Humanize Chinese

Security checks across malware telemetry and agentic risk

Overview

This is a local Chinese rewriting tool with no clear malware behavior, but it is explicitly built to lower AI/AIGC detection scores, including for academic papers.

Review carefully before installing. Use only for legitimate local editing where disclosure and policy compliance are maintained, not to conceal AI authorship or bypass school, publisher, employer, or platform detection rules. If used, run it only on intended files, choose output paths carefully, and manually check rewritten text for meaning, citation, and accuracy changes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (15)

Description-Behavior Mismatch

Medium

Confidence: 97% confidence
Finding: This is a real vulnerability. The code explicitly describes and applies "perplexity-boosting" and "noise injection" to make academic text look less machine-generated, which directly enables evasion of downstream AI-content detectors rather than ordinary editing. In the context of an academic humanizer marketed for lowering AIGC detection rates, these features materially facilitate academic fraud and misuse.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger list is very broad and includes common writing-assistance phrases such as '文本改写', 'humanize text', and 'make text human-like'. That increases the chance of accidental invocation in benign editing contexts, exposing users to a skill whose core purpose is detection evasion rather than ordinary writing help.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The script writes to the user-supplied output path with no confirmation, backup, or overwrite protection. This can cause unintended data loss or clobber important files, especially when used in automated workflows or by an agent that passes paths on the user's behalf.

Ssd 2

Medium

Confidence: 96% confidence
Finding: The README explicitly markets the tool for reducing AIGC detection rates in academic submissions and helping AI-generated text appear human-written. In skill context, this is dangerous because it facilitates deception, academic misconduct, and bypass of institutional integrity controls rather than legitimate editing assistance.

Ssd 2

Medium

Confidence: 95% confidence
Finding: The examples and feature descriptions emphasize lowering AI scores, maximizing 'human-like' unpredictability, and validating improved evasion after rewriting. That materially enables users to optimize text against AI detectors, making the skill more dangerous in this context because the skill metadata and README consistently frame evasion as a success criterion.

Ssd 2

High

Confidence: 99% confidence
Finding: The skill is explicitly marketed for reducing AIGC/AI-detection scores, including academic contexts and named screening systems such as CNKI/VIP/Wanfang. That is not neutral editing assistance; it is capability designed to help users conceal AI authorship and bypass institutional integrity controls.

Ssd 4

High

Confidence: 98% confidence
Finding: The documented workflow operationalizes evasion as a repeatable loop: detect signals, rewrite, validate, and iterate. This materially increases misuse because it gives users a procedural playbook to optimize text until it falls below detector thresholds.

Ssd 4

High

Confidence: 99% confidence
Finding: The LLM guidance provides detailed manual instructions for making text appear less AI-written, including identifying detector signals and systematically altering them. Because it can be used without the CLI, it broadens the evasion capability from a tool into a general-purpose prompt recipe.

Ssd 2

Medium

Confidence: 96% confidence
Finding: Although phrased as stylistic editing, the instructions explicitly target making text feel more human and reducing scores below thresholds. That framing turns otherwise ordinary rewriting tactics into a concealment aid for defeating AI-authorship screening.

Ssd 2

High

Confidence: 99% confidence
Finding: The academic section is especially dangerous because it gives domain-specific tactics for making AI-authored papers harder to detect in scholarly review, including hedging injection, structural variation, and detector-oriented rewriting. In an academic context, this directly facilitates misconduct and undermines integrity controls used by institutions and publishers.

Ssd 4

High

Confidence: 99% confidence
Finding: The explicit target scores ('降到 25 分以下', '降到 30 分以下') create a measurable success condition for bypassing detectors. This converts the skill from general rewriting into an optimization system for evasion, making abuse easier and more reliable.

Ssd 2

High

Confidence: 99% confidence
Finding: This is a true vulnerability because the tool is explicitly designed to paraphrase and humanize academic text to evade AI-generated-content detection. In an academic setting, that functionality directly supports deceptive submission practices, undermines integrity controls, and can be operationalized at scale by an agent.

Ssd 2

High

Confidence: 99% confidence
Finding: The replacement-selection logic chooses candidates based on maximizing perplexity so the text appears more human and less predictable to detectors. That is not neutral rewriting; it is targeted optimization against detection heuristics, making the skill especially dangerous because it automates adversarial adaptation.

Ssd 4

High

Confidence: 98% confidence
Finding: The humanization pipeline chains multiple transformations—phrase replacement, connector reduction, author voice insertion, hedging injection, structure breaking, and sentence shortening—to cumulatively reduce detector-visible regularity. In context, this multi-stage workflow is purpose-built to defeat AIGC detection, increasing effectiveness and making misuse more scalable.

Ssd 2

High

Confidence: 99% confidence
Finding: The code explicitly labels noise injection and sentence-length randomization as strategies to boost perplexity and reduce regularity, which are classic detector-evasion tactics. Because these are automated and configurable, they strengthen the tool's ability to conceal machine-generated authorship rather than simply improve prose.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal