Back to skill

Security audit

文件整理

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only file organizer that may move loose workspace files, but the behavior is disclosed and aligned with its purpose.

Install only if you want the agent to organize loose workspace files into a user/ folder. Before cleanup runs, ask the agent to show the planned moves and avoid using it in active project directories where existing paths matter.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The activation criteria are very broad, covering common situations like creating files, downloading files, or noticing directory clutter. This can cause the skill to trigger in many normal workflows and perform file moves or organizational changes without sufficiently specific user intent, increasing the chance of unintended modifications.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly instructs moving 'scattered files' into new locations but does not require warning, preview, or confirmation before disruptive file operations. Moving files can break user workflows, references, scripts, or tooling that depend on existing paths, especially in loosely structured workspaces.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.