v1.0.0

博客/公众号文章润色改写专家

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:15 AM.

Analysis

The skill is a coherent article-rewriting helper, but it can use a logged-in browser session to access pages, so users should review its scope before installing.

GuidanceInstall only if you are comfortable with the skill using web browsing, search, and helper tools for article processing. Be especially careful with private or logged-in pages: confirm the exact link/domain before allowing browser access, and do not provide confidential drafts or internal URLs unless that data sharing is acceptable.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Human-Agent Trust Exploitation

SeverityLowConfidenceHighStatusNote

SKILL.md

大幅降低文本相似度（目标<30%）... 去 AI 化润色 | `humanize-ai-text` | 消除 AI 痕迹

The skill explicitly aims to reduce similarity and remove AI-writing markers; this is disclosed and purpose-aligned, but it can affect reader trust or reuse rights if applied irresponsibly.

User impactUsers could produce text that appears less AI-generated or less similar to the source, which may create ethical, attribution, or copyright issues.

RecommendationRewrite only content you have rights to use, preserve required attribution, and disclose AI assistance where appropriate.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusConcern

references/rewriting-guidelines.md

如页面复杂（需要登录/JS 渲染），使用 browser 工具

The skill directs the agent to use a browser for pages that may require login, which can rely on authenticated session state; the artifacts do not clearly limit which sessions/domains may be used or require explicit approval before accessing authenticated content.

User impactThe agent could read and rewrite content from pages accessible through a logged-in browser session, including private, paywalled, or internal pages if the user provides such links.

RecommendationUse only public links unless you explicitly want the agent to access an authenticated page, and add a confirmation step or domain/session limits before using browser login state.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityLowConfidenceHighStatusNote

SKILL.md

链接内容抓取 | `web_fetch` / `browser` ... 事实核实 | `tavily-search` ... 去 AI 化处理 | `humanize-ai-text`

The workflow intentionally uses external browsing/search/helper tools, so URLs, extracted facts, or article text may be processed outside the immediate skill context.

User impactArticle links, factual claims, or text snippets may be shared with web/search/helper services during fetching, fact checking, or humanization.

RecommendationAvoid submitting confidential drafts, private URLs, or sensitive company information unless you are comfortable with those tools processing the content.