Trust Assessment
humanizer received a trust score of 40/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 7 findings: 0 critical, 2 high, 4 medium, and 1 low severity. Key findings include Unsafe deserialization / dynamic eval, Unpinned npm dependency version, Node lockfile missing.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 64/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings7
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/brandonwise/ai-humanizer/src/patterns.js:34 | |
| HIGH | Arbitrary File Read via CLI File Argument The `src/cli.js` script is designed to read content from a file specified by the `--file` (or `-f`) argument, and potentially a `--config` file. The parsed `flags.file` and `flags.config` values are likely passed directly to `fs.readFileSync` (or similar file reading function) without sufficient sanitization or path validation. This allows an attacker to read arbitrary files on the system (e.g., `/etc/passwd`, `../../sensitive_data.txt`) if the AI agent is instructed to invoke this skill with user-controlled input for the file argument. Implement robust input validation and sanitization for file paths provided via command-line arguments. Restrict file access to a designated directory or use an allowlist of acceptable file types/locations. Consider using a sandboxed environment for file operations if arbitrary file paths must be supported. | LLM | src/cli.js | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/brandonwise/ai-humanizer/src/analyzer.js:40 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/brandonwise/ai-humanizer/src/patterns.js:11 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/brandonwise/ai-humanizer/src/patterns.js:422 | |
| MEDIUM | Unpinned npm dependency version Dependency '@eslint/js' is not pinned to an exact version ('^9.39.2'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/brandonwise/ai-humanizer/package.json | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/brandonwise/ai-humanizer/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/d87a796d5b8113e0)
Powered by SkillShield