Security audit

Wanxiang Scroll Creation

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only writing skill, but it should be reviewed because it includes instructions to make AI-written text appear human and to reduce detector confidence.

Install only if you are comfortable with a writing assistant that includes AI-authorship concealment techniques. Do not use it where platform rules, academic policies, or client requirements require disclosure of AI-generated content or prohibit detector-evasion optimization.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (7)

Natural-Language Policy Violations

Medium

Confidence: 88% confidence
Finding: The skill hard-restricts output to Simplified Chinese, which can override user preference or accessibility needs and reduce user control over generated content. In this file the restriction is stylistic rather than overtly malicious, but it still creates unnecessary language coercion if the broader system expects user-directed output.

Natural-Language Policy Violations

Medium

Confidence: 90% confidence
Finding: The quality checklist mandates Simplified Chinese creation as a required precondition, reinforcing a fixed-language policy without user opt-in. This is not a code-execution or data-exfiltration risk, but it is a genuine policy/control issue because it can systematically suppress user choice and cause noncompliant outputs for users needing other languages or scripts.

Natural-Language Policy Violations

Medium

Confidence: 91% confidence
Finding: The skill explicitly bans Traditional Chinese and mandates Simplified Chinese without indicating that user preference can override this requirement. This creates an unnecessary output restriction that can conflict with user intent and reduce accessibility for users who require Traditional Chinese.

Natural-Language Policy Violations

Medium

Confidence: 94% confidence
Finding: The quality checklist operationalizes the same restriction by requiring the assistant to confirm Simplified Chinese creation as part of every run. Because it is framed as a mandatory pre-creation check, it can systematically override user language choice and reinforce non-consensual behavior.

Ssd 2

Medium

Confidence: 95% confidence
Finding: The instruction "朱雀v3检测置信度<30%" explicitly directs the model to reduce AI-text detector confidence, which is an evasion objective. Even in a writing skill, this encourages stealthy generation and can be repurposed to conceal synthetic or policy-violating content, making the skill more dangerous because it operationalizes detector avoidance as a quality target.

Ssd 2

Medium

Confidence: 95% confidence
Finding: This section provides a reusable prompt pattern explicitly aimed at making model output appear less AI-generated through role-framing (e.g. '喝了酒的网文作者') and intentional stylistic distortion. That is dangerous because it can be repurposed to evade AI-use disclosure policies, provenance controls, moderation heuristics, or platform rules that rely on honest representation of machine-generated text.

Ssd 1

Medium

Confidence: 98% confidence
Finding: The document repeatedly instructs the model to make text 'completely unlike AI-written text' and to inject deliberate imperfections so output will not look machine-generated. In a quality-control skill, that materially increases risk because it operationalizes authorship disguise as a core editing objective rather than incidental style improvement, enabling deception and policy evasion at scale.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.