Back to skill

Security audit

Pub Humanizer

Security checks across malware telemetry and agentic risk

Overview

This appears to be advertised as a text-humanizing skill, but the reported artifact surface includes unrelated external API, scraping, email, and SMS/OTP capabilities that users should review carefully before installing.

Install only if you intentionally want a broad external API broker, not just a local text humanizer. Before using it, confirm which provider receives your text, files, audio, search targets, emails, or phone numbers; require explicit approval before any email or SMS is sent; and avoid feeding it sensitive documents or credentials unless the data handling is clear.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (14)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill is labeled as a narrow 'humanizer' but actually exposes a broad general-purpose API broker for chat, media generation, search, document processing, email, and SMS. This mismatch can cause users or orchestrators to invoke the skill under false assumptions, enabling unexpected external actions and data transfers well beyond the declared purpose.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
Email sending is an externally effectful capability unrelated to the stated text-humanization purpose, which makes misuse easier and less visible to users. A mis-scoped skill can be used to send arbitrary outbound messages, creating spam, phishing, data leakage, or unauthorized communications risk.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
SMS verification and OTP workflows are high-sensitivity, externally effectful operations that do not fit a text-humanization skill. Their inclusion broadens abuse potential to unsolicited messaging, account workflow interference, and covert external interactions without appropriate expectation-setting.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
Web search and scraping are outside the narrow stated purpose and introduce unnecessary external data flow and retrieval capabilities. This expands the skill's operational surface and can enable unintended browsing, content exfiltration, or retrieval of untrusted data under a misleadingly narrow label.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
Image, video, audio, speech, and music features are unrelated to humanizing text and significantly expand the skill beyond its declared scope. Even if individually legitimate, bundling them under a misleading skill increases the chance of accidental invocation, data transfer, and policy bypass via capability confusion.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The file exposes broad web search, scraping, and executive-transcript retrieval capabilities that materially exceed the stated skill purpose of text humanization. This capability mismatch is dangerous because it can conceal expanded data-collection functionality from reviewers and users, increasing the chance of misuse, overprivileged deployment, or unauthorized information gathering under an unrelated skill label.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
LinkedIn, Amazon, YouTube, Google Images/News, and CEO interview retrieval are unrelated to making text sound human-written and introduce unnecessary OSINT and profile-gathering capabilities. In this context, the mismatch makes the skill more dangerous because unrelated collection features can be leveraged for surveillance, profiling, or data harvesting without clear justification tied to the advertised function.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The documented tool surface materially exceeds the stated purpose of a 'humanizer' skill by including document parsing, email, SMS/OTP, embeddings, and presentation generation. This creates unnecessary capability breadth and increases the chance that the skill can be repurposed for data exfiltration, unsolicited outbound messaging, or workflow abuse beyond user expectations.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
Email and SMS/OTP capabilities are especially risky in a skill whose declared purpose is text humanization because they enable outbound communication and verification workflows unrelated to the core function. If exposed to prompts or chained actions, these tools could be abused for spam, phishing, social engineering, OTP interception workflows, or unauthorized notifications, making the mismatch more dangerous in this context.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill is marketed primarily as a text humanization tool, but this file documents unrelated video-generation capabilities including text-to-video and image-to-video models. This kind of capability expansion increases the attack surface, can mislead reviewers and users about the true scope of the skill, and may enable policy evasion by bundling higher-risk media generation features under a benign-seeming manifest.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The invocation description is overly broad and lacks clear trigger boundaries, making it easier for an agent to select this skill for many unrelated tasks. Because the skill includes external and effectful capabilities, vague routing criteria increase the chance of unintended execution and misuse.

Missing User Warnings

High
Confidence
98% confidence
Finding
The documentation repeatedly instructs sending prompts, audio, documents, and other content to a third-party API but does not warn users that their data leaves the local environment. This omission is dangerous because users may unknowingly transmit sensitive text, files, or media to external providers and downstream sub-processors.

Missing User Warnings

High
Confidence
98% confidence
Finding
The email and SMS sections describe actions that send messages to external recipients but provide no warnings, confirmations, or constraints. Without explicit notice and approval steps, the skill can be used for unauthorized outbound communication, abuse, or social engineering under a misleadingly benign label.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The scraping and profile-search capabilities are presented without any privacy, consent, data-handling, or site-terms guidance, which increases the risk of improper collection and downstream misuse of personal or restricted data. This is especially concerning here because the skill already appears broader than its stated purpose, so absent safeguards make hidden or careless misuse more likely.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.