Back to skill

Security audit

Humanizer

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only writing tool with no code or network access, but it explicitly optimizes text to avoid AI-detection signals and can edit local files in place.

Install only if you are comfortable with a tool whose purpose includes making AI-like writing harder to recognize as AI-assisted. Use rewrite or detect mode before edit mode, review diffs for important files, and keep secrets or private material out of humanizer-context.md.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill supports in-place editing of user files via `--mode edit` and `--file` but does not require an explicit confirmation step or warn that the target file will be modified. That increases the risk of accidental data loss or unintended changes, especially because the skill is user-invocable and framed as an editing utility.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill auto-loads `humanizer-context.md` from the project root without warning the user that additional local content may be read and incorporated into processing. This can unexpectedly pull in sensitive project data, brand guidance, or internal text and expose it in outputs or rewrite behavior without informed user consent.

Ssd 2

Medium
Confidence
95% confidence
Finding
These instructions explicitly optimize text to evade AI-detection heuristics by manipulating burstiness, perplexity, and other detector-oriented signals rather than merely improving clarity or style. That materially enables provenance obfuscation and can help users disguise AI-generated content as human-authored in academic, professional, or compliance-sensitive contexts.

Ssd 2

Medium
Confidence
96% confidence
Finding
The scoring rubric and rewrite goals are explicitly framed around making text read as 'pristine human' and ensuring 'no detector should flag it,' which goes beyond normal copyediting into deliberate anti-detection optimization. This increases misuse potential for plagiarism evasion, policy circumvention, and fraudulent representation of authorship.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.