artifact-organizer

Security checks across malware telemetry and agentic risk

Overview

This is a local workspace organization guide whose file-moving and sensitive-file handling advice is disclosed and aligned with its purpose.

Before installing, treat this as a helper for reorganizing local files. Ask it to show the planned directory tree and move or rename list first, check that scripts and references will still work, and ensure any secrets/ directory is private and excluded from sharing or version control.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The skill description contains many broad, everyday trigger phrases such as '整理目录', '整理工作区', and '帮我理一理结构', which can match common user requests outside the narrow intended scope. This increases the chance of unintended skill activation, causing the agent to apply file-moving or restructuring behavior when the user may only be asking for advice or a small localized change.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The usage section repeats vague activation phrases like '整理一下' and '归类一下' without defining boundaries or disambiguation rules. In context, this is somewhat more dangerous because the skill is empowered to reorganize files and handle sensitive material, so accidental invocation could lead to unnecessary file moves, confusion, or inappropriate handling suggestions around secrets.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal