ai-article-detector
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill appears to match its stated purpose of fetching an article URL and locally scoring likely AI writing, with some normal cautions around network access, npm dependencies, and overconfident score interpretation.
This looks reasonable for checking public article links. Before installing, review the npm dependencies, avoid using it on private/internal URLs, and do not treat the AI probability score as definitive proof.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If pointed at private, internal, or unintended URLs, the skill may make requests the user did not mean to send.
The skill makes a network request to the URL provided for article detection. This is expected for its purpose, but users should recognize that it can retrieve arbitrary web pages when given a URL.
const response = await fetch(url, { ... });Use it only with intended public article URLs; consider URL allowlisting, request timeouts, and size limits if deploying it in a shared or automated environment.
Installing the skill may pull third-party package code from npm, and future installs may not be byte-for-byte identical.
The skill relies on external npm packages with semver range versions. This is normal for a Node.js URL parser, but dependency versions can change unless locked.
"dependencies": { "node-fetch": "^3.3.2", "jsdom": "^23.0.1" }Review dependencies before installation and prefer a lockfile or pinned versions for reproducible installs.
Users could over-rely on the score when judging authorship, submissions, or content quality.
The detector presents a numerical AI probability, which could be read as more definitive than a heuristic text analysis. The README does include limitations, so this is a user-interpretation note rather than a deception concern.
100 means 100% likely AI-generated.
Treat the score as a rough signal and combine it with human review, especially for moderation, employment, academic, or other consequential decisions.