Organize

Security checks across malware telemetry and agentic risk

Overview

This is a Markdown-only organizing helper that asks before file moves or renames and locally records organization preferences, with no evidence of hidden execution or data transfer.

Before installing, be comfortable with the skill recording local organization preferences in patterns.md. Keep "always" permissions narrow, review or clear that file periodically, avoid storing sensitive client/project details, and check proposed moves or renames because approved reorganizations can break links or workflows.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill explicitly directs persistent collection of a user's organization preferences and examples across contexts such as work vs personal and shared vs private, but provides no limits on what may be stored, no data minimization guidance, and no warning against recording sensitive information. In an organizing skill, this context increases risk because routine file and folder preferences can easily reveal client names, project structures, private classifications, or other sensitive operational metadata that may later be exposed or misused.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal