Back to skill

Security audit

PostKing · Brand Voice

Security checks across malware telemetry and agentic risk

Overview

The skill does not show hidden installation or data theft behavior, but it is designed to make AI-written content look human and avoid detection.

Use this only for legitimate editing, clarity, and voice cleanup. Do not use it to hide AI authorship where disclosure is required, and review any in-place file edits before publishing or committing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Natural-Language Policy Violations

High
Confidence
99% confidence
Finding
The skill explicitly promotes 'de-slop / humanize / AI-detection pass' functionality to make generated text appear human-written before publication. This is dangerous because it operationalizes AI-detection evasion as a product goal, which can facilitate deception, policy circumvention, and abuse in contexts where AI disclosure or provenance matters.

Natural-Language Policy Violations

High
Confidence
99% confidence
Finding
The example prompt instructs the agent to rewrite text so it 'doesn't read as AI-written,' which directly encourages concealment of machine authorship. In skill context, this is not an incidental phrase but a concrete usage example, increasing the likelihood that downstream agents will treat detector evasion as intended behavior.

Natural-Language Policy Violations

High
Confidence
100% confidence
Finding
The procedure instructs running a humanization step specifically to 'reduce AI-detection signals' immediately before content ships. This creates a repeatable workflow for optimizing deceptive output against detection systems, making the skill materially more dangerous than a generic rewriting tool.

Natural-Language Policy Violations

High
Confidence
99% confidence
Finding
The expected output defines success as content being de-slopped for lower AI-detection signal and reading as human. That embeds evasion into the acceptance criteria of the skill, incentivizing misuse and normalizing deceptive presentation of AI-generated content.

Natural-Language Policy Violations

High
Confidence
100% confidence
Finding
The verification step treats a lower AI-likelihood score as proof of success, effectively establishing a feedback loop for detector evasion. This is particularly risky because it turns detection tooling into an optimization target rather than a diagnostic, enabling systematic concealment of AI-generated content.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.