Ai Writing Humanizer

Security checks across malware telemetry and agentic risk

Overview

This is a local text-rewriting skill that appears purpose-aligned and does not show exfiltration, persistence, or destructive behavior.

Install this if you want automatic help removing common AI-writing tells from prose. Review edits before sending, especially for legal, medical, academic, financial, quoted, or meaning-sensitive text, because the regex cleanup can remove words or structure that may matter.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 88% confidence
Finding: The skill instructs the agent to invoke a local script and read/write input and output files, but the skill metadata does not declare any permissions. That mismatch can bypass user/admin expectations about what the skill is allowed to access and increases the risk of unintended file access if the skill is auto-loaded or broadly applied.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The instruction to load this skill automatically for any user-facing prose longer than ~150 words is broad and ambiguous, causing the skill to activate in many contexts without clear user intent. Because the skill can rewrite outgoing content and invoke file-processing behavior, over-broad triggering creates unnecessary opportunities for unauthorized transformation of sensitive text or unexpected file operations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal