Trash Cli

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward trash-cli reference skill, but permanent trash cleanup commands should be confirmed before use.

Install this only if you want an agent to help manage local trash-cli operations. Require explicit confirmation before running trash-empty, trash-rm, restore with --overwrite, --all-users listing, sudo .Trash setup, or edits to shell startup aliases.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: The manifest description frames the skill as providing recoverable deletion and as a safer alternative to rm, but the same skill also documents commands that permanently erase trashed content. That mismatch can mislead an agent or user into selecting the skill under the assumption that deletion is always reversible, increasing the chance of unintended permanent data loss.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill documents trash-empty, including the all-items form, without a prominent irreversibility warning. In an agent context, concise examples like 'trash-empty' can be copied directly and lead to complete permanent deletion of recoverable files, defeating the safety premise of the skill.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal