ClawHub
Back to skill

Security audit

Humanize Ai Writing

Security checks across malware telemetry and agentic risk

Overview

This skill edits local developer writing as advertised and includes review, stash, dry-run, and validation steps, with no evidence of hidden data access or exfiltration.

Install this only if you want an agent to rewrite files in the current repository. Run with --dry-run first, use a clean branch or committed worktree, and expect it may create a git stash, edit files across the codebase when --all is used, run validation tools, revert files that fail validation, and delete the review JSON after a successful run.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Memory PoisoningPersistent Context Injection, Context Window Stuffing, Memory Manipulation
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This markdown skill description states that it will 'Apply fixes' automatically, which implies direct modification of user files. Although later sections mention `--dry-run`, stashing, prompts for some risky fixes, and validation, the overview lacks a clear user-facing warning that the skill will rewrite files by default and may change multiple files across the codebase.

Memory Manipulation

High
Category
Memory Poisoning
Content
Partition remaining findings by `fix_safety`:

**Safe Fixes** (auto-apply):
- `chat_leak` - Delete conversational artifacts
- `cutoff_disclaimer` - Delete knowledge cutoff references
- `filler_phrase` - Delete filler phrases
- `heading_restatement` - Delete restating first sentence
Confidence
80% confidence
Finding
Delete conversation

Tool Parameter Abuse

High
Category
Tool Misuse
Content
On successful completion (all validations pass):
```bash
rm .beagle/ai-writing-review.json
```

If any validation fails, keep the file and report:
Confidence
85% confidence
Finding
rm .beagle/

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal