Mardown Notes Organizer

Security checks across malware telemetry and agentic risk

Overview

This notes organizer does not appear malicious, but it can bulk move and edit a Markdown notes folder in place without strong preview, rollback, or confirmation safeguards.

Install only if you are comfortable granting it recursive read/write authority over the notes directory you provide. Run it on a copied or backed-up vault first, do not rely on the advertised undo/backup claims, and review the generated .organize_log.json as a record only, not as a restore plan.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill clearly describes reading, moving, modifying, and cleaning files, but it declares no permissions. That mismatch can prevent informed consent and proper sandboxing, especially for a tool that rewrites notes and deletes directories/files during cleanup. In this context, undeclared file read/write capability is security-relevant because the skill operates over a user-supplied directory path and can materially alter local data.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 88% confidence
Finding: The behavior goes beyond the top-level description by creating a hidden operation log and performing cleanup of empty directories. Hidden metadata files and cleanup actions can surprise users, leak note structure/configuration, or remove artifacts they did not expect to be touched, which is especially sensitive in a note-management skill operating on personal knowledge bases. The skill context makes this more dangerous because users are likely to point it at large, valuable document trees and trust the declared scope.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The README describes operations that move Markdown files, reorganize directories, insert links, and optionally clean up directories, but it does not prominently and explicitly state that these changes are performed in place on the original note repository. In an agent or CLI context, insufficient disclosure about destructive or bulk-modifying behavior can lead users to run the tool on valuable data without understanding that their files and structure will be altered, increasing the risk of accidental data loss or corruption.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal