Skylv Smart Renamer

Security checks across malware telemetry and agentic risk

Overview

This is a real local batch-renaming tool, but it can immediately change many filenames without strong safeguards.

Review before installing. Use it only on selected, backed-up folders; run preview first; avoid rule arguments containing slashes, '..', or broad regular expressions; manually check for duplicate target names before apply; and remember that undo depends on the local .rename-history.json file.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: Broad trigger keywords like 'rename', 'batch rename', 'file rename', and 'organize files' can cause the skill to activate in contexts the user did not intend, especially in agentic environments where routing is keyword-driven. Because this skill performs bulk file modifications, unintended activation could lead to accidental renames, disruption of workflows, or user confusion before the mistake is noticed.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The description emphasizes convenience features but does not clearly warn that the skill can modify filenames in bulk and change extensions, which are potentially disruptive file-system actions. In practice, inadequate disclosure increases the chance that users or supervising agents invoke it without appreciating the scope of the changes, leading to accidental data organization issues, broken references, or workflow interruption.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal