Back to skill

Security audit

Finalplace Auto Organize

Security checks across malware telemetry and agentic risk

Overview

The skill is a disclosed FinalPlace file-organization driver, but its broad trigger guidance could invoke a powerful file-moving and deleting rules engine for generic file cleanup requests.

Install only if you intend agents to use FinalPlace for file organization. Before allowing any run, verify the source folder, match conditions, action, destination, whether the rule will persist or be scheduled, and ask for a dry run or preview before move, delete, rename, unzip, compress, or all-files execution.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The manifest limits use to cases where the user explicitly mentions FinalPlace or explicitly wants to use its rules engine, but the body broadens activation to generic Windows file-organization requests. That mismatch can cause the agent to invoke a file-modifying skill in situations outside the user's expressed tool choice, increasing the chance of unintended filesystem changes through a powerful rules engine.

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The documentation instructs the agent to prefer FinalPlace over ordinary shell operations, which nudges the system toward using this skill as the default file-organization path. In context, this conflicts with the declared restriction against generic use and may expand the skill's reach to users who only asked for file help, exposing them to persistent rules, deletes, moves, or renames they did not specifically request via FinalPlace.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.