File Sorter

Security checks across malware telemetry and agentic risk

Overview

This is a local file organizer with disclosed file-moving, copying, linking, preview, and undo behavior, with only minor documentation gaps.

Install only if you are comfortable giving it control over folders you explicitly point it at. Use preview first, remember that move is the default action, be cautious with symlink mode, and keep the backup log if you may need undo.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill clearly describes file read/write behavior but does not declare corresponding permissions, which weakens reviewability and can bypass permission-based safety controls. For a file-management skill, these capabilities are expected, but the lack of explicit declaration still increases the risk of unintended or overly broad filesystem access.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 88% confidence
Finding: The documented purpose and the described behavior do not fully align: the skill can copy files, create symbolic links, and undo prior operations, while also claiming keyword classification without documenting how it works. This mismatch is dangerous because users and reviewers may authorize a seemingly simple organizer while the skill performs additional filesystem-altering actions that can duplicate data, alter directory structures, or create links with security implications.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal