Auto File Organizer

Security checks across malware telemetry and agentic risk

Overview

This is an unfinished file-organizing skill that asks for broad local file permissions, but the artifacts show no executable code, hidden behavior, persistence, or data exfiltration.

Install only from a repository you trust. When using it, name the exact folder to organize, request a preview or dry run first, and require explicit confirmation before any move, rename, edit, overwrite, or delete action.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill is explicitly intended to organize files in a user's download folder and is allowed to use Read, Write, Edit, and Bash, but the description provides no warning that files may be moved, renamed, or otherwise modified. This creates a real safety risk because users may invoke the skill without understanding that it can make destructive or hard-to-reverse changes to personal files.

VirusTotal

No VirusTotal findings

View on VirusTotal