Batch Renamer
Security checks across malware telemetry and agentic risk
Overview
This batch renaming skill is not malware-like, but it needs review because its install instructions point to an unverified global package and its bulk file changes have weaker safeguards than advertised.
Install only if you are comfortable reviewing and running the included Python script directly. Avoid the global npm install unless you independently trust that package, run --preview first, test on copied folders, and do not use patterns or regex replacements that can produce slashes, absolute paths, or parent-directory references.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.