Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Review Ai Writing
v1.0.0Detect AI-generated writing patterns in developer text — docs, docstrings, commit messages, PR descriptions, and code comments. Use when reviewing any text a...
⭐ 0· 13·1 current·1 all-time
byKevin Anderson@anderskev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the instructions: the skill scans repo prose, comments, commit messages, and PR descriptions for AI-style patterns. The provided pattern reference files are consistent with that purpose.
Instruction Scope
SKILL.md instructs the agent to run git commands, find files, read .beagle/llm-artifacts-review.json, call 'gh pr view --json body' for PR bodies, spawn parallel subagents via the Task tool, and load other skills. Those actions are within a repo-review scope, but the file references to external CLI (gh) and subagent spawning expand runtime behavior beyond a simple local text scan and are not fully declared.
Install Mechanism
Instruction-only skill with no install spec or code files — low install risk. Nothing is downloaded or written at install time beyond the later runtime write of a report into the repo.
Credentials
The skill declares no required environment variables or credentials, yet expects to use git and the GitHub CLI ('gh') which rely on local git repo access and optional gh authentication. The skill may read authenticated PR bodies via gh (which uses stored GitHub credentials) but does not declare or ask for that credential explicitly.
Persistence & Privilege
always is false and disable-model-invocation is true in the skill; it is user-invocable only. The only persistent artifact is a report written into .beagle/ai-writing-review.json in the repo — scoped to the project directory and not system-wide.
What to consider before installing
This skill appears to do what it says (scan repo text for AI-style writing) but has a few inconsistencies you should consider before installing or running it:
- Declared vs. actual runtime tools: SKILL.md expects to run git and the GitHub CLI ('gh') and to spawn subagents via a Task tool, but the skill metadata lists no required binaries. Ensure the environment you run this in has git/gh available and that you accept those tools being invoked.
- GitHub authentication: If you run this where the gh CLI is authenticated, the skill will be able to read PR descriptions and other data accessible to that account. If you don't want it to access PR bodies, run it in an environment without gh auth or avoid running the PR-scanning mode.
- File I/O: The skill will read repository files (including .beagle/llm-artifacts-review.json if present) and will write its report to .beagle/ai-writing-review.json. Review that output before committing or sharing it.
- Subagents and other skills: The workflow loads other skills (e.g., beagle-core:review-verification-protocol and possibly itself under a different namespace) and spawns subagents. Confirm you trust those other skills and your agent platform's Task tool, since they will process repository contents as well.
If you plan to use this skill, ask the provider to: (1) list required binaries (git, gh, find, etc.) in the metadata, (2) document exactly what other skills it loads and why, and (3) clarify any network or credential usage. If you cannot verify those, run it in an isolated environment or without gh authentication.Like a lobster shell, security has layers — review code before you run it.
latestvk971rkty1esymwba66t8mws6hs84jry6
License
MIT-0
Free to use, modify, and redistribute. No attribution required.