uplo-legal 安全扫描报告 — 可疑 | ClawSafe

42 /100

uplo-legal

AI-powered legal knowledge management. Search contracts, compliance requirements, legal cases, and policy documents with structured extraction.

Skill implements legitimate MCP-based legal knowledge management but exhibits supply chain risk through unpinned npx package installation without explicit capability declarations.

技能名称uplo-legal

分析耗时46.6s

引擎pi

⚠

谨慎使用

Pin @agentdocs1/mcp-server to a specific version hash, explicitly declare shell:WRITE in allowed-tools, and verify the npm package integrity before use in production environments.

安全发现 4 项

严重性	安全发现	位置
中危	Unpinned npm package dependency 供应链 The skill references @agentdocs1/mcp-server without pinning to a specific version or integrity hash. This allows an attacker to publish a malicious update under the same package name. `"args": ["-y", "@agentdocs1/mcp-server", "--http"]` → Pin the package to a specific version with integrity hash: @agentdocs1/[email protected]#sha256:...	`skill.json:19`
中危	Dynamic package installation via npx -y 供应链 The npx -y flag bypasses user confirmation and installs the package from npm registry at runtime without verification. This is a common supply chain attack vector. `"command": "npx", "args": ["-y", "@agentdocs1/mcp-server"]` → Pre-install the package and reference the local path, or use npm pack with integrity verification	`skill.json:19`
低危	Missing allowed-tools declaration 文档欺骗 SKILL.md shows mcporter call bash invocations but does not explicitly declare shell:WRITE as an allowed capability, creating a doc-to-code mismatch. `mcporter call uplo-legal.get_identity_context` → Add explicit allowed-tools declaration for shell:WRITE in skill.json capabilities or document the shell usage explicitly	`SKILL.md:16`
低危	Package namespace observation 供应链 The package @agentdocs1 is under a personal/organizational namespace which may be more susceptible to typosquatting than official packages. `@agentdocs1/mcp-server` → Verify package ownership and consider using a verified/organizational package scope	`skill.json:19`

资源类型	声明权限	推断权限	状态	证据
命令执行	`NONE`	`WRITE`	✗ 越权	SKILL.md:16-44 - mcporter call invocations not declared in capabilities
网络访问	`READ`	`READ`	✓ 一致	skill.json:19 - MCP transport via HTTP to configured endpoint
文件系统	`NONE`	`NONE`	—	No file operations detected

10 项发现

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/ClawHub-uplo-legal-blue

README.md:5

🔗

中危外部 URL 外部 URL

https://clawhub.com/skills/uplo-legal

README.md:5

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/MCP-21_tools-green

README.md:6

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/schemas-8-orange

README.md:7

🔗

中危外部 URL 外部 URL

https://uplo.ai/schemas

README.md:7

🔗

中危外部 URL 外部 URL

https://your-instance.uplo.ai

README.md:24

🔗

中危外部 URL 外部 URL

https://clawhub.com/skills/uplo-compliance

README.md:60

🔗

中危外部 URL 外部 URL

https://clawhub.com/skills/uplo-environmental

README.md:61

🔗

中危外部 URL 外部 URL

https://clawhub.com/skills/uplo-knowledge-management

README.md:62

🔗

中危外部 URL 外部 URL

https://app.uplo.ai

skill.json:12

目录结构

4 文件 · 6.8 KB · 174 行

Markdown 3f · 134L JSON 1f · 40L

├─ 📝 identity-patch.md Markdown 7L · 1.6 KB

├─ 📝 README.md Markdown 70L · 2.7 KB

├─ 📋 skill.json JSON 40L · 1.1 KB

└─ 📝 SKILL.md Markdown 57L · 1.4 KB

依赖分析 1 项

包名	版本	来源	已知漏洞	备注
`@agentdocs1/mcp-server`	`*`	npm (npx)	否	Version not pinned - supply chain risk

安全亮点

✓ API key config marked as secret=true in skill.json

✓ No credential exfiltration patterns detected

✓ No suspicious shell commands (reverse shells, curl piping, base64 execution)

✓ No sensitive file access attempts (~/.ssh, ~/.aws, .env)

✓ MCP server pattern is a legitimate industry-standard approach

✓ No obfuscation or anti-analysis techniques detected

✓ Clean codebase with no scripts directory