ClawHub

File Organizer

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly a file organizer, but it can move user files and permanently delete duplicates with weak built-in safeguards and incomplete disclosure.

Review before installing. Use it only on backed-up or low-risk folders first, specify exact source and target paths, inspect the proposed move plan, and choose to keep all duplicates unless you have separately verified the files to be removed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill performs filesystem reads via Bash (`ls`, counting files, scanning directories) but does not declare corresponding permissions. This creates a trust and enforcement gap: the platform or reviewer may believe the skill has fewer capabilities than it actually uses, which can lead to unauthorized file enumeration if permission checks rely on metadata.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The skill description emphasizes organizing files and duplicate detection, but the workflow also supports actual deletion of duplicate files via `--delete`. Destructive behavior that is not prominently disclosed increases the chance of users authorizing a tool without understanding that data may be removed, leading to accidental loss of important files.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The script is presented as a duplicate-checking tool, but it also supports destructive deletion of files. In a file-organizer skill, this mismatch is risky because users or calling agents may invoke it assuming it is read-only, leading to unintended data loss.

Intent-Code Divergence

Low
Confidence
80% confidence
Finding
The docstring says the function preserves the earliest created file, but the implementation actually keeps the file with the oldest modification time. That discrepancy can cause the wrong file to be retained and the intended canonical copy to be deleted, which is a real safety issue in a destructive file-management tool.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger phrases are broad enough to match routine conversation about messy folders or file management, making unintended activation more likely. Because the skill can scan directories, move files, and potentially delete duplicates after follow-up prompts, accidental invocation raises the risk of unnecessary exposure of file metadata and unintended destructive workflows.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The evaluation prompts use very broad, everyday phrasing like '整理文件' and '下载文件夹太乱了', which can cause the skill to trigger in situations the user may not have intended for bulk file-moving behavior. In a file-organizing skill, ambiguous activation is more dangerous because the resulting actions can relocate large numbers of user files, increasing the risk of unintended data movement or workflow disruption.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
Destructive deletion can be triggered with --delete without any confirmation, explicit warning, or safeguard. In the context of an automated file-organizing skill, this is especially dangerous because an agent or user can accidentally delete large numbers of files based on duplicate detection heuristics, causing irreversible data loss.

VirusTotal

55/55 vendors flagged this skill as clean.

View on VirusTotal