL 外部 URL
https://uplo.ai/schemas
README.md:7
🔗
中危 外部 URL 外部 URL
https://your-instance.uplo.ai
README.md:24
🔗
中危 外部 URL 外部 URL
https://clawhub.com/skills/uplo-environmental
README.md:60
🔗
中危 外部 URL 外部 URL
https://clawhub.com/skills/uplo-knowledge-management
README.md:61
🔗
中危 外部 URL 外部 URL
https://clawhub.com/skills/uplo-sustainability
README.md:62
🔗
中危 外部 URL 外部 URL
https://app.uplo.ai
skill.json:17

目录结构

4 文件 · 7.2 KB · 185 行
Markdown 3f · 136L JSON 1f · 49L
├─ 📝 identity-patch.md Markdown 9L · 1.7 KB
├─ 📝 README.md Markdown 70L · 2.7 KB
├─ 📋 skill.json JSON 49L · 1.2 KB
└─ 📝 SKILL.md Markdown 57L · 1.5 KB

依赖分析 1 项

包名版本来源已知漏洞备注
@agentdocs1/mcp-server unpinned npx Package version not specified - any version may be installed

安全亮点

✓ Well-documented SKILL.md with clear scope and purpose
✓ API key declared as secret in config, not hardcoded
✓ No direct filesystem, shell, or sensitive path access
✓ No credential harvesting or data exfiltration code
✓ No obfuscation patterns (base64, eval, etc.)
✓ Uses legitimate MCP protocol standard
✓ No suspicious network connections beyond declared MCP endpoint
✓ Classification tier controls documented