文章风格克隆助手

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed writing helper that sends user-provided reference and draft text to an LLM API to rewrite it in a similar style.

Install only if you are comfortable sending pasted reference articles and draft material to the configured LLM provider. Use a dedicated API key, verify API_BASE before running, avoid private or regulated content unless provider terms permit it, and do not use the skill to impersonate real people or misrepresent authorship.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The script transmits full reference articles and source content to an external LLM service without an explicit privacy warning, consent step, or redaction guidance. In this skill's context, users may paste unpublished drafts, proprietary writing samples, or personal data, so silent third-party transmission creates a real confidentiality risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal