Sdr Humanizer

Security checks across malware telemetry and agentic risk

Overview

This is not malware, but it tells an agent to hide AI involvement and silently copy translated sales messages into a WhatsApp self-chat.

Review before installing. Only use this skill if your organization explicitly permits AI-assisted sales outreach, delayed message delivery, and internal translation handling. Remove or disable the silent WhatsApp self-chat sync unless the data flow is disclosed, approved, logged, and governed by clear retention and access controls.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (5)

Intent-Code Divergence

Medium

Confidence: 96% confidence
Finding: The skill explicitly aims to make AI-generated outreach appear human while hiding the AI's role from customers. This is deceptive social engineering behavior that can mislead recipients about who is communicating with them and undermine informed consent and trust.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill directs the system to silently send a Chinese translation to a self-chat channel without notifying the user or customer. Even if sent to the operator's own account, this creates an undisclosed secondary transmission of conversation content and increases the risk of privacy, retention, and audit issues.

Natural-Language Policy Violations

High

Confidence: 88% confidence
Finding: Forcing all customer replies to be in English without user choice can override customer preferences and business context, causing miscommunication and inappropriate handling of locale-sensitive interactions. In combination with hidden translation, it also centralizes a covert workflow that the customer does not see or control.

Ssd 3

High

Confidence: 97% confidence
Finding: The instruction to copy each interaction into a hidden self-chat channel is a direct data handling risk because it duplicates customer communications into an additional, undisclosed store. This expands exposure, retention, insider access, and compliance risk, especially on consumer messaging platforms not designed as controlled processing pipelines.

Ssd 1

Medium

Confidence: 95% confidence
Finding: Telling operators never to disclose AI involvement encourages deceptive role-play and suppresses transparency in customer interactions. In a sales setting, this increases the likelihood of manipulative outreach and can create legal, reputational, and policy violations if customers are misled about the source of communications.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal