AtroSnow File Management

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only developer guide for an application file-management workflow, with one confirmed inconsistency but no hidden execution or credential-stealing behavior.

Safe to install as a reference guide, but users should treat the final saveFileMediaFile workflow cautiously. For business modules, prefer the documented service-layer createFileMedia pattern and verify authorization, validation, audit logging, and file lifecycle handling in the actual application.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

Medium

Confidence: 93% confidence
Finding: The skill gives contradictory guidance: earlier sections correctly say business services should formalize files via createFileMedia inside the service layer, but the later '完整开发流程' says to call the async /filemedia/b/saveFileMediaFile endpoint for that step. In a file-management workflow, this inconsistency can cause developers to implement the wrong path, bypass intended service-layer controls, introduce authorization/state-management mistakes, and create orphaned or improperly linked files.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal