rename-file

Security checks across malware telemetry and agentic risk

Overview

This skill is a simple local file renamer, but it can immediately mutate files and lacks strong containment around where renamed files may land.

Review before installing if you expect a fully guarded batch-renaming tool. Use only on test or backed-up folders, confirm the exact directory and preview, and avoid prefixes containing slashes, backslashes, '..', or path-like text.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The script performs file renames immediately once invoked, even though the skill description says it should show a preview and ask for confirmation before executing. This mismatch can lead users or higher-level agents to trust that the action is non-destructive until confirmed, creating a safety and integrity issue where files are modified unexpectedly.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal