Security audit

Paper Polisher

Security checks across malware telemetry and agentic risk

Overview

This does not look like malware, but it is explicitly designed to help academic writing avoid AI-detection signals.

Install only if you are comfortable with a tool whose central workflow is reducing AI-detection signals in academic writing. It appears local and user-directed, but users should not use it to misrepresent authorship, bypass institutional rules, or process confidential manuscripts without authorization.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (6)

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The trigger list contains broad phrases such as general writing-help and paper-polishing requests that can match ordinary academic assistance, increasing the chance the skill is invoked in contexts the user did not intend. In this skill, that matters because the advertised functionality includes AI-detection evasion and concealment of machine-generated text, so overbroad activation can route benign requests into misuse-oriented behavior.

Missing User Warnings

Medium

Confidence: 79% confidence
Finding: The skill encourages analysis of academic manuscripts but does not clearly warn users that papers may contain unpublished research, personal data, regulated content, or confidential institutional material. Even though the text claims '100% Local' and 'Zero Upload,' the absence of explicit sensitivity handling guidance increases the risk of unsafe processing, mishandling of confidential manuscripts, or inappropriate use in restricted environments.

Ssd 2

Medium

Confidence: 97% confidence
Finding: The skill is explicitly marketed around 'reduce ai detection,' 'remove AI traces,' and 'humanize AI text,' which indicates an evasion objective rather than ordinary proofreading or style editing. That makes the skill dangerous because it facilitates concealment of AI-generated academic work from reviewers, institutions, or detection systems, enabling academic dishonesty and policy circumvention.

Ssd 2

High

Confidence: 99% confidence
Finding: The documented 'De-AI Rewriting' workflow provides systematic instructions for altering text features that detectors use while preserving meaning, which is effectively an operational guide for evading AI-authorship detection. The surrounding context makes this more dangerous, not less, because the rest of the skill pairs detection, paragraph scoring, and targeted rewriting into a closed-loop evasion pipeline for academic manuscripts.

Ssd 2

Medium

Confidence: 98% confidence
Finding: These sections explicitly describe how to rewrite text to lower AI-detection scores, including removing signature phrases, varying sentence structure, and 'humanizing' output. That is detector-evasion guidance, which can enable academic fraud, policy circumvention, and concealment of AI-generated content while preserving deceptive intent.

Ssd 2

Medium

Confidence: 97% confidence
Finding: The trigger phrases and marketing language center on '降AI检测', '去除AI痕迹', and '人化AI文本', which position the skill as a tool for defeating AI-authorship detection rather than neutral proofreading. In context, this increases danger because the whole workflow is aimed at helping users disguise AI-generated academic writing.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.