Folder UI Visualizer - show the folder through HTML (via Telegram)

Security checks across malware telemetry and agentic risk

Overview

This folder visualizer is mostly what it says it is, but it sends local directory reports to Telegram while underplaying that external data sharing.

Review before installing. Use only on folders whose names, structure, timestamps, sizes, and absolute path you are comfortable sending through Telegram. Keep the bot token protected, confirm the target folder and chat destination before sending, and avoid sensitive directories unless the skill adds a clear local-only mode or explicit per-use consent.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (11)

Description-Behavior Mismatch

Medium

Confidence: 98% confidence
Finding: The skill is presented as a local folder visualizer, but its documented workflow includes sending the generated HTML report to Telegram, which is external data exfiltration. This mismatch is dangerous because users may authorize the skill expecting only local processing while directory contents and filenames are transmitted off-host.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: Requiring a Telegram bot token gives the skill outbound communication capability that is not necessary for generating a directory tree locally. In practice, this expands the blast radius by enabling automated transmission of potentially sensitive file names, paths, and project structure to an external service.

Intent-Code Divergence

High

Confidence: 99% confidence
Finding: The security notes claim that no data is uploaded to third-party servers, yet the instructions explicitly post the generated report to the Telegram API. This deceptive or inaccurate privacy claim can cause users and operators to underestimate real exfiltration risk and approve handling of sensitive directories they otherwise would not share.

Description-Behavior Mismatch

Medium

Confidence: 90% confidence
Finding: The script silently creates a new HTML file on local disk containing a listing of directory contents, but this side effect is not clearly disclosed by the skill description or in-band user messaging. In an agent setting, undisclosed file creation can surprise users, leave sensitive artifacts behind, and facilitate unintended persistence of enumerated filesystem metadata.

Intent-Code Divergence

Medium

Confidence: 94% confidence
Finding: Using path.resolve normalizes the input path but does not restrict it to a safe base directory, so a user-supplied argument can still point to any readable location on the filesystem. In this skill, that means the tool can enumerate arbitrary directories and package their contents into an HTML report, increasing the risk of sensitive local information exposure.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: A broad trigger such as showing what is inside a directory can activate this skill in routine conversations without making the upload behavior obvious. Because the skill performs external transmission and cleanup, accidental invocation can lead to unintended disclosure and destruction of the generated artifact.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The keyword set contains very generic directory-related terms that can match benign requests for local inspection. In the context of a skill that exports results to Telegram, overly broad activation materially increases the chance of unintended exfiltration of sensitive folder structures.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The user-facing description emphasizes a secure local visualizer but does not clearly warn that the resulting directory report will be transmitted to Telegram. Omission of that fact undermines informed consent and can expose confidential filenames, paths, and project layout to an external platform.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill mandates deletion of the generated file regardless of outcome, but does not warn the user that this cleanup is irreversible. This can hinder review, incident response, or recovery if the report was sent unintentionally or transmission failed and evidence is needed.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The code writes a persistent HTML report of directory contents without any user-facing warning in the tool itself. Even if intended, silently producing a file that contains potentially sensitive filenames and timestamps can expose data to later viewers, backups, sync tools, or other processes on the machine.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The function recursively enumerates directories and captures names, sizes, and modification dates for all reachable entries, which may reveal sensitive filesystem structure and metadata. In the context of an agent skill designed to generate shareable HTML for Telegram/mobile viewing, this disclosure risk is heightened because the output is intended for easy viewing and likely sharing.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal