Back to skill

Security audit

Filesystem 1.0.0

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only filesystem helper with broad but disclosed local file commands and no evidence of hidden execution or data exfiltration.

Install only if you want a general-purpose filesystem command helper. Before running delete, move, rename, or in-place replacement examples, ask the agent to show the exact matched files and command first, avoid broad home or system paths unless intentional, and use backups for important data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill description is extremely broad and encourages activation for a wide range of filesystem tasks, including batch copy/move/delete and recursive search. Overly broad activation increases the chance the agent will invoke a powerful file-manipulation skill in situations where a narrower, safer capability would suffice, raising risk of unintended data exposure or destructive operations.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.