Content Rewriter

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed cloud-backed content rewriting tool; the main risk is that selected text files are sent to Evolink for processing.

Install only if you are comfortable sending chosen drafts to api.evolink.ai. Do not use it on secrets, regulated data, private business documents, or customer information unless Evolink's terms fit your needs, and prefer explicit approval before an agent uses it for routine editing requests.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (8)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill advertises executable behavior that uses environment variables, shell commands, and file read/write via `scripts/rewriter.sh`, but it does not declare permissions explicitly. This can undermine platform trust and informed consent because users and policy layers may not realize the skill will access local files, invoke shell tooling, and transmit content off-host using an API key.

Vague Triggers

Medium

Confidence: 75% confidence
Finding: The trigger phrases are very broad, such as common requests to rewrite content or change tone, which increases the chance the skill is invoked in ordinary conversations without the user specifically intending to use this third-party integration. Because the skill sends user content to an external API, accidental activation could cause unintended data disclosure.

Natural-Language Policy Violations

Medium

Confidence: 84% confidence
Finding: Documenting `wechat` as producing Chinese output by default can cause the skill to transform user content into a different language purely based on platform selection, without explicit user consent to translation. This is primarily a user-intent and output-integrity issue rather than a direct security compromise, but it can lead to unexpected disclosure or misuse if users assume only formatting changes will occur.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The installer automatically copies files into a detected workspace and updates lock metadata without prompting the user or requiring an explicit destination confirmation. While this is common in package installers, it is still a real security concern because workspace detection is influenced by the current directory and environment variables, so a user can unintentionally modify an unexpected filesystem location.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The script reads arbitrary local file contents and sends them to the external EvoLink API for rewriting, scoring, or translation, but it does not present a clear user-facing warning or confirmation at the point of transmission. This creates a real privacy and data-handling risk because users may process sensitive documents without realizing their contents leave the local environment.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The script reads arbitrary local file content and sends it to a third-party API for rewriting, scoring, or translation, but it does not provide an explicit data disclosure warning or require a confirmation step at the point of transmission. In an agent/skill context, users may pass sensitive documents assuming local processing, creating a real privacy and data-handling risk.

External Transmission

Medium

Category: Data Exfiltration
Content: " "$native_prompt" "$native_content" "$native_payload" "$model" local response response=$(curl -s -X POST "$EVOLINK_API" \ -H "Authorization: Bearer $api_key" \ -H "Content-Type: application/json" \ -d "@$tmp_payload")
Confidence: 96% confidence
Finding: curl -s -X POST "$EVOLINK_API" \ -H "Authorization: Bearer $api_key" \ -H "Content-Type: application/json" \ -d

External Transmission

Medium

Category: Data Exfiltration
Content: " "$native_prompt" "$native_content" "$native_payload" "$model" local response response=$(curl -s -X POST "$EVOLINK_API" \ -H "Authorization: Bearer $api_key" \ -H "Content-Type: application/json" \ -d "@$tmp_payload")
Confidence: 97% confidence
Finding: curl -s -X POST "$EVOLINK_API" \ -H "Authorization: Bearer $api_key" \ -H "Content-Type: application/json" \ -d

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal