ClawHub

Sop Refiner

Security checks across malware telemetry and agentic risk

Overview

This skill is a local SOP-drafting helper with documented Python execution and no evidence of hidden network access, credential use, persistence, or destructive behavior.

Install only if you are comfortable running a small local Python script from a low-provenance bundle. Use it on specific SOP documents you intend to process, avoid broad directories or sensitive unredacted material, and review any generated output before using it operationally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill declares no permissions, yet the content explicitly allows use of python3 and implies reading local resources and writing output files. This creates a capability-transparency gap: reviewers and users may believe the skill is documentation-only when it can access files and invoke shell-mediated execution, increasing the risk of unintended local data access or modification.

Tp4

High
Category
MCP Tool Poisoning
Confidence
87% confidence
Finding
The stated purpose is a constrained SOP-refinement assistant, but the detected behavior indicates broader local auditing, content scanning, regex-based secret/high-risk pattern inspection, and mode-switchable reporting driven by external spec.json. That mismatch is dangerous because it can mask a much more general analysis capability than users expect, enabling broader filesystem inspection and processing under the cover of a benign workflow tool.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal