Back to skill

Security audit

AI Text Humanizer

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it rewrites user-provided text through Claw0x/Gemini with a regex fallback, but users should treat submitted text as leaving their local environment.

Install only if you are comfortable sending the text you submit to Claw0x and potentially Gemini for processing. Do not submit secrets, regulated data, or confidential drafts unless those providers' terms are acceptable, and store API keys in a proper secret manager or environment variable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill clearly relies on environment secrets and outbound network access, but it does not explicitly declare those permissions in a structured way beyond metadata requirements. Undeclared capabilities reduce transparency for deployers and can cause agents to invoke a networked, secret-using skill without appropriate review or sandboxing.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill sends user-provided text to Claw0x and, on the primary path, to a server-side Gemini-backed LLM, but it does not prominently warn about privacy, retention, or third-party data handling for submitted content. Users may paste sensitive drafts, internal documents, or regulated data without realizing that the text leaves the local environment and may be processed by external providers.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The handler sends user-supplied text directly to Google's Gemini API for processing, which is a third-party network transmission of potentially sensitive content. There is no visible consent flow, warning, minimization, or configuration to prevent confidential user data from being exfiltrated outside the local service boundary, so users may unknowingly disclose private or regulated information.

External Transmission

Medium
Category
Data Exfiltration
Content
## API Call

```bash
curl -s -X POST https://claw0x.com/v1/call \
  -H "Authorization: Bearer $CLAW0X_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
91% confidence
Finding
curl -s -X POST https://claw0x.com/v1/call \ -H "Authorization: Bearer $CLAW0X_API_KEY" \ -H "Content-Type: application/json" \ -d

VirusTotal

53/53 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
handler.ts:12