ai-article-detector
v1.0.0AI Article Detector - Analyze article links and score AI writing probability (0-100). 100 means 100% likely AI-generated.
⭐ 0· 233·1 current·1 all-time
byEvan@evan-y25
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (AI Article Detector) aligns with the included code: ai-article-detector.js fetches a webpage, extracts text with jsdom and computes 8 statistical features to produce a 0–100 score. There are no unrelated requirements (no cloud creds, no system binaries).
Instruction Scope
SKILL.md simply instructs running node ai-article-detector.js <URL> and describes the 8-dimension analysis. The runtime will perform an HTTP GET of the provided URL (using node-fetch) and parse the returned HTML locally. This is expected for the stated purpose, but note the network fetch means the remote host will see your request (IP/User-Agent) and the code will retrieve arbitrary content you supply.
Install Mechanism
There is no packaged install spec; package.json lists dependencies (node-fetch and jsdom). Installing will pull these packages from the public npm registry (normal for Node.js tools). This is moderate risk by default because npm packages are third-party code — expected for this skill but worth reviewing or sandboxing before running.
Credentials
The skill requests no environment variables, no credentials, and no config paths. All data access is limited to the URL(s) you provide and local analysis — no unexplained secret access.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system settings, and is user-invocable only. It can be invoked autonomously by an agent (platform default) but that is not combined with other privilege escalation behaviors here.
Assessment
This skill appears to do what it claims: it fetches the article URL you give it and runs local statistical checks to produce a score. Before installing or running it: 1) be aware it will perform HTTP requests to whatever URL is provided — that reveals your agent's IP and User-Agent to the remote host and could be used to access internal endpoints if you pass internal URLs (SSRF-like risk if you supply internal addresses); 2) npm install will download dependencies from the public registry (review or sandbox if you distrust third-party packages); 3) the detector is heuristic/statistical — it can produce false positives and is not legal proof; 4) if you plan to allow autonomous agent invocation, consider restricting which URLs the agent may request or require explicit user confirmation before running the skill against arbitrary links.Like a lobster shell, security has layers — review code before you run it.
latestvk9774k8zb3e6174y5hzy16x7xx82qjss
License
MIT-0
Free to use, modify, and redistribute. No attribution required.