Back to skill

Security audit

去AI痕迹

Security checks across malware telemetry and agentic risk

Overview

This skill openly rewrites AI-generated text to look human-written, which creates provenance and deception concerns, though it contains only markdown instructions and no executable code or network behavior.

Install only if you want a Chinese-language rewriting aid and are comfortable with its AI-authorship concealment focus. Do not use it for academic dishonesty, impersonation, undisclosed sponsored content, or situations where readers, employers, platforms, or policies require AI-use disclosure. The clean VirusTotal and static scan results reduce code-execution concern, but they do not remove the provenance-risk concern in the instructions themselves.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger phrases are broad, conversational, and overlap with normal user requests such as asking for help rewriting text. That can cause accidental invocation of this skill in contexts where the user did not explicitly intend to use a 'humanization' workflow, increasing the chance of misuse or policy-evasive rewriting without clear consent.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The skill content is entirely written as a Chinese-only persona specification and does not provide any language choice, fallback, or opt-in behavior. This can override user language expectations and reduce transparency or usability, especially in multilingual deployments where users may receive output in an unintended language.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The file is entirely written as a Chinese-only role prompt and does not provide any mechanism to preserve or adapt to the user's preferred language. In a multi-language agent environment, this can override user expectations, reduce transparency, and cause unsafe or misleading output if users cannot understand the rewritten content or policy-relevant nuances.

Natural-Language Policy Violations

Medium
Confidence
90% confidence
Finding
The file content is entirely in Chinese and defines role behavior, terminology, and examples only in Chinese, with no indication that output language should follow the user's preference or be configurable. This can cause unwanted language forcing, reducing usability and potentially leading to misunderstood instructions or inaccessible output for users who do not read Chinese.

Ssd 2

Medium
Confidence
97% confidence
Finding
The skill explicitly aims to rewrite AI-generated text so it appears human-written, including adding 'human imperfections' and removing recognizable AI markers. That is dangerous because it facilitates deception, evasion of AI-disclosure or provenance controls, and could be used to launder mass-generated content into seemingly authentic human authorship.

Ssd 4

Medium
Confidence
96% confidence
Finding
The workflow operationalizes deception by systematically selecting roles, applying shared techniques, and performing self-checks based on whether readers can distinguish it from AI writing. This structured process makes the skill more dangerous than generic paraphrasing because it is optimized to evade detection and produce convincing false signals of human authorship at scale.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.