ClawHub

compress-file-sorter

Security checks across malware telemetry and agentic risk

Overview

This archive sorter is mostly coherent, but it can move files based on rule-controlled paths that are not fully constrained to the chosen output folder.

Review data/rules.json before running execute, keep target directories simple relative names, use preview mode first, avoid overwrite mode, and be cautious with password-protected 7z/rar files or optional archive-tool installs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill directs the agent to use shell commands and read/write files, but the skill manifest does not declare corresponding permissions. This creates a capability/permission mismatch that can bypass review expectations and increases the chance of the skill being invoked with more power than is transparently disclosed.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill description says to use this skill whenever the user mentions broad terms like '解压' or file classification, which is overly generic and may overlap with ordinary conversation. Over-broad triggers can cause unintended invocation of a skill that performs shell execution and file operations, increasing the risk of unsafe or surprising actions.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The workflow trigger examples such as '分类这个文件' or '整理这个压缩包' are not specific enough and do not define required preconditions, user confirmation boundaries, or non-matching cases. In context, this matters because the skill can extract archives, persist rules, and move files, so accidental triggering could lead to unintended filesystem changes.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The execute path performs real file moves into user-specified output subdirectories, and the configured conflict strategy may overwrite or silently relocate files without an explicit confirmation at execution time. In a file-management skill, this is operationally risky because a bad rule, malicious archive contents, or an unexpected target_dir can cause user data loss or confusing reorganization.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal