Back to skill
Skillv0.1.0
VirusTotal security
Humanizer · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:02 AM
- Hash
- 09494d6c19f8586001705880bad15cf3deb8504cb5a1764afc0cc618dafd8edf
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: humanizer-2 Version: 0.1.0 The skill's core purpose of detecting and humanizing AI-generated text is benign. However, the `scripts/analyze.sh` and `scripts/humanize.sh` files contain shell injection vulnerabilities due to directly passing unsanitized command-line arguments (`"$@"`) to `node src/cli.js`. Additionally, `src/cli.js` uses `fs.readFileSync(flags.file, 'utf-8')` to read input, which could be vulnerable to path traversal if `flags.file` is controlled by an attacker without proper sanitization. While these are significant vulnerabilities, there is no evidence of intentional malicious behavior such as data exfiltration, unauthorized remote control, or persistence mechanisms within the code or documentation (including prompt instructions in `SKILL.md` and `README.md`).
- External report
- View on VirusTotal