file-organizer

Security checks across malware telemetry and agentic risk

Overview

This file organizer is not malicious, but it asks for broad local file inspection and file-moving authority without strong default limits.

Install only if you are comfortable letting the agent inspect and reorganize local folders. Use it on one clearly named directory at a time, exclude sensitive or system locations, review the dry-run plan, and keep backups before approving moves, renames, archives, or deletions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The skill uses generic natural-language triggers like 'Help me organize my Downloads folder' and similar broad phrases that overlap with ordinary conversation. This can cause unintended activation in contexts where the user did not mean to invoke a high-impact file-management skill, increasing the chance of unnecessary filesystem inspection or destructive suggestions.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill is designed to review folders, inspect file types, identify duplicates, and infer organization from content across large parts of a user's computer, but it does not clearly warn that this may expose sensitive filenames, metadata, or file contents. In this context, the danger is elevated because the skill explicitly targets home directories, Documents, Downloads, and project folders, which commonly contain personal, financial, legal, or proprietary data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal