File Compress Optimizer

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it compresses user-selected natural-language files with Claude, backs up the original, and avoids obvious code or secret files.

Install only if you are comfortable sending the selected memory or notes file to Claude/Anthropic for compression. Do not use it on confidential notes, credentials, customer data, or files whose contents should stay local; keep the generated .original.md backup until you verify the compressed result.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill invokes `python3 -m scripts <absolute_filepath>` and explicitly describes reading, overwriting, and backing up user-specified files, plus using shell execution, yet declares no permissions. That mismatch hides significant capabilities from users and policy systems, making unintended file access/modification and command execution more dangerous because the skill appears less privileged than it is.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 96% confidence
Finding: The skill claims to compress local memory files, but its behavior includes sending file contents to Claude/an external third-party service and performing iterative repair passes. This is security-relevant because users may provide sensitive memory files expecting local transformation only, leading to undisclosed data exfiltration and broader processing than the description suggests.

Description-Behavior Mismatch

Medium

Confidence: 98% confidence
Finding: The skill advertises memory-file compression, but the implementation sends the full file contents to Anthropic or the Claude CLI for processing. In this context, memory files may contain sensitive operational context, personal preferences, internal URLs, credentials accidentally pasted into notes, or other confidential data, so this creates a real third-party data exfiltration boundary despite partial filename-based filtering.

Vague Triggers

Medium

Confidence: 80% confidence
Finding: The trigger phrase `compress memory file` is broad enough to match ordinary conversation, increasing the chance the skill activates unexpectedly on unrelated requests. Because activation leads to shell execution and file overwrite behavior, accidental triggering can cause unintended modification of user files or send contents to external services without sufficiently explicit intent.

Vague Triggers

Medium

Confidence: 78% confidence
Finding: The condition `when user asks to compress a memory file` is ambiguous and leaves too much room for interpretation by the agent. In the context of a skill that can read, overwrite, and back up files, ambiguous activation increases the risk of unintended file operations and accidental disclosure of file contents to downstream tooling or external services.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal