ClawHub

dedicated-file-manager

Security checks across malware telemetry and agentic risk

Overview

This is a local file-management skill with disclosed file-moving, renaming, manifest, and optional automation behavior, but users should keep it scoped to a chosen workspace.

Install only if you want an agent to manage files in a specific workspace. Start with dry-run reports, confirm the exact root folder, review proposed moves and renames, avoid broad directories unless intended, and enable weekly automation only after you are comfortable with the rules.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger list includes vague everyday terms such as 文件管理, 清理, and 批量处理 without contextual constraints. Because this skill can alter directory structures and schedule recurring automation, loose triggers increase the risk of the agent selecting an overpowered skill when the user intended only discussion or planning.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger list includes vague everyday terms such as 文件管理, 清理, and 批量处理 without contextual constraints. Because this skill can alter directory structures and schedule recurring automation, loose triggers increase the risk of the agent selecting an overpowered skill when the user intended only discussion or planning.

Vague Triggers

Medium
Confidence
92% confidence
Finding
Using the ambiguous keyword '整理' as a standalone trigger can cause unintended invocation from common requests about summarizing, tidying ideas, or organizing information rather than files. In this skill, accidental activation matters because follow-on rules allow direct execution of file moves, renames, directory creation, and inbox auto-organization.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The document explicitly authorizes the agent to automatically rename or repair filenames, including adding prefixes and attempting to fix garbled characters, without requiring confirmation or clearly warning that user files will be modified. In a file-management skill, this is risky because bulk renaming can unintentionally alter, misclassify, or break references to user files, especially when the corrections are heuristic.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The template describes automated scanning, classification, archiving, and manifest updates that would modify files on disk, but it does not state that these actions require explicit user confirmation before moving or persisting changes. In a file-management skill, this omission is meaningful because users may invoke organization features expecting analysis only, while the agent could perform destructive or hard-to-reverse file operations.

Missing User Warnings

Low
Confidence
81% confidence
Finding
The document states that custom templates are saved to `~/.workbuddy/skills/file-manager/`, which is a persistent location in the user's home directory, without clearly warning the user that invoking this feature writes new local files. While less severe than moving project data, silent persistence under the home directory can still create unexpected state, privacy concerns, or configuration tampering opportunities.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script recursively inventories a directory and writes file names, relative paths, sizes, and modification times into a manifest without any consent prompt, filtering for sensitive files, or warning about disclosure risk. In a file-management skill this is functionally intended behavior, but it can still expose sensitive project structure and metadata if run on repositories, home directories, or shared workspaces.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal