Back to skill
Skillv0.1.0
ClawScan security
Ai Content Detection · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 15, 2026, 8:51 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only guide for multi-modal AI-content detection whose requested resources and behavior are consistent with its stated purpose, but it relies on external tools/services and advanced forensic techniques that carry privacy and operational considerations.
- Guidance
- This skill is a thorough, coherent guide for detecting AI-generated/malicious content, but it is only instructions — it does not itself run tools or declare credentials. Before using: (1) Be careful about uploading sensitive content to third‑party detectors (GPTZero, Turnitin, online ELA sites) — check their privacy policies and obtain consent. (2) Many recommended analyses require local binaries or ML models (ExifTool, FFT/DCT tools, Wave2Vec2BERT, etc.) and domain expertise; verify whether your agent/runtime actually has these tools and capabilities. (3) Detection scores are probabilistic and can produce false positives; do not treat a single automated check as definitive evidence. (4) If you expect the skill to call external APIs, ask the skill author/operator which endpoints will be used and whether API keys or uploads are required. If you need to avoid data exfiltration, prefer local, offline forensic tools or redact sensitive fields before analysis.
- Findings
[no_static_findings_instruction_only] expected: The static regex scanner found no code or patterns because this is an instruction-only skill (SKILL.md only). That absence is expected and does not indicate absence of runtime privacy/operational risks if external tools are used.
Review Dimensions
- Purpose & Capability
- okThe name/description claim multi‑modal AI-detection and the SKILL.md contains extensive, modality-specific detection techniques and tool recommendations. It does not request unrelated credentials, system access, or installs, so the declared footprint matches the described purpose.
- Instruction Scope
- noteInstructions describe many concrete forensic analyses (ELA, FFT/DCT, Mel spectrograms, AV-sync checks, C2PA/content credentials, ExifTool, Wave2Vec2BERT, etc.). The doc does not itself execute code but recommends using third‑party services and specialized tools — using those would send user content externally or require local binaries the agent may not have. The SKILL.md lacks explicit privacy/consent guidance for uploading sensitive material and assumes availability/expertise for advanced tooling.
- Install Mechanism
- okNo install specification or code files are present (instruction-only), so nothing is written to disk or fetched during install. This is the lowest-risk install model.
- Credentials
- noteThe skill declares no environment variables or credentials, which is proportional to an instruction-only guide. However, it references services (e.g., GPTZero, Turnitin) and tools that in practice require API keys, accounts, or local binaries; those are not declared. If the agent invokes such services, credentials and data transfer are a user concern but are not part of this skill's declared requirements.
- Persistence & Privilege
- okalways is false and there are no instructions that modify agent/system configuration or other skills. The skill does not request persistent privileges.