ClawHub

Ai Humanizer 2.1.0

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed offline writing-editing skill, but users should avoid using it to hide AI authorship where disclosure matters.

Use this as an editing aid for text you choose to provide. Do not use it to misrepresent authorship, fabricate personal experience, or bypass school, workplace, publication, or platform disclosure rules. If installing the CLI, verify the GitHub source and package contents first.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • System Prompt LeakageDirect Leakage, Indirect Extraction, Tool-Based Exfiltration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Vague Triggers

Medium
Confidence
80% confidence
Finding
The trigger phrases are broad enough to match many ordinary editing or writing-assistance requests, so the skill could activate when the user did not specifically ask for AI-text humanization. That can silently rewrite tone, style, and wording in ways that override user intent, obscure provenance, or facilitate policy-evasion use cases such as disguising generated content.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The 'Always-on mode' section explicitly instructs operators to embed this behavior into a personality or system prompt, causing the skill to modify outputs even when the user did not request it. Persistent hidden rewriting is dangerous because it can override higher-priority task requirements, interfere with transparency, and systematically help users evade AI-content detection or attribution controls.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The reporting functions present AI-authorship scores and labels such as 'Heavily AI-generated' and 'The text looks human-written' without any disclaimer that the result is probabilistic and may be wrong. This can cause users or downstream systems to treat the output as definitive, leading to unfair moderation, false accusations, or overreliance in decision-making.

Natural-Language Policy Violations

Medium
Confidence
91% confidence
Finding
The statistical style tips explicitly recommend adding first-person perspective such as "I found" and "In my experience," which can encourage users to insert claims of personal experience or authorship that may be false. In a skill whose purpose is to humanize AI-generated text, this is more dangerous than in a generic style tool because it can facilitate deceptive impersonation and misrepresentation rather than merely improving readability.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal