unzip-all

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims, but its archive extraction can write files outside the chosen folder and it automatically deletes source archives after successful extraction.

Install only if you trust the archives you will process and are comfortable with automatic deletion of successfully extracted source files. Prefer running it on a copied test folder, avoid untrusted zip files, and ask the publisher to add path containment checks, overwrite protection, and an opt-in delete-original mode.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill declares no permissions even though its documented behavior requires reading user-selected files and invoking external shell tooling. This creates a transparency and trust problem: users and hosting frameworks cannot accurately assess or constrain the skill's capabilities, increasing the risk of unintended file access or command execution.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 96% confidence
Finding: The stated purpose is archive extraction, but the behavior also includes destructive deletion of originals and execution of an external executable discovered via the Windows registry. These side effects materially expand the risk surface: successful misuse or malformed inputs could cause data loss, execution of an unintended binary, or user surprise about actions beyond simple decompression.

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The skill description says it recursively extracts archives, but the implementation also deletes the original archive after each successful extraction. This mismatch can cause unexpected data loss, especially when users expect decompression to be non-destructive or rely on the original archive for backup, verification, or legal retention.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The invocation phrases are broad everyday commands like '解压这个文件' and '把里面的压缩包都解开', which can cause overly eager activation in ambiguous contexts. Because the skill performs recursive extraction and deletes originals after success, accidental triggering could lead to widespread filesystem changes and irreversible data loss.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal