Security audit

Humanize

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward text-editing skill that can overwrite files the user points it at, so it should be used with care but does not show hidden or malicious behavior.

Install this only if you are comfortable with a writing helper that may overwrite files you explicitly give it. For important documents, ask the agent to preview the rewrite or produce a diff before applying changes, or use pasted-text mode to avoid modifying originals.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill states that a provided file path 'reads and rewrites in place' without requiring confirmation, preview, or backup behavior. This creates a real integrity risk: a user may invoke the skill on the wrong file, or an unintended invocation could overwrite original content irreversibly.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The process step explicitly instructs the agent to write cleaned content back to the source file and then show a diff summary, meaning the overwrite occurs before the user has a chance to review or stop it. In the context of a broadly-invoked editing skill with Write/Edit permissions, this increases the chance of accidental data loss or unwanted modification of documentation and content files.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal