Humanize Chinese

Security checks across malware telemetry and agentic risk

Overview

This is a local Chinese text rewriting skill with expected file-output behavior, but users should be careful because broad editing requests may trigger it and output paths can overwrite files.

Install this only if you want a local Chinese text humanization tool. Prefer pasted-text or detection-only use when unsure, review rewritten output before publishing, and choose output filenames carefully because existing files at the specified path may be overwritten.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The trigger phrases are broad and overlap with ordinary editing requests such as '帮我润色' or '改得自然一点', which can cause the skill to activate unexpectedly in many normal writing contexts. Because the skill can read files, write/edit content, and execute scripts, accidental invocation could lead to unintended content transformation or file operations beyond what the user specifically requested.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill documents commands that write output files and batch-rewrite documents, but it does not warn the user that files may be created or modified. In a writing-assistance context, this increases the risk of silent overwrites, unintended output generation, or bulk modification of user content, especially when combined with shell execution.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal