ClawHub

Operator Humanizer

Security checks across malware telemetry and agentic risk

Overview

This skill does not appear to steal data or run dangerous code, but it is explicitly designed to hide AI authorship and simulate human writing signals.

Install only if you want a writing-style tool and are comfortable reviewing its output carefully. Do not use it to impersonate a real person, hide AI authorship where disclosure is required, submit undisclosed academic or workplace work, or bypass platform authenticity rules.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Natural-Language Policy Violations

Medium
Confidence
76% confidence
Finding
The skill directs the model to impose a specific writing style automatically, even when the user may not have requested that transformation. That can override user intent, distort meaning, and make outputs deceptively more human-like, which is more concerning in this context because the stated purpose is to conceal AI-origin signals.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This section explicitly recommends 'strategic misspellings' and other human-like imperfections to make text appear more authentically human without warning about deception or disclosure. That creates a misuse path for impersonation, authenticity laundering, and evasion of provenance checks, especially when paired with the broader skill purpose of making AI text less detectable.

Ssd 2

Medium
Confidence
98% confidence
Finding
The cited passage endorses wording changes specifically in the context of detector performance and says writers will get better at evading detectors, normalizing an adversarial cat-and-mouse use case. In a skill whose stated purpose is to eliminate AI tells, this goes beyond harmless style guidance and directly supports circumvention of AI-content detection and authenticity controls.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal