Back to skill

Security audit

Disk Space Predator / 磁盘空间猎人

Security checks across malware telemetry and agentic risk

Overview

This is a simple disk-usage guidance skill with no install script or executable payload, but users should be careful with broad scans and any optional reporting features.

Installers should treat this as benign guidance for disk cleanup. Run scans only on directories you intend to inspect, review any generated reports before sharing or emailing them, and avoid enabling scheduled or automatic reporting unless the recipient, retention, and contents are clear.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The skill advertises scheduled automated scans with auto-reporting on shared or user file systems, but provides no warning about privacy exposure, performance impact, or scope control. In a disk-analysis context, scan results can reveal sensitive filenames, directory structures, logs, and backup artifacts, and automated reporting can propagate that information without explicit user review.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The marketing copy promotes automated scanning and email reports without disclosing that disk-usage reports may include sensitive operational details and could be sent off-host. Because this skill is specifically about enumerating files and storage usage, the omission is more dangerous than generic telemetry language: the resulting reports may expose internal paths, project names, customer data artifacts, or backup filenames.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.