Back to skill

Security audit

LobsterSkills Oil Gas AI Expert

Security checks across malware telemetry and agentic risk

Overview

This skill needs human review because it includes explicit AI-detection evasion and ghostwriting workflows that do not fit a petroleum IT assistant.

Install only after review or removal of the paper ghostwriting, plagiarism-reduction, and AI-detection-evasion content. Also require explicit opt-in and clear controls for any recurring crawling or push-update behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
This file is a how-to guide for bypassing AI-generated text detectors by manipulating sentence entropy, structure, vocabulary, and surface-level realism. That enables academic fraud and evasion of integrity controls, and it is unrelated to a petroleum IT expert skill, which makes the capability especially suspicious in context.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The documented behavior explicitly supports '过AI检测' circumvention, which operationalizes deceptive use of AI-produced text rather than legitimate domain expertise. Because the advertised skill blends petroleum IT topics with paper writing and detector evasion, the context increases risk by masking abuse-oriented functionality inside an otherwise plausible expert assistant.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger list is broad enough to activate on generic terms like '论文', '查重', and industry buzzwords, which can cause the skill to engage in contexts the user did not clearly intend. Because this skill includes high-risk behaviors such as ghostwriting and evasion assistance, unintended activation increases the chance of policy-violating or unsafe responses.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill states it will regularly crawl external sources and push weekly updates, but it does not clearly disclose consent, data handling, retention, or whether user data influences collection and push behavior. This creates privacy and transparency risks, especially if user interests, uploaded files, or behavioral data are used to personalize collection or notifications.

Natural-Language Policy Violations

High
Confidence
99% confidence
Finding
The document provides actionable evasion steps such as altering wording, mixing sentence lengths, introducing logical jumps, and adding fabricated-seeming specificity to appear human-written. These instructions directly help users defeat AI-detection safeguards and facilitate plagiarism, fraud, and policy evasion.

Ssd 2

High
Confidence
98% confidence
Finding
This section explicitly teaches users how to evade AI-generated text detection by 'humanizing' output through stylistic manipulation. That is dangerous because it facilitates academic dishonesty, circumvents trust and compliance mechanisms, and can be repurposed to disguise machine-generated fraudulent, deceptive, or spam content.

Ssd 4

High
Confidence
97% confidence
Finding
The workflow operationalizes ghostwriting by collecting requirements, drafting sections, integrating a full paper, and then offering plagiarism reduction and AI-detection avoidance as follow-on services. In context, this makes the skill more dangerous because it is not merely discussing writing techniques; it provides an end-to-end pipeline for producing deceptive academic submissions.

Ssd 2

Medium
Confidence
96% confidence
Finding
Even where phrased as stylistic advice, the substance is semantic guidance for making AI output less detectable by reshaping structure and tone to mimic human authorship. That kind of stealth optimization undermines integrity and moderation systems, and the mismatch with the stated petroleum-industry purpose makes it more dangerous, not less.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.