Skillv1.0.0

ClawScan security

专业中文写稿助手 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 11, 2026, 3:55 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions match its stated purpose (paraphrasing, style imitation, copy optimization) but explicitly instruct behaviors aimed at lowering duplicate-detection (e.g., 100% wording replacement, paragraph reordering, target <30% duplication) without specifying how checks are done — this raises ethical/legal and misuse concerns and contains vague implementation steps.
Guidance: This skill appears to do what it claims (paraphrasing, style imitation), but it explicitly instructs behavior meant to reduce detection of copied text (reordering paragraphs, aggressive synonym substitution, aiming for <30% duplication). Before installing or using it, consider: (1) legal and ethical risks — rewriting third-party copyrighted material to evade plagiarism checks can violate copyright or institutional policies; (2) data sensitivity — do not submit private or copyrighted content without proper rights/consent; (3) technical limits — the skill gives no real mechanism for 'duplication checks' (no link to a plagiarism service), so similarity estimates will be heuristic and possibly inaccurate; (4) mitigation — if you proceed, require user confirmation that they own or have permission for any source text, and consider adding explicit safeguards (e.g., warnings about copyright, opt-in only for user-provided text, and integration with an explicit plagiarism-check API if real duplication measurement is needed). If you want a safer alternative, prefer tools that focus on quality editing and paraphrasing for permitted content rather than explicit plagiarism-evasion.

Review Dimensions

Purpose & Capability: okName, description, and included reference files (platform style guide, synonym library) align with the claimed capabilities (paraphrase/rewrite, style imitation, copy optimization). There are no unrelated binaries, env vars, or installs requested.
Instruction Scope: concernThe SKILL.md provides precise runtime instructions focused on aggressive paraphrasing: '100% replace wording', 'reorder paragraphs', 'avoid 5 consecutive identical characters', and 'ensure duplication rate <30%'. These instructions are coherent with the goal of producing low-similarity output, but they explicitly aim to evade duplicate-detection, which is an ethical/legal red flag. The instructions also reference a '查重校验' (duplication check) requirement but provide no mechanism or external service to perform that check, making the behavior vague and underspecified.
Install Mechanism: okInstruction-only skill with no install spec, no code files that execute, and no downloaded artifacts. This is the lowest install risk and consistent with a prompt/instruction-based skill.
Credentials: okNo environment variables, credentials, or config paths are requested. The skill does not ask for unrelated secrets or system access.
Persistence & Privilege: okThe skill does not request persistent/always-on presence (always:false) and does not modify other skills or system settings. Autonomous model invocation is allowed by default but not excessive here.