ClawHub
Back to skill

Security audit

Humanizer Xiaoshu

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed text-editing skill, not a code-running or data-accessing skill, but users should review outputs because it can change voice and perceived authorship.

Install this only if you want a style editor that may substantially rewrite text to sound less AI-like. Review changes for accuracy, tone, and voice, and avoid using it in academic, legal, journalistic, hiring, review, or compliance contexts where hiding AI assistance or changing perceived authorship would be misleading.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Natural-Language Policy Violations

Medium
Confidence
91% confidence
Finding
The skill explicitly instructs the assistant to add opinions, first-person perspective, humor, and 'personality' even when the user may only want stylistic cleanup. That can materially alter authorship signals, tone, and substantive intent, creating a misalignment between user request and output that is risky in professional, academic, or compliance-sensitive contexts.

Missing User Warnings

Low
Confidence
83% confidence
Finding
The skill says it will 'preserve meaning' and 'maintain voice,' but it also directs broad rewrites and later encourages adding 'soul' and personality. Without an upfront warning that rewriting may change voice, framing, or implied intent, users may unknowingly apply it to sensitive text and receive output that no longer faithfully represents the original.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.