Back to skill
Skillv1.1.0
ClawScan security
Sop Architect · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 28, 2026, 2:57 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent with its description: a small instruction-driven SOP generator plus a simple shell script that writes markdown files; no network access or credentials are requested.
- Guidance
- This skill appears to do what it says: it generates SOP markdown files and contains a small bash helper. No network calls or credentials are requested. Before installing, consider: 1) review or sanitize task names you pass to avoid accidental path traversal or file overwrite (the script does not sanitize '..' segments); 2) run the skill from a safe working directory or container so file writes cannot overwrite important files; 3) if you expect to use untrusted input for task names, modify the script to reject or sanitize non-alphanumeric characters. Otherwise the skill is coherent and low-risk.
Review Dimensions
- Purpose & Capability
- okName/description match the provided files. SKILL.md describes generating SOPs and the included script creates SOP markdown files from provided inputs — this is proportionate to the stated purpose.
- Instruction Scope
- noteRuntime instructions stay within the skill's purpose and only describe composing SOP content and saving it under SOPs/<task-name>.md. One implementation detail: scripts/generate_sop.sh writes files using the raw task name (spaces replaced with underscores) and does not sanitize path traversal segments (e.g., TASK_NAME='../foo' leads to SOPs/../foo.md which resolves outside the SOPs directory). This is a minor safety/overwrite risk but not evidence of malicious intent.
- Install Mechanism
- okNo install spec; instruction-only skill with a small helper script. Nothing is downloaded or executed from external URLs.
- Credentials
- okNo environment variables, credentials, or config paths are requested. SKILL.md suggests documenting 'access levels' in SOP content but does not request or access any secrets.
- Persistence & Privilege
- okalways is false and the skill does not request persistent privileges or modify agent-wide configuration. It writes files only under the working directory (with the minor path-traversal caveat noted).