ClawHub

Desktop Cleanup Playbook

Security checks across malware telemetry and agentic risk

Overview

This skill is a read-only desktop cleanup planner, but users should keep its folder input limited to the desktop or another folder they intentionally want inspected.

Install only if you are comfortable with a local Python helper reading filenames and limited text metadata from a folder you choose. Use it on your Desktop or a specific cleanup folder, avoid home, system, repository, or sensitive data directories, and review generated reports before sharing them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill declares no permissions, yet its instructions explicitly allow invoking `python3` and imply reading local resources and writing output files. This creates a capability/permission mismatch that can mislead the host or user about what the skill may access, reducing auditability and increasing the chance of unintended file access or shell execution.

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
The documented purpose is limited to producing a desktop cleanup plan, but the observed behavior expands to arbitrary path analysis, content inspection of text/CSV/TSV files, high-risk pattern scanning, and skill-directory auditing. That broader functionality materially increases data exposure and scope creep, especially because users may trust the benign desktop-organizer framing while the skill can inspect unrelated directories and sensitive file contents.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The dispatcher supports multiple generic audit modes including directory, CSV, pattern, and skill-repository analysis, which goes well beyond the declared desktop-cleanup planning purpose. This creates a capability mismatch: a user can repurpose the skill to inspect arbitrary local content and repositories, increasing the risk of unintended data discovery and abuse of the agent as a general local auditing tool.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The built-in regex set scans for secrets, private URLs, and dangerous shell patterns in arbitrary files, which is unrelated to desktop organization. In the context of an agent skill, this turns the tool into a lightweight security scanner over user-supplied paths and can expose sensitive credentials or internal references from local files without a justified need for the advertised task.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill can audit arbitrary skill or repository layouts, parse SKILL.md frontmatter, and validate metadata, which is unrelated to desktop file cleanup. This broadens the agent's effective authority into local repository inspection and content enumeration, creating unnecessary access to files and metadata that may be sensitive or outside user expectations.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The recursive file listing walks any user-provided root and inspects many text-based extensions, not just desktop-specific artifacts. In an agent setting, unrestricted traversal can be used to enumerate and sample arbitrary directories, making the mismatch between declared purpose and actual capability a privacy and overreach risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal