Batch Rename

Security checks across malware telemetry and agentic risk

Overview

This dataset renaming skill is purpose-aligned, but it can overwrite local files and advertises undo support that the script does not actually create.

Install only if you are comfortable with a local script renaming dataset files in place. Run preview first, keep a separate backup, avoid --force unless you have checked for collisions, and do not rely on the advertised undo feature unless the tool is fixed to create a restore backup before renaming.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The skill documents destructive file operations, including batch renaming and optional overwriting, without prominently warning that the action modifies user data and can cause irreversible filename changes or collisions. In a dataset-management context this is plausibly intended functionality, but insufficient safety guidance increases the chance of accidental data loss or broken image/annotation linkage.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal