ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Humanizer Pro

v2.1.1

Remove signs of AI-generated writing from text. Use when editing or reviewing text to make it sound more natural and human-written. Based on Wikipedia's comp...

0· 59·0 current·0 all-time
by@dannybrcbrown·duplicate of @lion504/humanizer-1-0-0
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, README, and SKILL.md all describe the same purpose (detecting/removing AI-writing patterns and injecting 'voice'). The skill requests no binaries, env vars, or installs, which is proportionate. However, the included _meta.json file conflicts with the registry metadata (different ownerId and version), and the README references installing via 'clawdhub install humanizer' despite 'Source: unknown' and no homepage — this mismatch suggests sloppy or inconsistent packaging that should be verified.
Instruction Scope
SKILL.md is focused and scoped to receiving text and rewriting it; it does not instruct the agent to read system files or environment variables. That said, the declared allowed-tools include Read, Write, Edit, Grep, and Glob — tools that could be used to search or modify workspace files. The instructions themselves do not direct arbitrary file/system access, but the tool set gives the agent the capability to do so if invoked with those privileges, which raises a privacy consideration when processing sensitive text.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so nothing will be downloaded or written during installation. That minimizes install-time risk.
Credentials
The skill requests no environment variables, secrets, or external credentials — proportionate to the stated function of editing text.
Persistence & Privilege
always is false and there is no install script or behavior that would grant permanent system presence or modify other skills. Autonomous invocation is allowed (platform default) but not combined with other high-risk indicators.
What to consider before installing
This skill's behavior (editing text to sound more 'human') is coherent and doesn't ask for secrets, but take two practical precautions before installing: 1) Verify the publisher and package integrity — the embedded _meta.json ownerId/version do not match the registry metadata and the source/homepage are missing, which can indicate sloppy packaging or an uploaded copy; confirm you trust the listed owner (or prefer a skill with a verifiable homepage or repo). 2) Limit what you send to the skill — avoid pasting sensitive personal, financial, or proprietary text because the allowed tools (Read/Grep/Glob) could be used to access other files if the agent is given broader workspace permissions. If you need higher assurance, ask the publisher for a canonical source (GitHub release or official homepage) or use a locally-audited implementation.

Like a lobster shell, security has layers — review code before you run it.

latestvk979a5c611h951x71nt3ram2t583g13d

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments