FastCP

Security checks across malware telemetry and agentic risk

Overview

FastCP is a clear instruction-only skill for copying one source folder to multiple user-selected drives, with normal data-loss risk if targets are chosen incorrectly.

Before installing, review or pin the GitHub package instead of relying blindly on `@latest`. Before running, use `--dry-run`, confirm the source and every destination path, check drive labels and free space, and remember that the command writes to all listed targets.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: This skill documents a tool that performs concurrent writes to multiple destinations, including USB drives, but it does not clearly warn users that selecting the wrong target paths can overwrite or destroy data across several devices at once. Because the skill is explicitly designed for AI tool automation, omission of a prominent destructive-action warning increases the chance of accidental misuse by users or agents.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal