ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

AceToolz Word Counter

v1.0.1

Count words, characters, sentences, paragraphs, and reading time for any text using AceToolz.

0· 74·0 current·0 all-time
by@acetoolz
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the instructions: the SKILL.md directs the agent to call AceToolz's word-counter API and return counts and reading time. There are no unrelated environment variables, binaries, or install steps requested.
Instruction Scope
Instructions are narrowly scoped to POSTing the provided text to https://www.acetoolz.com/api/openclaw/word-counter using curl or PowerShell. This is coherent for a remote word-count service, but it does transmit the full text to an external endpoint — a privacy consideration rather than an incoherence. The skill does not instruct reading unrelated files or environment variables.
Install Mechanism
No install spec or code files are present (instruction-only). Nothing is written to disk or downloaded, which minimizes installation risk.
Credentials
The skill requests no environment variables, no credentials, and no config paths. That is proportionate for a public API endpoint that doesn't require authentication.
Persistence & Privilege
always is false and there is no indication the skill modifies agent/system configuration. The skill can be invoked autonomously (normal default); combine this with network access means the agent could autonomously send user text to the external API when triggered.
Scan Findings in Context
[no_regex_findings] expected: The regex-based scanner found nothing to analyze. This is expected because the skill is instruction-only (SKILL.md) and contains no code files.
Assessment
This skill appears to do exactly what it says: it sends the text you provide to AceToolz's word-counter API and returns counts and reading-time estimates. Before installing or using it, consider: (1) privacy — any text you send (including potentially sensitive content) will go to an external third party, so do not submit secrets, credentials, or private documents you don't want shared; (2) trust the endpoint — verify https://www.acetoolz.com is acceptable to you; (3) rate limits and size limits noted in SKILL.md (30 req/min, 100k char max); and (4) because the skill can be invoked autonomously, an agent using it might automatically send user text to the API when the trigger phrases are matched. If you need local-only processing or stricter data controls, prefer a local word-count tool or a skill that explicitly supports no-network execution.

Like a lobster shell, security has layers — review code before you run it.

acetoolzvk979n7hspxdtq5rr5df7r1bf998466rgcountervk97dx8q5j894a8rfq1f4nkstq584470jlatestvk979n7hspxdtq5rr5df7r1bf998466rgproductivityvk979n7hspxdtq5rr5df7r1bf998466rgtext-analysisvk979n7hspxdtq5rr5df7r1bf998466rgword-countervk979n7hspxdtq5rr5df7r1bf998466rgwritingvk979n7hspxdtq5rr5df7r1bf998466rg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔢 Clawdis

Comments