Workspace Guardian

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This skill is a workspace-organization helper with disclosed file cleanup rules and no evidence of hidden network, credential, persistence, or destructive behavior beyond user-confirmed workspace maintenance.

Install this only if you want an agent to enforce a specific workspace layout. Before allowing cleanup, moves, or deletion, review the dry-run output and confirm the exact workspace path. Consider overriding the Chinese-character naming restriction if it conflicts with your content or team conventions.

SkillSpector (2)

By NVIDIA

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The skill advertises very broad trigger phrases such as 'clean up', 'project setup', and 'where should I save', which can match ordinary conversation and cause the skill to activate in situations the user did not intend. In this skill, unintended activation is more concerning because the skill governs file placement and explicitly contemplates move/cleanup actions, so accidental invocation could influence or initiate sensitive workspace operations.

Natural-Language Policy Violations

Medium

Confidence: 83% confidence
Finding: The naming standard says to avoid Chinese characters in directory names, imposing a locale/language restriction without user consent or a technical necessity stated in the skill. This can produce discriminatory or inappropriate behavior, mis-handle legitimate user content, and cause the agent to rename or reject user-chosen paths in ways that are unnecessary and potentially disruptive.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal