ClawHub

SOP & Workflow memory skill

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a disclosed local workflow-memory tool that stores, matches, edits, and optionally deletes user SOP JSON files with user-facing confirmation rules.

Install this only if you want the agent to consult a local library of saved SOP/workflow JSON files. Keep the workflow directory scoped to a project or a trusted personal folder, review saved workflows for sensitive process details, and run the included UI on localhost unless you intentionally expose it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill directs the agent to read and write local workflow files, access an environment-scoped path ($CODEX_HOME), and run local scripts/UI components, but it does not declare any permissions. That creates a transparency and policy-enforcement gap: the runtime or reviewer may not realize the skill can modify files or potentially make networked requests via the referenced UI/server components, increasing the chance of over-privileged or unexpected behavior.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The skill enables implicit invocation with no trigger constraints, so it can activate automatically in situations broader than intended. Because this skill manages reusable workflows and memory-like SOP behavior, unintended activation could cause the agent to consult, reuse, save, or update user work-style data without sufficiently clear user intent, creating privacy, integrity, and workflow-manipulation risks.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal