SOP Writer

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward local SOP document generator; its main risk is choosing an unsafe output path or using sensitive clinical content without proper controls.

Install only if you are comfortable running a local Python script that writes an output file. Use an output path inside a disposable or project workspace to avoid overwriting important files, avoid regulated patient or clinical data unless authorized, and treat generated SOPs as drafts requiring qualified compliance review.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 83% confidence
Finding: The skill documentation indicates file-writing capability ('write output files') while no explicit permissions are declared, creating a mismatch between declared and actual capabilities. This can bypass user and platform expectations about what the skill may modify, and if path handling is weak it could lead to unintended overwrites or workspace data tampering.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal