Back to skill

Security audit

Downloads Folder Organizer

Security checks across malware telemetry and agentic risk

Overview

This is a real Downloads organizer, but it deserves Review because it can move local files automatically and creates a persistent index of filenames beyond the files it organizes.

Install only if you are comfortable giving the skill authority to move files from Downloads and keep persistent logs plus a filename index. Review the dry-run carefully, avoid watch mode for sensitive or active Downloads folders, and consider editing the script to validate source and destination paths and to disable broad indexing unless explicitly needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill invokes a local Python script that reads, writes, and moves files and can run in a long-lived watch mode, yet the skill declares no permissions. That omission prevents informed consent and hides the true access scope from users, especially because the script can modify filesystem state and persist logs/configuration.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The stated purpose is simple file organization, but the documented behavior includes continuous monitoring, persistent indexing, config/log writes, and likely content-based classification. This broader behavior increases privacy and integrity risk because the skill may inspect file contents and maintain a durable record of files beyond what a user would reasonably infer from the description.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill goes beyond organizing Downloads files by recursively enumerating the entire configured target directory and writing a markdown index of all visible files into `~/.claude/skills/organize/index.md`. This creates a secondary inventory of potentially sensitive filenames and directory structure, which expands data exposure beyond the stated purpose of the skill.

Context-Inappropriate Capability

Medium
Confidence
76% confidence
Finding
Invoking an external `strings` subprocess on arbitrary downloaded files increases attack surface and can expose the host to parser/tooling bugs or unexpected behavior in the external utility. Because the input files come from Downloads and may be untrusted, content inspection via external binaries is more dangerous than simple extension-based classification.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The skill offers an automatic watch mode that continuously moves new files from Downloads without sufficiently warning about ongoing background modification of user files. This can surprise users, interfere with workflows, and repeatedly relocate sensitive or newly downloaded files into destinations they did not intend.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
In watch mode, newly created files are automatically classified and moved after a fixed delay with no confirmation, preview, or allowlist check. This can unexpectedly relocate important or partially-downloaded files, interfere with other applications, and cause integrity or availability problems for user data.

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.