Yunjia File Transfer

Security checks across malware telemetry and agentic risk

Overview

This file-transfer skill is mostly aligned with its purpose, but it needs Review because it can search broad personal folders, send discovered files without a mandatory confirmation step, and stores sensitive file-transfer details in a local log.

Install only if you are comfortable with the agent searching local folders for requested files. Use exact filenames or paths, require the agent to show the exact file path before sending, avoid broad recursive searches of your whole user profile, and clear or disable /tmp/yunjia-file-transfer.log if file names or request text are sensitive.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (9)

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: The guide recommends broad recursive searches across the user profile, including Documents, Downloads, and all of %USERPROFILE%, which exceeds the narrowly scoped purpose of sending a user-requested file. In an agent context, this can expose unrelated sensitive files and enable over-collection before any clear confirmation of the exact target file.

Description-Behavior Mismatch

Medium

Confidence: 96% confidence
Finding: The skill logs full user-provided text and absolute file paths to stderr and to a persistent local file under /tmp. Those values can contain sensitive data such as filenames, directory layouts, usernames, ticket numbers, or request contents, creating unnecessary disclosure beyond the skill’s stated purpose of assembling a send instruction.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The code creates a persistent local log file containing request details even though the skill only needs to emit JSON for file transfer. Persistent logging increases the chance that sensitive operational data remains on disk and is later read by other processes, users, or support tooling, especially in shared or multi-tenant environments.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger phrases are broad enough to activate on ordinary conversation and can cause the agent to enter a file-transfer flow without strong user intent verification. In this skill's context, accidental activation is more dangerous because the workflow then searches local directories and prepares to send local files.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The skill instructs the agent to search user directories and send located local files without a clear privacy warning or explicit confirmation before transmission. That creates a high risk of exfiltrating sensitive documents, especially because natural-language requests may be ambiguous and the agent is told to proactively find files on the user's behalf.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The workflow instructs the agent to find a matching file and immediately generate a send instruction, with no verification that the file is the intended one or that it is appropriate to share. For sensitive documents such as financial reports or contracts, this creates a real risk of unauthorized disclosure from ambiguous user requests.

Missing User Warnings

Low

Confidence: 84% confidence
Finding: The guide normalizes broad searches of personal directories without warning the user that sensitive locations may be inspected during lookup. Even if the goal is file delivery, silent recursive searching increases privacy risk and can surface confidential content unrelated to the request.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: At the point where the skill processes user input, it writes user-supplied text and file paths into logs without notice or consent. Because this skill handles file transfer requests, those inputs are especially likely to reveal sensitive local paths or business context, making silent local disclosure more dangerous in this context.

Ssd 3

High

Confidence: 98% confidence
Finding: The skill explicitly tells the agent to proactively search the user's filesystem and send matching files based on a natural-language request, without requiring the user to provide an exact path or approve the discovered file. In context, this is dangerous because it operationalizes local file discovery and transmission, creating a straightforward path to unauthorized disclosure of sensitive files through ambiguous prompts or social engineering.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal