File Batch Processor

Security checks across malware telemetry and agentic risk

Overview

This skill does the advertised local file-processing work, but it can change many files by default and the package includes promotion material that incentivizes 5-star positive reviews.

Install only if you are comfortable running local scripts that can rename, move, create, and overwrite many files in a selected folder. Use --dry-run first, test on a copied folder, and back up important files. Treat public reviews for this skill cautiously because the bundled promotion plan incentivizes positive 5-star reviews.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (9)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 86% confidence
Finding: The skill describes operations that read and modify user files at scale, but it does not declare permissions or clearly surface that capability in a formal way. For a batch-processing skill, undeclared file read/write behavior reduces informed consent and makes it easier for users or host platforms to underestimate the scope of filesystem access.

Natural-Language Policy Violations

Medium

Confidence: 98% confidence
Finding: The promotion plan offers cashback specifically for writing a positive review, which creates a financial incentive for biased or misleading feedback. This can manipulate marketplace reputation signals, mislead prospective buyers, and violate platform review-integrity policies.

Natural-Language Policy Violations

Medium

Confidence: 96% confidence
Finding: The provided review template nudges users toward a prewritten 5-star endorsement instead of encouraging independent feedback. This increases the likelihood of astroturfed reviews and distorts trust signals that other users rely on when deciding whether to purchase the skill.

Natural-Language Policy Violations

Medium

Confidence: 99% confidence
Finding: The reward table explicitly pays more for 5-star reviews with longer promotional content, directly incentivizing inflated ratings. In the context of a commercial skill listing, this makes the issue more dangerous because it is part of an organized campaign to manufacture positive social proof at scale.

Vague Triggers

Medium

Confidence: 76% confidence
Finding: The manifest uses broad promotional language without clear trigger constraints, which can cause the skill to be invoked in situations broader than users expect. For a tool that can rename, move, and convert many files, ambiguous invocation increases the chance of unintended bulk file operations.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill performs bulk rename, organize, compression, and conversion actions that can modify large numbers of user files, yet the description does not prominently warn about this risk. In this context, insufficient warning is security-relevant because users may trigger destructive or hard-to-reverse filesystem changes without understanding the scope.

Missing User Warnings

Low

Confidence: 88% confidence
Finding: The code writes a fixed temporary file named 'temp_image.jpg' in the current working directory without warning the user or using a unique, securely managed temporary path. This can cause accidental overwrite of an existing file, leave sensitive intermediate image data behind if execution crashes before cleanup, and create race/collision issues when multiple conversions run concurrently.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The script overwrites user files in place during compression without first creating a real backup or requiring explicit confirmation. In a batch-processing skill marketed as one-click and newbie-friendly, this increases the risk of irreversible data loss, accidental corruption, and surprising format/quality degradation across many files at once.

Ssd 3

Medium

Confidence: 96% confidence
Finding: The checklist exposes what appears to be a live account login identifier in plain text: 'ClawHub account login (lx19840614)'. Even if this is only a username and not a password, publishing account identifiers aids account enumeration, targeted phishing, credential stuffing, and social engineering against the skill owner or platform account.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal