Back to skill

Security audit

Win Cleaner

Security checks across malware telemetry and agentic risk

Overview

This Windows cleanup skill is not clear malware, but it needs Review because it directs aggressive automatic deletion and Windows recovery changes under stronger safety claims than the artifacts support.

Install only if you want an aggressive Windows disk cleaner and are prepared to supervise it closely. Run scan-only first, require explicit approval before any deletion, and treat VSS resizing, DISM resetbase, Recycle Bin emptying, Desktop cleanup, browser data removal, user-profile recursive matches, and old app-version deletion as separate opt-in actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The skill promises zero data loss and then performs broad deletions in user-profile areas that can contain real user or developer data, such as workspaceStorage, SDK caches, Desktop files, old app versions, and heuristic 'corrupted' or 'orphaned' files. In a disk-cleaning skill, this mismatch is especially dangerous because users are likely to trust the safety claims and allow destructive actions without reviewing each target.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The document states pattern-based cleaning will never search Desktop, Downloads, or Documents, but later includes automatic Desktop deletion logic. That inconsistency undermines the stated trust boundary and can lead to deletion of user-created files in a high-value personal workspace.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The invocation criteria are broad enough that the skill may trigger on generic storage or optimization requests, causing a destructive cleaner to run in contexts where the user expected analysis or recommendations only. Because the skill auto-executes deletion phases, over-broad routing materially increases the chance of unintended destructive action.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill marks major cleanup phases as auto-executing even though they delete files and caches across system and user directories. In a cleanup context, performing destructive actions without a clear upfront warning and consent creates a high risk of unintended data loss, application breakage, logout/state loss, and reduced recoverability.

Missing User Warnings

High
Confidence
98% confidence
Finding
Shrinking VSS/System Restore storage is a system-recovery-impacting change that can delete restore points and reduce rollback capability. Doing this without explicit warning and consent is dangerous because it trades free space for resilience and can permanently limit recovery after updates or failures.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill deletes browser and legacy web caches without warning users that browser/application state may be affected, including sign-outs, slower startup, loss of offline content, or extension/session issues. In practice these directories can contain more than disposable thumbnails and may affect user workflows unexpectedly.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.