中文 EN

Scan Report

Scan New Files

Suspicious — Risk Score 42/100
Last scan:18 hr ago Rescan
42 /100
uplo-legal
AI-powered legal knowledge management. Search contracts, compliance requirements, legal cases, and policy documents with structured extraction.
Skill implements legitimate MCP-based legal knowledge management but exhibits supply chain risk through unpinned npx package installation without explicit capability declarations.
Skill Nameuplo-legal
Duration46.6s
Enginepi
Use with caution
Pin @agentdocs1/mcp-server to a specific version hash, explicitly declare shell:WRITE in allowed-tools, and verify the npm package integrity before use in production environments.

Findings 4 items

Severity Finding Location
Medium
Unpinned npm package dependency Supply Chain
The skill references @agentdocs1/mcp-server without pinning to a specific version or integrity hash. This allows an attacker to publish a malicious update under the same package name.
"args": ["-y", "@agentdocs1/mcp-server", "--http"]
→ Pin the package to a specific version with integrity hash: @agentdocs1/[email protected]#sha256:...
 skill.json:19
Medium
Dynamic package installation via npx -y Supply Chain
The npx -y flag bypasses user confirmation and installs the package from npm registry at runtime without verification. This is a common supply chain attack vector.
"command": "npx", "args": ["-y", "@agentdocs1/mcp-server"]
→ Pre-install the package and reference the local path, or use npm pack with integrity verification
 skill.json:19
Low
Missing allowed-tools declaration Doc Mismatch
SKILL.md shows mcporter call bash invocations but does not explicitly declare shell:WRITE as an allowed capability, creating a doc-to-code mismatch.
mcporter call uplo-legal.get_identity_context
→ Add explicit allowed-tools declaration for shell:WRITE in skill.json capabilities or document the shell usage explicitly
 SKILL.md:16
Low
Package namespace observation Supply Chain
The package @agentdocs1 is under a personal/organizational namespace which may be more susceptible to typosquatting than official packages.
@agentdocs1/mcp-server
→ Verify package ownership and consider using a verified/organizational package scope
 skill.json:19
ResourceDeclaredInferredStatusEvidence
Shell NONE WRITE ✗ Violation SKILL.md:16-44 - mcporter call invocations not declared in capabilities
Network READ READ ✓ Aligned skill.json:19 - MCP transport via HTTP to configured endpoint
Filesystem NONE NONE No file operations detected
10 findings
🔗
Medium External URL 外部 URL
https://img.shields.io/badge/ClawHub-uplo-legal-blue
README.md:5
🔗
Medium External URL 外部 URL
https://clawhub.com/skills/uplo-legal
README.md:5
🔗
Medium External URL 外部 URL
https://img.shields.io/badge/MCP-21_tools-green
README.md:6
🔗
Medium External URL 外部 URL
https://img.shields.io/badge/schemas-8-orange
README.md:7
🔗
Medium External URL 外部 URL
https://uplo.ai/schemas
README.md:7
🔗
Medium External URL 外部 URL
https://your-instance.uplo.ai
README.md:24
🔗
Medium External URL 外部 URL
https://clawhub.com/skills/uplo-compliance
README.md:60
🔗
Medium External URL 外部 URL
https://clawhub.com/skills/uplo-environmental
README.md:61
🔗
Medium External URL 外部 URL
https://clawhub.com/skills/uplo-knowledge-management
README.md:62
🔗
Medium External URL 外部 URL
https://app.uplo.ai
skill.json:12

File Tree

4 files · 6.8 KB · 174 lines
Markdown 3f · 134L JSON 1f · 40L
├─ 📝 identity-patch.md Markdown 7L · 1.6 KB
├─ 📝 README.md Markdown 70L · 2.7 KB
├─ 📋 skill.json JSON 40L · 1.1 KB
└─ 📝 SKILL.md Markdown 57L · 1.4 KB

Dependencies 1 items

PackageVersionSourceKnown VulnsNotes
@agentdocs1/mcp-server * npm (npx) No Version not pinned - supply chain risk

Security Positives

✓ API key config marked as secret=true in skill.json
✓ No credential exfiltration patterns detected
✓ No suspicious shell commands (reverse shells, curl piping, base64 execution)
✓ No sensitive file access attempts (~/.ssh, ~/.aws, .env)
✓ MCP server pattern is a legitimate industry-standard approach
✓ No obfuscation or anti-analysis techniques detected
✓ Clean codebase with no scripts directory