everyfile

Security checks across malware telemetry and agentic risk

Overview

This is a Windows file-search helper whose documented behavior matches its purpose, though broad searches can expose sensitive local file paths.

Install only if you trust the everyfile PyPI package and Voidtools Everything. Use limits or counts before broad searches, and avoid letting an agent automatically collect, export, or share results from .env, key, token, content, or full-path searches without explicit authorization.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 79% confidence
Finding: The documentation explicitly demonstrates enumerating `.env` files, which commonly contain secrets or point directly to sensitive application locations, without any caution about handling sensitive paths. In a file-search skill, this materially increases the risk of credential discovery workflows being normalized and reused for secret hunting on a host.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal