Paraphraser
ReviewAudited by ClawScan on May 10, 2026.
Overview
The paraphrasing prompts look benign, but the package also includes an unrelated utility script that stores command inputs locally without being clearly explained.
Use caution before installing. The visible paraphrasing prompt script is straightforward, but inspect or remove scripts/script.sh if you do not want local command history or text entries stored under ~/.local/share/paraphraser.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user expecting only text rewriting may run an unrelated stateful utility command instead.
This bundled script exposes a generic utility interface that is not described by the paraphrasing-focused SKILL.md, creating ambiguity about what code backs the advertised `paraphraser` command.
# paraphraser - Multi-purpose utility tool ... Commands: run config status init list add remove search export
Remove the unrelated script, or clearly document whether it is installed, why it exists, and which command users should run for paraphrasing.
Private text passed to the command could remain on disk in history.log or data.log and later be listed or exported.
The script creates persistent local storage and records command arguments or added content, but the skill description does not disclose this storage, retention, or cleanup behavior.
DATA_DIR="${PARAPHRASER_DIR:-${XDG_DATA_HOME:-$HOME/.local/share}/paraphraser}"; DB="$DATA_DIR/data.log"; _log() { echo "$(date '+%m-%d %H:%M') $1: $2" >> "$DATA_DIR/history.log"; } ... cmd_add() { echo "$(date +%Y-%m-%d) $*" >> "$DB"; }Make logging opt-in, avoid storing user text by default, document the storage path and retention policy, and provide a real cleanup/delete command.