Security audit

Blog Forge

Security checks across malware telemetry and agentic risk

Overview

This blog-writing skill mostly matches its stated purpose, but it should be reviewed because it advertises AI-detection evasion and can create drafts on connected publishing accounts.

Review before installing. Use it only for drafts you intend to inspect, do not use the humanization feature to mislead readers or bypass platform or institutional disclosure rules, and provide only revocable least-privilege API tokens for publishing. Avoid sending confidential topics or drafts to cloud model providers unless that data sharing is acceptable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (6)

Natural-Language Policy Violations

Medium

Confidence: 88% confidence
Finding: The README explicitly advertises an 'Anti-AI detection' capability, which suggests the tool is designed to help users evade AI-content detection systems. Even though this is documentation rather than executable code, promoting safeguard evasion increases misuse risk and signals potentially unsafe intended use for deceptive publishing workflows.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The publish() flow transmits user content and platform credentials to external services immediately, with no built-in confirmation, dry-run mode, or explicit disclosure. In an agent/skill context, this can cause unintended external publication or credential use if the caller invokes publish() on sensitive drafts or with the wrong target site.

Missing User Warnings

Medium

Confidence: 81% confidence
Finding: generate() sends user-supplied topic and generation instructions to Anthropic, OpenAI, or a local Ollama instance without any integrated notice or consent mechanism. In privacy-sensitive environments, users may unknowingly disclose confidential prompts or business information to third-party model providers, especially when the provider is selected indirectly through options.

Natural-Language Policy Violations

High

Confidence: 97% confidence
Finding: The skill explicitly implements content 'humanization' to reduce AI-detection signals, which is an evasion feature rather than a normal formatting aid. This is dangerous because it facilitates deception on downstream platforms, academic/professional fraud, policy circumvention, and trust abuse by making synthetic content harder to identify.

Ssd 2

Medium

Confidence: 95% confidence
Finding: The humanize() feature is explicitly described as reducing AI-detection signals, which is evasion-oriented functionality designed to conceal machine-generated origin. In the context of a publishing skill, this materially increases misuse risk for deceptive content, academic dishonesty, spam, and policy circumvention, even though it is not a traditional memory-corruption bug.

Ssd 2

Medium

Confidence: 95% confidence
Finding: The code and comments frame post-processing as a means to evade AI-detection heuristics, indicating deliberate support for stealthy synthetic-content laundering. In the context of a blog publishing tool, that increases misuse risk because the same workflow can mass-produce and publish deceptive content that appears more authentic to reviewers and automated controls.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.