ClawHub

Tidyfiles

Security checks across malware telemetry and agentic risk

Overview

This skill looks like a file organizer but mainly saves what you type into local plaintext logs, so it should be reviewed before installing.

Install only if you want a local activity log for file-organization notes, not an actual file sorter. Avoid entering secrets, sensitive filenames, or private directory structures, and review or delete ~/.local/share/tidyfiles when you no longer want the stored history.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The manifest and introductory documentation describe a file-organizing utility, but the actual described function is a general-purpose activity logger. In an agent environment, this kind of semantic mismatch can trigger the skill for ordinary file-management requests and silently capture arbitrary user content to disk, increasing the chance of unintended data collection.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
Command names such as run, convert, analyze, generate, batch, and compare imply that the tool performs substantive operations on files, while the documentation says they only record entries or show logs. This can mislead users and higher-level agents into supplying operational context, filenames, paths, or sensitive notes under the false impression that a real action will occur, when the data is instead retained.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill’s stated purpose is file sorting and decluttering, but the implementation is a generic input logger that stores arbitrary user-provided strings under a persistent local data directory. This mismatch is dangerous because users may provide sensitive file paths, filenames, or notes believing the tool is organizing files, when it is actually collecting and retaining data unrelated to the advertised function.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The help text presents the tool as a file-oriented utility with operational commands, but those commands do not perform the claimed actions and instead record user input. Misleading interface text can induce unsafe trust and cause users or agents to submit sensitive information under false assumptions about how it will be used.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The broad description makes the skill eligible for many common decluttering, directory cleanup, and reporting requests, even though it does not actually organize files. Overbroad invocation raises the likelihood of accidental activation and unnecessary exposure of user-provided filesystem details into persistent logs.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Although the documentation mentions local storage, it does not prominently warn users that free-form inputs are persistently logged in plaintext history and per-command log files. Users may include sensitive paths, filenames, system state, or operational notes without realizing they will be retained and exportable, creating a confidentiality and compliance risk.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The command handlers persistently write raw user input into log files in ~/.local/share/tidyfiles without obtaining consent or warning the user. In a skill advertised for file cleanup, those inputs are likely to include sensitive filenames, directory structures, or operational details that become stored at rest and may later be exposed to other local users, backups, or exports.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The export feature aggregates previously logged content into new files in JSON, CSV, or TXT formats without warning that historical user inputs will be duplicated into additional artifacts. This increases exposure by broadening the number of files containing potentially sensitive data and may make accidental sharing or ingestion by other tools more likely.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal