File Manager Secure

Security checks across malware telemetry and agentic risk

Overview

This local file-management skill is not malicious, but its safety claims are undercut by restore and delete-confirm paths that can write or move files without rechecking the workspace boundary.

Review before installing or using on real files. Keep OPENCLAW_WORKSPACE narrow, do not restore from trash metadata you did not create and trust, and avoid passing hand-written operation JSON to delete-confirm unless you have verified every source path.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

High

Confidence: 98% confidence
Finding: restore_from_trash reads original_path from a .trashmeta file and moves the trashed file there without re-validating that the destination is inside the allowed workspace. If an attacker can modify or plant metadata in the trash directory, they can cause writes to arbitrary filesystem locations reachable by the process, undermining the module's claimed data-loss-prevention guarantees.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal