Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Document Spell Check
v1.0.0Detect and automatically fix spelling errors in Markdown, plain text, and documentation files with support for custom dictionaries and batch processing.
⭐ 0· 330·2 current·2 all-time
byAndy Tien@linux2010
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The stated purpose (spell checking/fixing Markdown and text files) aligns with the script's functionality (aspell-based checks, simple auto-fixes). However SKILL.md promises additional features — Git atomic commits, rollbacks, respecting .gitignore, comprehensive contextual fixes, CI-friendly output, and extensive integration options — that are not implemented in the provided scripts. The README-level claims are therefore disproportionate to the actual code.
Instruction Scope
The bash script recursively scans and can modify files (fix mode). It also attempts to auto-install aspell using brew or sudo apt-get, which requires package management and potentially sudo credentials. The SKILL.md claims to 'respect .gitignore' and provide 'atomic git commits' and rollback support, but the script does not read .gitignore, does not perform any git operations, and only uses a temporary file/cp/mv for basic backup—so the documented runtime behavior and actual instructions diverge. The script will modify files in-place unless --dry-run is used, so running it without review risks unintended changes.
Install Mechanism
There is no formal install spec, but the script attempts an in-band install of aspell at runtime via brew or sudo apt-get. This is an implicit install mechanism that invokes system package managers (and sudo) — higher-risk than pure instruction-only behavior because it may prompt for credentials and change system state.
Credentials
The skill does not request environment variables, credentials, or config paths. No secrets are required. The script uses standard filesystem and calls to system utilities only.
Persistence & Privilege
always is false and the skill does not request persistent system-wide configuration or attempt to modify other skills. It does not register itself or require permanent presence.
What to consider before installing
This skill is a simple spellchecker script but the documentation overstates features. Before installing or running it: 1) Inspect the script yourself (it will traverse directories and modify files in fix mode). 2) Run only in 'check' or '--dry-run' initially and test on a small copy of your repo. 3) Be aware the script will try to install aspell automatically via brew or sudo apt-get (it may prompt for a password); do not run with elevated privileges unless you trust and reviewed the code. 4) Note the script's sed commands and usage of 'sed -i ''', and word-boundary usage, may be incompatible with your platform (macOS vs GNU sed) and the naive regex replacements may behave unexpectedly—verify behavior on sample files. 5) The SKILL.md promises git commits, rollback, .gitignore respect, and richer integrations that are not implemented; if you need those features, do not rely on this script without modifying it. If you want to proceed, run the tool in dry-run, commit your repository first, or run against a copy until you are satisfied with its behavior.Like a lobster shell, security has layers — review code before you run it.
documentationvk97ee48xqpakkqt79ntfbbghw5824xn5latestvk97ee48xqpakkqt79ntfbbghw5824xn5markdownvk97ee48xqpakkqt79ntfbbghw5824xn5spellcheckvk97ee48xqpakkqt79ntfbbghw5824xn5
License
MIT-0
Free to use, modify, and redistribute. No attribution required.