Back to skill

Security audit

Huorengan

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed bilingual writing-editing skill with no executable code, network use, credential access, or persistence.

Install this if you want an assistant to audit or rewrite text for a less AI-like voice. Review changes before sending or committing them, especially when using edit mode or when facts, quotes, commands, paths, or technical wording must remain exact.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger list is broad enough to match common requests like 'sound human' or 'say it like a real person', which can cause the skill to activate in situations beyond explicit user intent. That creates scope-control risk: the agent may rewrite user content unexpectedly, altering tone or meaning in workflows where only analysis or minimal help was intended.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.