Skillv1.0.0

ClawScan security

Humanizer by JZ · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 1, 2026, 3:33 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requirements and runtime instructions are coherent with its stated purpose (editing text to remove AI writing patterns); it is instruction-only, requests no credentials, and has no install steps — though its allowed toolset could let an agent access files if misused.
Guidance: This skill appears internally consistent and low-risk: it only contains instructions for rewriting text and requests no secrets or installs. Things to consider before installing: (1) It encourages injecting personal voice and removing signs of AI writing — which can facilitate deceptive attribution, so avoid using it to impersonate others or to hide authorship where disclosure is required. (2) The skill's allowed-tools include file-read/search/edit capabilities; if you don't want an agent searching your workspace for drafts, ensure the platform's tool-scoping or permissions prevent filesystem access, or only invoke the skill with explicit text you paste into the prompt. (3) As always, avoid submitting sensitive or confidential text to the skill unless you trust how outputs will be stored or shared. If you want higher assurance, request the skill be limited to AskUserQuestion and Edit-on-provided-text only.

Review Dimensions

Purpose & Capability: okName and description align with the content of SKILL.md and README. The skill is an editor that finds AI-style patterns and rewrites text; nothing in the package asks for unrelated credentials, binaries, or external services.
Instruction Scope: noteSKILL.md contains focused, bounded instructions: identify AI patterns in provided text, rewrite while preserving meaning and voice, and add personality. It does not instruct the agent to read system config, environment variables, or exfiltrate data. However, the declared allowed-tools list (Read, Write, Edit, Grep, Glob) gives the agent ability to read and search files in the workspace — functionality not required by the plain-language 'When given text to humanize' flow. This is a minor scope expansion worth noting: if the agent is invoked autonomously it could use those tools to locate files unless the platform enforces tighter tool scoping.
Install Mechanism: okNo install spec and no code files — instruction-only. README suggests a user-side npx install command for convenience, but nothing in the skill will download or write code to disk during runtime. Low install risk.
Credentials: okThe skill declares no required environment variables, no credentials, and no config paths. That is proportionate to an editing-only skill.
Persistence & Privilege: okalways is false and the skill does not request persistent privileges or modify other skills/configs. The default ability for the agent to invoke the skill autonomously is present (disable-model-invocation: false) but is normal platform behavior and not, by itself, a problem for this skill.