Skill Trust Decision

uplo-legal

Name: uplo-legal Trust Review Report
Item: uplo-legal
Rating: 58
Author: ClawSafe

Skill implements legitimate MCP-based legal knowledge management but exhibits supply chain risk through unpinned npx package installation without explicit capability declarations.

Install decision first Source: Manual upload Scanned: Apr 5, 2026

Files 4

Artifacts 10

Violations 1

Findings 4

Most direct threat evidence

Why this conclusion was reached

1/4 dimensions flagged

Block

Declared vs actual capability

1 undeclared or violating capabilities were inferred.

Review

Hidden execution and egress

10 lower-risk artifacts were extracted and still need context.

Pass

Attack chain and severe findings

There is no explicit malicious chain in the report.

Review

Dependencies and supply chain hygiene

1 dependency or supply-chain issues need attention.

What drove the risk score up

Unpinned npx package dependency +20

@agentdocs1/mcp-server fetched without version or hash pinning, enabling supply chain attacks

Dynamic package installation via npx -y +12

npx -y bypasses user confirmation to install arbitrary packages at runtime

No explicit allowed-tools declaration +10

SKILL.md shows mcporter call commands but doesn't explicitly declare shell:WRITE permission

Most important evidence

Medium Supply Chain

Unpinned npm package dependency

The skill references @agentdocs1/mcp-server without pinning to a specific version or integrity hash. This allows an attacker to publish a malicious update under the same package name.

skill.json:19

Pin the package to a specific version with integrity hash: @agentdocs1/[email protected]#sha256:...

Medium Supply Chain

Dynamic package installation via npx -y

The npx -y flag bypasses user confirmation and installs the package from npm registry at runtime without verification. This is a common supply chain attack vector.

skill.json:19

Pre-install the package and reference the local path, or use npm pack with integrity verification

Low Doc Mismatch

Missing allowed-tools declaration

SKILL.md shows mcporter call bash invocations but does not explicitly declare shell:WRITE as an allowed capability, creating a doc-to-code mismatch.

SKILL.md:16

Add explicit allowed-tools declaration for shell:WRITE in skill.json capabilities or document the shell usage explicitly

Low Supply Chain

Package namespace observation

The package @agentdocs1 is under a personal/organizational namespace which may be more susceptible to typosquatting than official packages.

skill.json:19

Verify package ownership and consider using a verified/organizational package scope

Declared capability vs actual capability

Shell Block

Declared NONE

→

Inferred WRITE

SKILL.md:16-44 - mcporter call invocations not declared in capabilities

Network Pass

Declared READ

→

Inferred READ

skill.json:19 - MCP transport via HTTP to configured endpoint

Filesystem Pass

Declared NONE

→

Inferred NONE

No file operations detected

Suspicious artifacts and egress

Medium External URL

https://img.shields.io/badge/ClawHub-uplo-legal-blue

README.md:5

Medium External URL

https://clawhub.com/skills/uplo-legal

README.md:5

Medium External URL

https://img.shields.io/badge/MCP-21_tools-green

README.md:6

Medium External URL

https://img.shields.io/badge/schemas-8-orange

README.md:7

Medium External URL

https://uplo.ai/schemas

README.md:7

Medium External URL

https://your-instance.uplo.ai

README.md:24

Medium External URL

https://clawhub.com/skills/uplo-compliance

README.md:60

Medium External URL

https://clawhub.com/skills/uplo-environmental

README.md:61

Medium External URL

https://clawhub.com/skills/uplo-knowledge-management

README.md:62

Medium External URL

https://app.uplo.ai

skill.json:12

Dependencies and supply chain

Package	Version	Source	Known vuln	Notes
@agentdocs1/mcp-server	`*`	npm (npx)	No	Version not pinned - supply chain risk

File composition

4 files · 174 lines

Markdown 3 files · 134 linesJSON 1 files · 40 lines

Files of concern · 3

README.md Markdown · 70 lines

https://img.shields.io/badge/ClawHub-uplo-legal-blue · https://clawhub.com/skills/uplo-legal · https://img.shields.io/badge/MCP-21_tools-green · https://img.shields.io/badge/schemas-8-orange · https://uplo.ai/schemas · https://your-instance.uplo.ai · https://clawhub.com/skills/uplo-compliance · https://clawhub.com/skills/uplo-environmental · https://clawhub.com/skills/uplo-knowledge-management

SKILL.md Markdown · 57 lines

Missing allowed-tools declaration

skill.json JSON · 40 lines

Unpinned npm package dependency · Dynamic package installation via npx -y · Package namespace observation · https://app.uplo.ai

Other files · identity-patch.md

Security positives

API key config marked as secret=true in skill.json

No credential exfiltration patterns detected

No suspicious shell commands (reverse shells, curl piping, base64 execution)

No sensitive file access attempts (~/.ssh, ~/.aws, .env)

MCP server pattern is a legitimate industry-standard approach

No obfuscation or anti-analysis techniques detected

Clean codebase with no scripts directory