workspace-backup-manager

Security checks across malware telemetry and agentic risk

Overview

This appears to be a backup utility, but its restore and cleanup operations can overwrite workspace files or delete backups without clear safeguards.

Review this skill before installing if you keep important unsaved work in the workspace. Use restore only after making a fresh backup or committing your current changes, and avoid cleanup until you are sure older backups are no longer needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill advertises restore and cleanup functions without any warning that restore may overwrite current workspace state and cleanup permanently deletes older backups. In an agent setting, that omission increases the chance of accidental destructive use, especially if tools are invoked automatically or by users who assume the operations are reversible.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: restoreBackup copies files and directories from the chosen backup directly into the workspace, overwriting existing content with no confirmation, preview, conflict detection, or rollback. In a workspace context, this can cause irreversible loss of current state, agent memory files, logs, or configuration if invoked accidentally or with an unexpected backup name.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal