Taizi Filesystem

Security checks across malware telemetry and agentic risk

Overview

This filesystem helper is broad but its file listing, searching, analysis, and copy behavior is disclosed and fits its stated purpose.

Before installing, treat this as a broad local filesystem tool: run copy commands with --dry-run first, avoid broad paths such as home directories unless needed, confirm destinations, and use --overwrite only when you have backups or are certain replacement is intended.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The documentation describes batch copy and overwrite-capable operations but does not prominently warn users about data loss, accidental overwrites, or copying sensitive files into unintended locations. In a filesystem-management skill, this omission increases the chance that an agent or user will invoke destructive or privacy-impacting operations without adequate caution, especially because the skill frames the feature as 'safe' and emphasizes convenience.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal