基于六维人生模型的通用电脑文件自动整理技能，支持语义分类、集合格文件夹、按需创建目录等规则

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate file-organizing skill, but it can bulk move and rename local files without clear limits or a required preview.

Install only if you intentionally want an agent to reorganize local files. Use it on a specific folder you choose, ask the agent to show a preview plan before any move or rename, keep backups of important files, and request a move log so changes can be reversed if classification is wrong.

SkillSpector

By NVIDIA

Vulnerability Patterns

Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill explicitly instructs the agent to perform bulk filesystem modifications (moving, renaming, and creating directories) and to do so in one pass without repeated confirmation. Even though it forbids deletion, large-scale automated reorganization can still cause data loss from user perspective through misplaced files, broken references, sync conflicts, or disruption of application/file workflows, especially when semantic classification is uncertain.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal