Rm Tool

Security checks across malware telemetry and agentic risk

Overview

This is a file-deletion skill that matches its purpose, but it can permanently erase broad local data and its advertised safety prompt is not implemented.

Install only if you intentionally want the agent to have rm-like power over files it can access. Verify exact target paths before use, avoid recursive or force deletion unless necessary, and do not rely on the documented interactive mode because this version does not implement it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill presents a permanent file deletion capability without a clear, prominent warning that removal is destructive and may be irreversible. In an agent setting, this increases the chance of accidental misuse or unsafe delegation, especially because users may not appreciate that recursive and force options can erase large amounts of data quickly.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal