Security audit

clean-desktop

Security checks across malware telemetry and agentic risk

Overview

This appears to be a disclosed desktop-organizing skill that can move files, so users should preview changes before applying them.

Install only if you want an agent to reorganize Desktop files. Run dry_run first, review the exact folders and file moves, and only allow a real run after the proposed changes match your intent.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill explicitly describes creating folders and moving files on the user's desktop, which modifies user data and system state. Although it includes a dry_run parameter and says it will not delete files, the documentation does not clearly require explicit user confirmation before performing these actions, so users may trigger unintended reorganization or disrupt workflows.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal