Back to skill

Security audit

File Organizer Skill

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says by organizing local files, but its undo feature should only be used with trusted history files.

Run --dry-run first, choose a narrow target folder, use --recursive deliberately, and only run --undo with an organize_history.json generated by this script from a folder you trust. Do not use undo logs from downloads, chat messages, or other people.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Low
Confidence
76% confidence
Finding
The undo routine deletes whatever path is provided as the log file after processing, with no validation that it is the organizer's own history file and no confirmation before removal. If a user supplies an unintended or attacker-influenced path, the script may delete an arbitrary existing file accessible to the current user.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.