Windows Disk Cleaner

Security checks across malware telemetry and agentic risk

Overview

This Windows disk-cleaning skill matches its stated purpose, but its local scan report and generated cleanup commands should be reviewed carefully before use.

Install only if you are comfortable with a local disk scanner that records filenames, paths, and system/cache metadata into report files. Keep scan_result.json and cleanup_report.html private, do not upload them casually, and review every generated PowerShell command before running it, especially Docker volume cleanup, Downloads, node_modules, and any Remove-Item command.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The script serializes potentially sensitive local information to disk, including the username, drive usage, detailed file paths, large-file inventories, development environment indicators, and browser/cache locations. While this appears intended for report generation rather than exfiltration, writing this data to a predictable JSON file without an explicit privacy warning, consent prompt, or restrictive file handling can expose personal and system metadata to other local users, backup systems, sync tools, or downstream agents.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal