← 返回 Skills 市场
Uplo Defense
作者
RooJenkins
· GitHub ↗
· v1.0.0
· MIT-0
227
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install uplo-defense
功能描述
AI-powered defense knowledge management. Search mission documentation, logistics records, personnel data, and ITAR-controlled information with structured ext...
安全使用建议
This skill appears to be a connector to a UPLO instance and its runtime will send queries and logs to whatever agentdocs_url you configure using the provided API key. Before installing: (1) reconcile the manifest inconsistency — confirm the skill actually requires agentdocs_url and api_key and that the registry view is out-of-date; (2) verify the authenticity and provenance of the npm package @agentdocs1/mcp-server (review the package source, maintainers, and recent versions) or prefer a vetted internal distribution; (3) ensure the configured agentdocs_url points to an internal, access-controlled UPLO instance (not a public host) and that the API key is scoped with least privilege and audited; (4) confirm your organization’s export-control/security team approves sending ITAR/EAR data to this endpoint and that logging (log_conversation) meets retention and audit requirements; (5) test in a sandbox with non-sensitive data first. If you cannot verify the npm package or the endpoint, treat the skill as untrusted for controlled defense data.
功能分析
Type: OpenClaw Skill
Name: uplo-defense
Version: 1.0.0
The uplo-defense skill is a specialized knowledge management tool designed for defense organizations to manage ITAR-controlled data and mission documentation. It functions as a connector to an external MCP server (@agentdocs1/mcp-server) and includes instructions in SKILL.md and identity-patch.md that reinforce security protocols, such as identity verification and clearance-level checks. No evidence of data exfiltration, malicious execution, or harmful prompt injection was found; the high-privilege tools (e.g., export_org_context) are consistent with the stated purpose of organizational knowledge management.
能力评估
Purpose & Capability
The skill claims to provide structured, access-controlled searches over defense documentation and the SKILL.md instructs exactly those operations (search_with_context, search_knowledge, get_directives, export_org_context, etc.). However the registry metadata shown earlier lists no required env/config, while the included skill.json requires an agentdocs_url and api_key. That inconsistency between declared registry requirements and the embedded skill manifest is concerning and should be reconciled.
Instruction Scope
SKILL.md stays within the stated purpose: it directs the agent to load identity context, query directives and knowledge, export org context, and log sessions. Those instructions are appropriate for an access-controlled knowledge connector. The explicit requirement to call log_conversation (audit logging) and to verify identity is consistent with handling sensitive data, but also means queries and results will be transmitted to whatever endpoint you configure — ensure that endpoint is trusted and properly secured.
Install Mechanism
Although the registry indicated 'instruction-only', the included skill.json defines an MCP server command that uses `npx -y @agentdocs1/mcp-server` (npm package). That implies the agent will download and run an npm package at runtime (moderate risk). The package name is not a well-known system package in this report; downloading/executing code via npx introduces additional supply-chain and trust concerns. The README also shows example configuration that will point the runtime to a user-supplied URL.
Credentials
The skill.json requires agentdocs_url and api_key (MCP token), which are expected for a connector to an external UPLO instance and are proportionate to the stated function. However the registry summary above claimed no required envs — an internal inconsistency. Because the API key grants access to potentially highly sensitive defense data, confirm least-privilege scope for the token, verify the target URL is an internal/trusted instance, and ensure the token is not reused elsewhere.
Persistence & Privilege
always:false and no special OS restrictions are present. The skill does not request permanent platform-wide privileges in the manifest. The only persistence element is that the MCP server (npm tool) may be launched to provide the tool endpoints; that behavior is normal for connectors but should be run only against trusted packages and endpoints.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install uplo-defense - 安装完成后,直接呼叫该 Skill 的名称或使用
/uplo-defense触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
uplo-defense 1.0.0 — Initial Release
- Launches AI-powered defense knowledge management with structured, access-controlled search.
- Supports search across mission documentation, logistics records, personnel data, and ITAR-controlled information.
- Provides core tools: contextual and direct search, directives review, organizational export, audit logging, and outdated document flagging.
- Designed to respect clearance levels, program access, and export control constraints.
- Includes user guidance for identity verification, compliance logging, and workflow examples for common defense scenarios.
元数据
常见问题
Uplo Defense 是什么?
AI-powered defense knowledge management. Search mission documentation, logistics records, personnel data, and ITAR-controlled information with structured ext... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 227 次。
如何安装 Uplo Defense?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install uplo-defense」即可一键安装,无需额外配置。
Uplo Defense 是免费的吗?
是的,Uplo Defense 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Uplo Defense 支持哪些平台?
Uplo Defense 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Uplo Defense?
由 RooJenkins(@roojenkins)开发并维护,当前版本 v1.0.0。
推荐 Skills