Back to skill

Security audit

Humanize AI

Security checks across malware telemetry and agentic risk

Overview

This is a local text-cleanup skill that reads and rewrites user-selected text files, with no evidence of network access, credential use, persistence, or hidden behavior.

Install only if you want a local text-editing tool and are comfortable with its detector-bypass framing. Run it on copies or version-controlled files first, avoid broad batch globs in important folders, review diffs before keeping rewritten text, and follow any school, workplace, publisher, or platform rules about AI-assisted writing disclosure.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The 'use when' description is broad and includes general text-processing and detector-bypass language, which can cause the skill to be invoked in overly wide contexts. Because the skill has Shell, Read, and Write capabilities, over-triggering increases the chance of unnecessary file modification or use for policy-evasive rewriting tasks.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The documentation recommends batch in-place rewriting of multiple files using a temporary file and mv, but does not warn about destructive modification, backups, previewing changes, or scoping the target set carefully. In an agent setting, this can lead to accidental bulk changes to user content with limited opportunity for review.

Ssd 2

Medium
Confidence
95% confidence
Finding
The skill description explicitly frames the capability as helping users 'bypass' AI detectors, which is an evasion-oriented use case rather than neutral text cleanup. That makes the context more dangerous because the rewriting functionality is being positioned to defeat downstream safeguards or authenticity checks.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.