Security audit

c-cleaner

Security checks across malware telemetry and agentic risk

Overview

This appears to be a Windows C-drive cleanup skill, but it gives broad local scanning and deletion guidance that users should review carefully before running.

Install only if you are comfortable with a skill that can inspect broad local folders and run cleanup actions on Windows. Start with read-only or dry-run scanning, review every path and command before deletion, and avoid aggressive cleanup actions such as emptying the recycle bin, unregistering WSL distributions, pruning Docker, or deleting shadow copies unless you explicitly intend those irreversible effects.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill instructs the agent to run local scripts that scan the C: drive and perform cleanup, which implies filesystem read/write and possible environment access, yet no permissions are declared. This creates a trust and containment gap: an agent platform may not surface the true access level to users or enforce least privilege, increasing the chance of unintended destructive file operations on a sensitive system volume.

Intent-Code Divergence

Medium

Confidence: 90% confidence
Finding: The script claims 'safe cleanup operations' but performs irreversible or user-impacting deletions beyond strictly temporary data, including browser caches, package caches, and in aggressive mode the recycle bin. A single global confirmation or the --yes flag is insufficient for destructive operations with differing risk levels, increasing the chance of unintended data loss and disruption.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The guide includes destructive system cleanup commands such as unregistering WSL distributions, pruning Docker resources, disabling hibernation, and deleting shadow copies, but it does not consistently and explicitly warn that these actions can irreversibly remove environments, images, containers, restore points, or system functionality. In a cleanup skill, users may treat listed commands as endorsed safe actions, increasing the chance of accidental destructive use.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The script enumerates sensitive user locations such as Desktop, Documents, Downloads, Pictures, Videos, Music, and AppData, and includes their full filesystem paths in the generated report. While this is not remote code execution, it can expose personal directory structure and usernames in logs or downstream tooling, which creates unnecessary privacy leakage in a system-inspection skill.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.