Nm Scribe Slop Detector

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Markdown-only writing detector with some broad activation and optional edit guidance, but no hidden persistence, credential access, network exfiltration, or destructive behavior was found.

Install only if you are comfortable with a prose-quality skill that may activate on broad writing-related requests. Review its reports as suggestions, confirm before allowing remediation edits, and treat fiction/name and language-detection heuristics as subjective rather than objective proof of AI-generated text.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 90% confidence
Finding: The skill is presented as a detector, but it explicitly instructs the agent to invoke a separate doc-generation skill with a remediation flag to apply changes. That broadens behavior from analysis into modification, which can cause unintended edits or chained actions a user did not explicitly authorize, especially in automated workflows.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger terms are very broad and generic, including words like writing, cleanup, documentation, and quality. This increases the chance the skill activates during ordinary editing tasks where the user did not ask for AI-slop detection, leading to surprise behavior, overreach, or unwanted content judgments and follow-on actions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal