ClawHub

file-batcher-tool

Security checks across malware telemetry and agentic risk

Overview

This skill performs useful local file batching, but it can rename, move, and delete many files without enough warning or safeguards.

Review before installing. Use only on backed-up or test folders, avoid broad paths like home or Downloads unless you explicitly intend bulk changes, and require a preview plus confirmation before rename, organize, or convert operations. Be especially cautious with image conversion because this version removes the original files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README promotes batch rename and auto-organize features that can change filenames and move files in bulk, but it does not warn users that these are destructive filesystem modifications. In an agent skill context, unclear documentation increases the chance of accidental mass changes, data disorganization, broken references, or loss of access to files when invoked on broad paths like Downloads or home directories.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger text includes broad activation cues like 'organize files' or wanting to process multiple files, which can cause the skill to run in contexts the user did not clearly intend. For a skill that performs batch filesystem actions, overbroad triggering increases the risk of unintended destructive or privacy-impacting operations on user files.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill describes bulk rename, conversion, and organization commands without warning that these actions can overwrite files, break references, or reorganize important directories in irreversible ways. In a batch-file context, missing safety warnings and confirmations materially increases the chance of accidental data loss or operational disruption.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The convert operation deletes the original image immediately after conversion with `rm "$file"` and provides no confirmation, backup, dry-run mode, or failure validation beyond command chaining. In an agent context, this can cause unexpected and irreversible data loss if the user did not intend destructive conversion, selected the wrong folder, or the output format is unsuitable.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
Batch rename performs bulk in-place renames across all files in a directory without preview, confirmation, collision checks, or rollback support. A mistaken pattern or unexpected filenames can rename many files at once, potentially breaking references, workflows, or causing data loss through overwrites and name conflicts.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The organize command moves files in place into category folders without warning, preview, or confirmation, which can unexpectedly alter directory structure and disrupt applications or user workflows that depend on current paths. Because this happens in bulk, a mistaken target folder can relocate many files at once and be tedious to undo.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal