Back to skill

Security audit

Writing Tone Clone

Security checks across malware telemetry and agentic risk

Overview

This code-free skill is transparent about cloning writing style, but it asks for private personal writing and saves a reusable voice-cloning skill without consent, privacy, or retention safeguards.

Review carefully before installing. Use it only with your own writing or with explicit permission, redact private details and third-party content, inspect any generated voice-profile files before reuse, and avoid presenting AI-written text as if it was written by the person being modeled.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly solicits highly sensitive personal writing sources such as diaries, journals, personal emails, and messages without any privacy warning, consent guidance, minimization, or redaction requirement. This creates a real risk of exposing intimate personal data, third-party data, and sensitive context to the model and to generated artifacts.

Natural-Language Policy Violations

Medium
Confidence
92% confidence
Finding
The metadata explicitly promises replication of someone's exact writing style, which creates a clear impersonation and identity-mimicry capability without any stated consent, authorization, or safety boundary. In this skill's context, that is materially risky because the described inputs include diaries, emails, and social posts, making it easy to clone a real person's voice for deceptive communications, fraud, or non-consensual impersonation.

Ssd 3

Medium
Confidence
96% confidence
Finding
The skill encourages ingestion of private writing and direct quotation from it as evidence, which increases the chance that sensitive or identifying material is reproduced verbatim in outputs. In this context, the requested sources are especially intimate, so preserving quotes can leak private facts and enable style impersonation or misuse of another person's voice.

Ssd 3

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to package extracted style traits, sample phrases, and avoidance rules into reusable reference files and a deployable SKILL.md, effectively operationalizing personal writing into an impersonation tool. Persisting these artifacts raises the risk of long-term storage, redistribution, and repeated misuse beyond the original analysis session.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.