Skillv1.0.0

ClawScan security

Paper Polisher · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 29, 2026, 4:18 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files, requirements, and runtime instructions are internally consistent with its stated purpose (local AI-detection, paraphrase/denoising, terminology protection and reporting); there are no obvious requests for unrelated credentials, network calls, or install actions in the provided code and docs.
Guidance: The package appears coherent and self-contained: it includes a detector, n-gram analyzer, term list, synonyms, and report generator — all matching the described functionality. Before installing or using it, consider the following: - Data exfiltration risk: SKILL.md emphasizes local-only processing, and the Python scripts shown do not make network calls. However, the rewrite step uses prompt templates that rely on the agent's LLM. If your agent sends prompts to a remote model (e.g., OpenAI, Anthropic, etc.), your paper text will leave your machine. If you require true local-only processing, ensure the agent uses a local LLM or prevents outbound model API calls. - Academic/ethical risk: The skill is explicitly designed to reduce AI-detection scores and 'remove AI style'. Using it to evade detection may violate academic integrity or publisher policies. Make sure you understand and comply with relevant rules and ethics before using the tool on submitted work. - Code audit: The visible scripts only perform local analysis and file operations. One file (term_check.py) was present in the bundle but its full contents were not shown in the truncated listing — review that file for network calls or shell execution before running. Also scan the bundle for any calls to requests, urllib, socket, subprocess or os.system if you plan to run it in sensitive environments. - Data sensitivity: The terminology file contains medical terms and the tool is clearly targeted at biomedical/clinical texts. If your input contains unpublished patient data or other sensitive information, handle it according to your institutional/privacy rules and prefer local models only. - Operational hygiene: Run the scripts in a sandbox or isolated environment the first time; verify outputs; check licensing and provenance (source/homepage unknown). If you rely on the agent to perform rewriting, confirm which model and endpoint are used and whether logs are retained by that provider. If you want, I can: (a) scan the omitted file(s) (term_check.py and any remaining truncated files) for network or suspicious operations; (b) extract and summarize exact functions (detect API) so you can confirm behavior; or (c) produce a short checklist to safely run the skill in a local-only configuration.

Review Dimensions

Purpose & Capability: okName/description promise (detect AI traces, rewrite to remove AI style, reduce similarity, preserve terminology, generate reports) matches the provided files: detector, n-gram similarity, term list, synonyms, quality report, and SKILL.md prompt templates. The included data files (terminology, AI-pattern libraries, synonyms) are expected for this functionality.
Instruction Scope: noteSKILL.md gives concrete commands to run local scripts (ai_detector.py, term_check.py, ngram_similarity.py, quality_report.py) and provides rewrite prompt templates. This stays within the stated purpose. One important caveat: SKILL.md claims '纯本地运行 · 数据不出本机' (purely local), but the rewrite step depends on the agent/model invocation (prompt templates). Whether text leaves the machine depends on the agent's LLM backend configuration (local model vs. remote API). The instructions themselves do not call remote endpoints, but they do rely on the agent to run prompts through its model — verify your agent doesn't send sensitive content to a remote LLM if you need true local-only processing.
Install Mechanism: okNo install spec is provided (instruction-only plus shipped scripts). That minimizes installer risk; all code is included in the skill bundle and intended to be executed locally. No downloads, package installs, or unusual install paths are declared.
Credentials: okThe skill declares no required environment variables, no primary credential, and no config paths. The code shown performs local file I/O and pattern matching and does not reference environment secrets or unrelated services. This is proportionate to its purpose.
Persistence & Privilege: okalways:false (not forced into all agents). The skill does not request elevated or persistent system privileges and does not appear to modify other skills or global agent configuration. Autonomous invocation is allowed by default for skills but there are no extra privilege flags in this package.