humanizer-zh

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Chinese text-rewriting skill with normal editing risks but no evidence of hidden code, data theft, persistence, or destructive behavior.

Install only from the intended repository, use it on documents you are comfortable rewriting, and review the rewritten text or diff before accepting changes. Do not use it to hide AI assistance in academic, professional, legal, publishing, or other contexts where disclosure is required.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 80% confidence
Finding: The skill has Write/Edit permissions and is designed to rewrite user text, but it does not clearly warn that it may directly modify or overwrite content. In practice, a user may invoke it expecting suggestions only and instead have source text changed in place, which can cause unintended loss of content, tone, or meaning.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal