Skillv1.0.0

ClawScan security

Text Detection · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 21, 2026, 5:36 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions match its stated purpose (AI-text detection) but conflict with its published metadata and ask users/agents to run npm installs of unverified packages with no source/homepage — this mismatch and runtime install requirement is suspicious and warrants caution.
Guidance: This skill appears to do what it says (detect AI-generated text), but its SKILL.md expects the agent/operator to run npm installs of several @clawhub packages while the published metadata lists no install requirements or source/homepage. Before installing or enabling this skill: 1) Ask the publisher for source repositories or package URLs and verify the npm packages (@clawhub/*) exist and are trustworthy. 2) Confirm whether your agent environment permits npm installs and whether those installs are sandboxed — avoid running unvetted npm installs on production hosts. 3) Prefer a skill that provides an explicit install specification and verified package origins (GitHub releases, official project pages). 4) If you must test it, run it in an isolated sandbox/container and inspect the installed packages (review package.json, postinstall scripts) before granting broader access. 5) If you cannot verify package provenance, treat the runtime npm install requirement as a significant risk and do not enable the skill on sensitive systems.

Review Dimensions

Purpose & Capability: okThe name and description (text/AI-generated detection) align with the components the SKILL.md lists: NLP toolkit, GPT-pattern analyzer, pattern matcher, classifiers, hashing and optional fact-checker. The listed capabilities (perplexity, pattern matching, classifier integration) are coherent with a text-detection skill.
Instruction Scope: concernSKILL.md explicitly instructs the agent/operator to run npm install commands and import runtime packages (e.g., npm install @clawhub/nlp-toolkit). It does not instruct reading unrelated files or secrets, but it assumes the runtime can install and import node packages and execute JS. The instructions also refer to configuration and caching, but provide no runtime sandboxing guidance. Because the registry metadata lists no required binaries or install steps, this discrepancy is concerning: the instructions expect npm access but the skill metadata claims nothing is required.
Install Mechanism: concernThere is no install spec in the registry (instruction-only), yet the SKILL.md directs installing multiple npm packages from an unverified @clawhub scope. That implies runtime downloads and code execution from the public npm registry (or other npm sources). The skill lacks source/homepage and package provenance, increasing risk: npm packages can contain arbitrary code. This is higher-risk than a purely instruction-only skill that does not call network/package installs.
Credentials: okThe skill declares no required environment variables, credentials, or config paths, and SKILL.md does not ask for secrets or unrelated system credentials. The absence of declared env/credentials is proportionate to the stated purpose. However, the SKILL.md's implicit need for npm and caching/storage access (to store downloaded packages and caches) is an un-declared resource requirement.
Persistence & Privilege: notealways is false and autonomous invocation is allowed by default (normal). The SKILL.md does not request persistent modification of system or other skills' configuration. However, because it instructs npm installs at runtime, it could cause persistent files (node_modules, caches) to be written to disk — this is not explicitly declared in the metadata and is worth noting.