ClawHub

论文去AI味(最佳)

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed remote Chinese rewriting service, but its broad auto-invocation setting and academic-style “remove AI traces” framing create a Review-level risk for unexpected use and sensitive text disclosure.

Install only if you are comfortable sending the text, file contents, or public URLs you provide to ai-skills.ai for processing. Prefer explicit invocation, avoid confidential or regulated material unless third-party processing is approved, and do not use it to bypass academic, workplace, platform, or disclosure rules about AI-generated writing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The code sends all user-provided parameters to a remote service, while the skill description presents it as a content-diagnosis/rewriting assistant without making that data flow explicit. This creates a meaningful transparency and data-handling risk because users may submit sensitive drafts, internal documents, or regulated content under the assumption processing is local or self-contained.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The manifest enables implicit invocation for a broadly described rewriting skill without any visible trigger constraints, scope limitations, or user-consent gating. That increases the chance the agent will auto-apply the skill in unrelated contexts, potentially rewriting user content unexpectedly or assisting with concealment/evasion tasks such as disguising AI-generated text without an explicit, deliberate invocation.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The activation question and skill framing are broad enough to overlap with ordinary rewriting, editing, and polishing requests, which can cause the agent to invoke this skill in situations where the user did not explicitly ask for AI-humanization. That creates a policy and UX risk because the skill is specifically designed to disguise AI-origin text, including for academic content, and could be triggered on sensitive requests without clear user intent boundaries.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
User-supplied params are transmitted over the network together with authentication headers, yet this file provides no user-facing notice or confirmation before exfiltrating potentially sensitive input. For a skill framed as rewriting or removing 'AI traces,' users are especially likely to submit unpublished manuscripts, marketing plans, or private business text, increasing the privacy impact.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal