AI Paraphraser

Security checks across malware telemetry and agentic risk

Overview

This skill is technically low-risk to your device, but it is explicitly designed to help rewrite AI-generated text to evade AI-detection and integrity systems.

Review carefully before installing. This appears unlikely to compromise your device because it has no executable code, permissions, credentials, persistence, or network behavior, and VirusTotal was only pending telemetry. The main risk is integrity misuse: the skill is built to conceal AI-generated authorship from detector systems. Use only for transparent editing, clarity, and style improvement, and do not use it to bypass school, workplace, publisher, or platform rules.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (11)

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The invocation phrases are broad enough to activate on many ordinary writing-assistance requests, but in this skill they are embedded in a capability explicitly designed to make AI-generated text evade detection. That increases the chance the agent will route benign paraphrasing requests into a misuse-oriented workflow without adequate safeguards.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The description openly markets the skill as a way to bypass AI detectors, which directly facilitates concealment of AI authorship in contexts like school, publishing, or compliance review. The absence of warnings or restrictions makes the skill operationally aligned with misuse rather than neutral editing assistance.

Natural-Language Policy Violations

High

Confidence: 98% confidence
Finding: The guide explicitly maps paraphrasing modes to named AI-detection platforms such as Turnitin, GPTZero, and Originality.ai, which operationalizes evasion rather than neutral editing. In the context of a paraphrasing/de-AI skill, this materially increases the likelihood of academic fraud, policy circumvention, and deceptive provenance laundering.

Ssd 2

High

Confidence: 99% confidence
Finding: This section frames the core purpose as preserving meaning while removing the statistical signals detectors use, which is a direct evasion pattern rather than ordinary writing support. In context, the skill is not merely improving prose; it is instructing the agent to disguise machine-generated content so detection systems fail.

Ssd 2

High

Confidence: 98% confidence
Finding: The use-case triggers explicitly tell the model to engage when a user asks to 'humanize' text, 'make text pass AI detection,' or otherwise disguise AI origin. That creates a direct intake path for prohibited or deceptive use cases and makes the skill more dangerous because activation is centered on evasion intent itself.

Ssd 4

High

Confidence: 96% confidence
Finding: The workflow operationalizes evasion as a repeatable process: assess detection risk, choose stronger transformation modes, and progressively reshape text to reduce detectability. Stepwise optimization of concealment materially increases misuse potential because it lowers the effort needed to evade automated review systems.

Ssd 2

High

Confidence: 97% confidence
Finding: The quality checks define success as eliminating AI markers and re-running stronger rewrites until detection risk drops, which is explicit guidance for defeating detectors. This is dangerous because it turns the skill into an iterative evasion tool rather than a neutral paraphraser.

Ssd 2

Medium

Confidence: 93% confidence
Finding: The replacement table provides a curated mapping of phrases perceived as AI indicators to alternatives, enabling systematic masking of machine-writing signals. While less severe than the full workflow, it still serves as practical evasion guidance that can be directly applied to deceptive rewriting.

Ssd 2

High

Confidence: 98% confidence
Finding: The instruction to strengthen rewriting whenever detection risk remains explicitly encourages repeated concealment attempts until the text is less detectable. In context, this makes the skill more dangerous because it promotes persistence in defeating screening mechanisms rather than stopping at legitimate editing support.

Ssd 2

Medium

Confidence: 96% confidence
Finding: Across this section, the content repeatedly instructs users to remove 'AI traces,' alter rhythm, reorganize text, and choose modes based on how detectable the text appears, which is direct guidance for detector evasion. Because the skill is marketed as a 'de-AI tool,' the surrounding context makes the behavior more dangerous by clearly positioning it for concealment of AI authorship rather than ordinary revision.

Ssd 2

Medium

Confidence: 95% confidence
Finding: The 'Aggressive Mode' section recommends injecting irregular human writing characteristics, colloquialisms, and emphatic patterns to make text appear human-written, which is covert stylistic manipulation intended to disguise origin. While narrower than the broader detector-specific guidance, it still enables deception and can facilitate misuse in academic, professional, or compliance-sensitive settings.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal