ClawHub

downloads-command-center

Security checks across malware telemetry and agentic risk

Overview

This is a local Downloads-folder organizer that defaults to previewing moves, though users should be careful because an explicit apply mode can move files.

Install this only if you want a local file-organization helper. Start with preview mode, verify the exact target folder and generated move list, and use --apply only after confirming you are comfortable with files being moved into new category folders.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill instructs the agent to inspect and organize a user-supplied folder and references a local helper script, but it does not declare permissions corresponding to file access. That creates a transparency and governance gap: the skill can influence file-reading behavior without an explicit permission model, making unintended or overbroad file access harder to audit and constrain.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The skill description and workflow emphasize preview-first organization of the Downloads folder, but the referenced behavior can actually move files when invoked with an apply mode, works on arbitrary user-specified paths, and does not fully implement the claimed project/action-state organization. This mismatch is dangerous because users and policy systems may grant trust based on the safer documented behavior while the actual tool can perform broader, destructive filesystem changes.

Intent-Code Divergence

Medium
Confidence
81% confidence
Finding
The docstring states the script only previews an organization plan, but the code performs real file moves when --apply is supplied. This discrepancy can mislead users, reviewers, or calling agents into treating the tool as non-destructive, increasing the risk of unintended file modification or data loss in a sensitive user Downloads folder.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger examples include broad, everyday phrases such as 'organize my downloads' and 'rename recent files', which can increase the chance of accidental or overly eager invocation in unrelated contexts. Because this skill can influence file-organization actions on local user data, unintended activation could lead to confusing recommendations or unintended file operations if an agent proceeds beyond preview mode.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The trigger phrase "rename recent files" is broad enough to activate on general file-renaming requests unrelated to Downloads cleanup. In context, that increases the chance of the skill being invoked for unintended tasks, which is risky because the skill can propose or execute bulk file operations on user paths.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
When --apply is used, the script immediately creates directories and moves files without an explicit warning, confirmation prompt, collision handling, or rollback support. In the context of a Downloads-organizing skill, this is more dangerous because it operates on a high-churn user directory where accidental invocation can reorganize or overwrite expected file locations and disrupt workflows.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal