Skillv2.1.0

ClawScan security

Humanize Chinese · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 9, 2026, 3:32 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and requirements are coherent with its stated purpose (detecting and rewriting 'AI-flavored' Chinese text); it operates locally on files and doesn't request unrelated credentials or network access.
Guidance: This skill appears to do what it says: local detection and rewrite of Chinese text using the included scripts and patterns. Before installing or running it, consider: 1) The SKILL.md uses a hard-coded installation path (~/.openclaw/skills/humanize-chinese-2-0-0) and there is a small version/ownerId mismatch in metadata — confirm the actual file path or update the commands. 2) The humanizer may insert fake-looking specifics (e.g., invented study citations) to make text feel more 'human' — review outputs for factual accuracy. 3) Run the scripts on non-sensitive text first (they are deterministic/non-networked but include randomness) and inspect patterns_cn.json if you want to customize what gets detected/replaced. 4) Because the skill executes local Python scripts (exec allowed in SKILL.md), only install/run it from a source you trust; if you cannot verify the source, run it in a sandboxed environment.

Review Dimensions

Purpose & Capability: okName/description match the included scripts: detection, comparison, style transforms, and humanization. The declared lack of required env vars/credentials is consistent with local text-processing functionality. One minor mismatch: SKILL.md and scripts reference a specific install path (~/.openclaw/skills/humanize-chinese-2-0-0) and the _meta.json/registry metadata show version 2.1.0 / different ownerId — this looks like a packaging/path/version inconsistency, not a security issue, but it may break the exact commands in SKILL.md unless the skill is installed to that path.
Instruction Scope: noteRuntime instructions explicitly run the included Python scripts via exec and read/write local files (stdin/stdout and optional output files). The scripts only operate on local text and the shipped patterns JSON. They do not read unrelated system config paths or environment variables, nor do they call external network endpoints. Note: the tool will insert fabricated-looking concrete details (e.g., templated 'XX 在2024年...' replacements) as part of humanization—this is a behavioral risk (possible introduction of invented citations), not a covert exfiltration issue.
Install Mechanism: okNo install spec (instruction-only) and included code files run locally. There are no downloads or external installers, so no high-risk install behavior. The SKILL.md assumes files live under a hard-coded ~/.openclaw path which may not match actual install location; that is a usability/consistency issue rather than an installation security risk.
Credentials: okThe skill requests no environment variables, no credentials, and no config paths beyond its own patterns_cn.json. That is proportionate for a purely local text-processing tool.
Persistence & Privilege: okalways is false and the skill does not request any elevated persistence or attempt to alter other skills or global agent settings. It performs file I/O only on user-specified inputs/outputs and its own pattern file.