文件管理大师

Security checks across malware telemetry and agentic risk

Overview

This appears to be a local file-management tool, but it can immediately bulk rename or move files and its installer can persistently change command resolution without clear opt-in.

Review this before installing if you care about command-path changes or bulk file operations. Avoid running it on important folders until you have a separate backup, and do not allow PATH or /usr/local/bin changes unless you intentionally want the file-master command installed globally.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 87% confidence
Finding: The skill documents capabilities that clearly require file read/write and shell-style execution, yet no permissions are declared. In an agent ecosystem, this creates a trust and consent gap: users and reviewers cannot accurately assess what access the skill needs before installation or execution, increasing the risk of over-privileged or unexpected filesystem operations.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 82% confidence
Finding: The documented behavior goes beyond simple file management by including installation steps and examples that imply modifying the local environment, such as installing commands and potentially changing executable paths. When a skill's declared purpose does not fully disclose environment modification or broader system changes, users may authorize it expecting ordinary file operations while it performs more invasive actions.

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: The installer changes command discoverability by modifying the user's PATH on Windows and creating a /usr/local/bin symlink on Unix-like systems. That behavior affects global command resolution and can create persistence or command-shadowing risk, especially because it occurs automatically and is broader than the core file-management function itself.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The installer writes files, creates executable launchers, and attempts PATH or system-link changes without an explicit upfront warning or confirmation. For an installation script that alters command resolution and filesystem state, lack of informed consent increases the chance of unsafe or surprising system modifications.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal