Neat Freak

Security checks across malware telemetry and agentic risk

Overview

This documentation cleanup skill has a coherent purpose, but it can trigger broadly and change or delete project docs and agent memory, so it should be reviewed before installation.

Install only if you want an agent to actively maintain project documentation and persistent agent memory. Use it in version-controlled workspaces, ask for a diff or plan before changes, and require explicit approval before deletions, global config edits, memory rewrites, or changes outside the current project.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The skill explicitly instructs reading global agent memory/config locations such as ~/.claude and other platform-wide paths, which exceeds the scope of project documentation cleanup. That broadens data access to unrelated projects and user-level state, increasing the chance of unnecessary exposure or modification of sensitive cross-project information.

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: The skill normalizes broad filesystem enumeration and deletion as routine behavior, including shell-style listing, find operations, and cleanup of files deemed obsolete. In a trigger-happy docs skill, this can lead to over-collection of file contents and accidental destructive changes beyond what the user intended.

Vague Triggers

High

Confidence: 97% confidence
Finding: The trigger definition is overly broad, activating on vague milestone-like phrases and general signals about cleanup or handoff. This increases the chance the skill runs in contexts where the user did not intend repository-wide inspection and modification, especially given the skill's mandate to read many files and make edits automatically.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: Several triggers are ordinary conversational phrases like 'tidy' or '整理一下', which are ambiguous and commonly used outside documentation-maintenance intent. In this skill's context, such ambiguity is dangerous because activation leads to broad reads, edits, and possible cleanup actions across project knowledge artifacts.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal