ClawHub

Humanizer

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only writing editor that can rewrite local documents, with the main risk being misuse to hide AI assistance where disclosure is expected.

Install only if you want a document-editing aid that makes AI-sounding text more natural. Use it on specific text or files, review changes before saving, and do not use it to evade academic, workplace, legal, publishing, or other AI-disclosure rules.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The README suggests invoking the skill broadly when editing documents, without narrowing the use case or requiring user confirmation that concealment of AI authorship is appropriate. In practice, this can cause the agent to apply deception-oriented rewriting in contexts where provenance, disclosure, or authenticity matter, increasing misuse risk.

Natural-Language Policy Violations

Medium
Confidence
91% confidence
Finding
The core description explicitly frames the skill as removing signs of AI-generated writing, which facilitates concealment of AI involvement rather than ordinary style editing. Without opt-in, disclosure, or policy limits, the skill can be used to evade transparency rules, academic or workplace policies, and trust controls around AI-generated content.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The skill description is broad enough to be invoked during routine editing or review, not just narrowly scoped stylistic cleanup. That increases the chance the agent will rewrite user content in contexts where authorship transparency, accuracy preservation, or policy compliance matters, leading to unintended misuse.

Natural-Language Policy Violations

High
Confidence
94% confidence
Finding
The skill explicitly aims to remove signs of AI-generated writing and make text appear human-written, which can facilitate concealment of AI authorship. In contexts such as education, journalism, compliance, or fraud screening, this undermines transparency requirements and can be used to evade detection or misrepresent the origin of content.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal