Back to skill

Security audit

wechat-style-writer

Security checks across malware telemetry and agentic risk

Overview

This is a writing-style imitation skill with no executable malware, but it explicitly tells the agent to disguise AI-written text as human-written and includes under-scoped risky examples.

Review before installing. Use it only for content you own or are authorized to rewrite, avoid publishing outputs as if they came from the imitated author, remove or ignore the deliberate-error instructions, do not paste real API keys into prompts or files, and do not use the referenced scraping or workplace-monitoring examples unless you have clear permission and legal/privacy safeguards.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The skill explicitly instructs the agent to insert typos and punctuation mistakes so the output appears more human and less AI-generated. This is deceptive output shaping unrelated to legitimate rewriting quality and can facilitate provenance evasion, trust manipulation, and policy circumvention in downstream publishing contexts.

Context-Inappropriate Capability

Low
Confidence
89% confidence
Finding
The skill directs the model to perform an internal self-check and explicitly not disclose that process to the user. While private reasoning itself is normal, here it is coupled with hidden output shaping to mask AI characteristics, making the concealment part of a deceptive transformation objective rather than a benign quality-control step.

Vague Triggers

High
Confidence
95% confidence
Finding
The trigger condition is overly broad because it activates even when a user only asks to 'rewrite this article,' without clearly requesting style imitation. That can cause the skill to override user intent, pull in author-imitation behavior unnecessarily, and apply risky deceptive transformations in ordinary editing scenarios.

Natural-Language Policy Violations

High
Confidence
99% confidence
Finding
The skill plainly requires deliberate mistakes to make generated text look human-authored. This is a direct evasion tactic designed to reduce detectability of AI generation and is more dangerous in a public-content-writing skill because it operationalizes deceptive authorship mimicry at scale.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The example explicitly tells the user to collect third-party platform content and save titles, likes, body text, and links into an md file, but provides no warning about privacy, platform terms, copyright, or limits on handling scraped data. In a reusable skill/style reference, this normalizes data harvesting and storage practices that can lead users to capture personal or protected content without safeguards.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The document instructs users to set an environment variable with an API key using a literal 'sk-XXX' example but does not warn that the credential is secret and must not be exposed in prompts, logs, screenshots, or committed files. In agent-oriented content, this omission increases the chance users will paste real secrets into unsafe contexts or store them insecurely.

Ssd 1

Medium
Confidence
98% confidence
Finding
Taken together, the instructions aim to make output appear less like AI by simulating human errors and suppressing disclosure of the self-check process. In the context of a style-imitation publishing skill, this increases the risk of impersonation, misleading readers about authorship, and evading AI-origin scrutiny beyond legitimate editorial assistance.

Ssd 4

Medium
Confidence
94% confidence
Finding
The text gives step-by-step instructions to use a logged-in browser session to search, scroll, collect high-engagement posts from a third-party platform, and save the extracted data in bulk. This is more dangerous in this skill context because the file is a style exemplar for article rewriting, so the harvesting workflow is being presented as a repeatable, practical method to feed downstream content generation, encouraging scalable scraping and possible terms, privacy, and copyright violations.

Ssd 3

Medium
Confidence
93% confidence
Finding
The example normalizes continuous workplace image capture, periodic screenshotting, and AI-generated behavioral logging of identifiable people, including monitoring whether employees leave work. In a style-reference file, this can encourage the agent to reproduce or legitimize surveillance-heavy workflows without consent, which raises privacy, employment-monitoring, and data-protection risks.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.