Cleanup Reporter

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local disk-cleanup scanner with no network behavior, but it can list private file paths in local reports.

Install only if you are comfortable with a local shell script scanning /mnt/c/Users/malav and writing reports that may reveal private file paths. Verify the path is appropriate for your machine, ensure ncdu and rdfind are trusted, and review or delete ~/reports/cleanup_report_*.md and /tmp/duplicates.txt if they contain sensitive metadata.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill declares that it may be invoked autonomously by the agent when triggered for generic cleanup tasks, which broadens activation beyond an explicit, narrowly scoped user action. For a skill that scans local files, this increases the chance of unintended filesystem access and report generation without sufficiently specific consent or execution boundaries.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal