ClawHub

Sop Writer

Security checks across malware telemetry and agentic risk

Overview

The main SOP generator is aligned with its stated purpose, but the package also includes an unrelated content-marketing script that persistently logs user arguments locally.

Review before installing. Use the documented scripts/sop.sh workflow for SOP generation, and avoid scripts/script.sh unless you are comfortable with its unrelated content-marketing behavior and local history logging. Do not pass confidential procedures, customer data, credentials, or regulated business information to commands that log arguments.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The implemented commands materially diverge from the declared purpose of an SOP-writing skill and instead provide generic content-marketing functionality. This kind of capability mismatch is dangerous because it can mislead users and reviewers about what the skill actually does, weakening trust boundaries and potentially hiding undisclosed behaviors in a package expected to do something else.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The script’s own comments and help text describe it as a generic content creation assistant, directly contradicting the published SOP-writer identity. While not directly enabling code execution, this inconsistency is a security concern because deceptive or inaccurate labeling can conceal unexpected behavior and frustrate informed consent during installation and use.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The logging helper writes user-supplied arguments to a persistent history file without any notice, consent, retention policy, or masking. In the context of an SOP-writing tool, users may enter proprietary procedures, internal process details, credentials, or regulated business information, so silent persistence creates privacy and data exposure risk on shared systems or through later compromise of local files.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal