Back to skill

Security audit

Ai-Deodorizer

Security checks across malware telemetry and agentic risk

Overview

The skill appears to do what it advertises, but users should know it sends text to MiniMax and may make AI authorship less transparent.

Use this only for text you are allowed to send to MiniMax or the configured API provider, and avoid confidential, regulated, academic, legal, or authorship-sensitive documents unless that use is permitted. Review outputs carefully because the prompts may add voice, opinions, or first-person framing that changes how the text is represented.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Tainted flow: 'url' from os.environ.get (line 131, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
}

    try:
        response = requests.post(url, headers=headers, json=payload, timeout=120)
    except requests.exceptions.Timeout:
        raise RuntimeError("API 请求超时(超过120秒),请检查网络连接后重试。")
    except requests.exceptions.ConnectionError:
Confidence
95% confidence
Finding
response = requests.post(url, headers=headers, json=payload, timeout=120)

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The second-round prompt explicitly tells the model to add opinions, attitude, first-person voice, and even some intentional 'messiness,' which conflicts with the first-round constraint not to add the model's own views or change the factual stance. In a text-rewriting skill, this can cause unauthorized content drift, fabrication of personal perspective, and alteration of tone or implied authorship, making the output misleading or unsuitable for professional, legal, or academic contexts.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README instructs users to supply text to a third-party MiniMax API but does not clearly warn that submitted content may leave the local environment and be processed by an external provider. Because this skill is specifically designed to accept arbitrary user-written drafts, the missing privacy and data-handling disclosure increases the risk that users will unknowingly send sensitive business, academic, or personal content to a remote service.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The activation description is broad enough to match many ordinary writing requests, which can cause the skill to trigger outside narrowly intended contexts. In this case, the skill is designed to remove AI-writing indicators and explicitly make text appear human-written, which increases misuse risk for academic dishonesty, policy evasion, or deception about authorship.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The usage examples normalize a short, generic trigger phrase that can be embedded into many benign writing interactions, making unintentional invocation more likely. Because the skill's purpose is concealment of AI-generation signals rather than ordinary editing alone, loose triggering materially raises the chance of deceptive or policy-violating use.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The tool transmits the user's provided text to an external LLM service, but the CLI does not present any explicit notice or confirmation about third-party data transfer. In a skill designed to process arbitrary drafts, that text may contain confidential, regulated, or personal information, so silent transmission creates a real privacy and compliance risk.

Ssd 2

Medium
Confidence
86% confidence
Finding
The prompts explicitly aim to make output 'obviously no longer look AI-written' by adding human-signaling traits, which can facilitate evasion of AI-origin detection and laundering of policy-sensitive or deceptive content. In the context of a de-AI/humanization skill, this risk is elevated because concealment of provenance is the stated function, not an incidental side effect.

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.