universal-file-ops

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This file-management skill does what it advertises, but it can directly overwrite, move, and delete local files without enforced confirmation or strong path limits.

Install only if you are comfortable giving this skill broad local file access. Use it on non-sensitive directories, avoid batch jobs from untrusted input, avoid --no-backup, and manually review every delete, overwrite, move, and directory operation before running it.

SkillSpector (2)

By NVIDIA

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill metadata understates its effective privileges: it advertises no explicit dangerous permissions while the documented behavior includes file read/write operations and shell-based script execution via Python commands. This mismatch can cause the platform or user to trust and invoke a skill with broader capabilities than declared, increasing the chance of unauthorized file modification, deletion, or command execution in sensitive contexts.

Intent-Code Divergence

Medium

Confidence: 98% confidence
Finding: The path check uses os.path.commonprefix(), which compares strings lexically rather than path components. This can incorrectly treat sibling paths such as '/safe/base_evil' as being inside '/safe/base', allowing traversal or sandbox-bypass if the function is relied on to restrict file operations. In a file-operations skill, that makes the issue more dangerous because the utility is positioned as a general safety control for read/write/copy/delete behavior.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal