Security audit

File Writer

Security checks across malware telemetry and agentic risk

Overview

This skill teaches an agent safer ways to write and edit files, and the file-changing behavior is expected for that purpose.

Install this only if you want an agent to help create and edit local files. Before using it on important or sensitive files, confirm the exact path and intended change, keep backups for critical work, and review diffs before accepting large overwrites.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill gives detailed file creation and modification procedures, including overwrite, replacement, and restore workflows, without an explicit warning to confirm target paths, scope, and user intent before altering files. In an agent setting, that omission increases the risk of unintended modification of sensitive or unrelated files, especially because the skill is framed as a general reusable strategy.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal