ClawHub

Ai File Organizer

Security checks across malware telemetry and agentic risk

Overview

This is a file organizer with plausible purpose, but it can move user files and its documentation overstates safety, cloud, AI, and recovery features that the code does not actually provide.

Review before installing. Test only on a disposable folder, keep backups before using duplicate cleanup, do not rely on documented dry-run or interactive modes unless they are implemented, and avoid cloud or AI credential configs until the maintainer clearly documents what data is uploaded and when.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (10)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill advertises and demonstrates file read/write and shell-driven execution but does not declare any permissions or capability boundaries. In an agent ecosystem, this creates a transparency and policy-enforcement gap: users and the platform may not realize the skill can enumerate, rename, move, delete-like, and sync files, which increases the chance of overbroad filesystem access and unintended destructive actions.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The quickstart states that organization is copy-only and preserves originals, but elsewhere documents duplicate cleanup as moving files to a separate folder. This inconsistency can mislead users about whether operations are reversible, increasing the risk of unintended data movement or loss when they follow destructive cleanup guidance.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The header advertises AI analysis, cloud sync, and archiving capabilities that are not implemented in the code. This is dangerous because users may grant broader trust, permissions, or deploy the skill in higher-risk workflows under false assumptions about what it does, reducing their scrutiny of real file-moving behavior.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The demo output claims cloud sync, version management, AI analysis, and interactive confirmation features that are not actually present. In a file-management skill, misleading users about confirmation and recovery capabilities can directly increase risk because they may assume destructive or privacy-impacting actions are safer and reversible when they are not.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The changelog advertises automatic synchronization to third-party cloud services, but does not mention any user consent, warning, or privacy implications. In a file-organizer skill that may process arbitrary local files, this can lead users to unknowingly transmit sensitive content or metadata off-device, increasing confidentiality and compliance risk.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The guide recommends setting up a cron job to run file organization automatically, but does not clearly warn that this will repeatedly modify filesystem contents without interactive review. Scheduled execution raises the chance of silent misclassification, unwanted copying/moving, or accumulation of changes over time.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README advertises AI content analysis and cloud sync as core features but does not clearly warn that file contents and metadata may be transmitted to external AI or storage providers. In a file-organizing skill, users may point the tool at sensitive personal or work directories, so omission of a prominent privacy warning can lead to unintended disclosure of confidential data.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The cloud_sync example enables automatic post-organization syncing with provider credentials and auto_sync: true, but the documentation does not explicitly warn that local files may be uploaded to external cloud infrastructure. Because this skill processes arbitrary user files, this can cause accidental exfiltration of sensitive documents if users copy the example configuration without understanding the privacy consequences.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger phrases include ordinary language such as '帮我整理文件' and '清理重复文件', plus scheduled and monitored auto-trigger scenarios, which can cause the skill to activate during routine conversation without sufficiently explicit consent. Because the skill can perform filesystem changes and possible cloud sync, accidental invocation could lead to renaming, moving, deduplication, or uploads the user did not intend.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
clean_duplicates() moves files automatically after identifying duplicates, with no confirmation prompt, dry-run mode, or explicit warning at the point of action. In a file-organizer skill, this can cause unintended file relocation and operational data loss if users misunderstand the command or if duplicate detection yields surprising results.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal