ClawHub

smart-file-organizer-pro

Security checks across malware telemetry and agentic risk

Overview

This is a local file organizer that can move, rename, archive, and deduplicate files, with no evidence of hidden network access or credential use.

Install only if you are comfortable running a tool that reorganizes local files. Start with --preview on a small test folder, keep backups enabled, avoid broad or sensitive directories until you understand the results, and do not configure duplicate handling to delete unless you intentionally accept that risk.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The quick-start section presents commands that perform real file reorganization without a prominent warning that they will immediately modify the target directory. Users may run example commands assuming they are demonstrations, causing unintended bulk moves, renames, or archival changes to important files.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
Documenting a directory watch mode without warning about continuous background changes is risky because it can cause ongoing, unattended file moves or renames as new files appear. In a file-management context, persistent automation amplifies the chance of repeated mistakes or unexpected reorganization of user data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script performs real file moves, renames, duplicate handling, and possible deletion by default unless the user explicitly supplies --preview. In an agent skill context, this is risky because an automated invocation or an imprecise path can cause unintended bulk modification or data loss without a final confirmation gate.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal