← Back to Skills Marketplace
Uplo Engineering
by
RooJenkins
· GitHub ↗
· v1.0.0
· MIT-0
149
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install uplo-engineering
Description
AI-powered engineering knowledge management. Search architecture docs, API specs, incident reports, runbooks, and infrastructure documentation with structure...
Usage Guidance
Before installing: 1) Note the registry metadata is inconsistent — the skill actually requires a UPLO instance URL and an API key (check skill.json/README). 2) The skill will run an MCP server via 'npx @agentdocs1/mcp-server' which downloads and executes code from npm — review that package's source and trustworthiness before allowing it to run. 3) The provided API key will allow the skill to read and log org documentation and incident reports — ensure the key is scoped with least privilege, audited, and used in a staging environment first. 4) Confirm privacy/retention policies for the UPLO instance (what gets logged/sent back to the vendor). 5) If you cannot verify the npm package or vendor, request a self-hostable or audited binary, or ask the publisher for a homepage/source repo and provenance. 6) If you proceed, start with a limited-access test account and monitor network/process activity and UPLO logs.
Capability Analysis
Type: OpenClaw Skill
Name: uplo-engineering
Version: 1.0.0
The skill provides tools for deep retrieval of sensitive engineering data, including architecture designs, incident reports, and potentially production secrets, which are identified as high-risk capabilities. While these functions are aligned with the stated purpose of engineering knowledge management and no clear malicious intent was found, the broad access to internal documentation and the use of an external MCP server (@agentdocs1/mcp-server) meet the criteria for a suspicious classification due to the inherent risk of the capabilities provided.
Capability Assessment
Purpose & Capability
The skill's functionality (searching org docs via a UPLO MCP server) matches its name and description. However the registry metadata claims 'no required env vars / credentials', while skill.json and README clearly require a UPLO instance URL and an API key. That mismatch is incoherent and could mislead users about what secrets the skill needs.
Instruction Scope
SKILL.md instructs the agent to call MCP tools (search_with_context, search_knowledge, export_org_context, get_directives, log_conversation, etc.). These are in-scope for an engineering knowledge tool, but they will cause the agent to transmit queries and potentially sensitive document contents to the configured UPLO instance. The instructions do not attempt to read unrelated local files or other system secrets, but they do direct the agent to surface identity/context (get_identity_context) which may include access/clearance info.
Install Mechanism
Although the package is instruction-only in the registry summary, skill.json and the README expect the platform to run an MCP server via 'npx -y @agentdocs1/mcp-server --http'. That means code will be pulled from npm and executed at runtime (npx) — a moderate-risk install pattern. The npm package '@agentdocs1/mcp-server' is not a known, audited vendor here; downloading and running it automatically is a potential supply-chain risk and should be reviewed before use.
Credentials
The skill legitimately needs an 'agentdocs_url' and an 'api_key' to contact your UPLO instance and access your org's documents; this is proportionate to the purpose. The concern is the earlier registry metadata that reported no required credentials — that inconsistency is misleading. Also, the api_key will grant access to potentially very sensitive org data, so it should be scoped and protected (least privilege).
Persistence & Privilege
The skill does not request persistent 'always' inclusion and does not declare system-wide config changes. Its MCP server runs as a tool process (mcp block) and autonomous model invocation is allowed by default (not flagged here). There is no indication the skill modifies other skills or system-wide settings.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install uplo-engineering - After installation, invoke the skill by name or use
/uplo-engineering - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of uplo-engineering: AI-powered engineering knowledge management.
- Consolidates architecture docs, API specs, incident reports, runbooks, and infrastructure documentation into a unified, searchable knowledge layer.
- Provides tools for advanced search, fast retrieval, and organization-wide context export.
- Supports engineering workflows such as RFC research, onboarding, "code archaeology," incident review, and technical debt investigation.
- Includes features for flagging outdated documentation and reporting knowledge gaps to manage operational risk.
- Optimized for precise queries using service/repository names and document identifiers (ADR, RFC).
Metadata
Frequently Asked Questions
What is Uplo Engineering?
AI-powered engineering knowledge management. Search architecture docs, API specs, incident reports, runbooks, and infrastructure documentation with structure... It is an AI Agent Skill for Claude Code / OpenClaw, with 149 downloads so far.
How do I install Uplo Engineering?
Run "/install uplo-engineering" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Uplo Engineering free?
Yes, Uplo Engineering is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Uplo Engineering support?
Uplo Engineering is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Uplo Engineering?
It is built and maintained by RooJenkins (@roojenkins); the current version is v1.0.0.
More Skills