Skillv1.0.0

ClawScan security

Humanizer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 7, 2026, 1:42 PM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: An instruction-only editor that matches its stated purpose and requests no credentials or installs; main risk is that its rewriting guidance encourages adding opinion/voice which can introduce hallucinated or altered facts.
Guidance: This skill is internally consistent and low-risk to install because it's instruction-only and asks for no credentials. Things to consider before using: 1) The skill encourages adding opinions, first-person voice, and specificity — that can cause the editor to insert new, potentially unverifiable facts or subjective claims. If you need to preserve factual accuracy, instruct the skill explicitly not to invent facts and to flag uncertain points instead. 2) Because it can read/write text (Read/Write/Edit), avoid running it on sensitive documents unless you trust the agent session; test it first on non-sensitive samples. 3) The skill source is unknown and has no homepage; although this alone isn't a security problem for an instruction-only skill, it reduces auditability—review outputs carefully. 4) If you want stricter behavior, add usage constraints in the prompt (e.g., "do not add facts or dates not present in the original text; mark any necessary additions as speculative").

Purpose & Capability: okName, description, and runtime instructions all align: the skill is an editor that detects and rewrites AI-like phrasing. It declares no binaries, env vars, or installs, which is proportionate to an editing task.
Instruction Scope: noteInstructions stay within editing: scanning for patterns, rewriting, preserving meaning, and matching voice. However, the guide explicitly instructs the model to 'add soul', take positions, use first person, and be specific — behaviors that can introduce new content, opinions, or unverified details and therefore can change factual accuracy. The SKILL.md also prescribes an internal prompt loop for a final anti-AI pass; that is self-contained and not an external exfiltration vector.
Install Mechanism: okNo install spec and no code files (instruction-only). This is lowest-risk from an installation perspective since nothing is downloaded or written by the installer.
Credentials: okThe skill requests no environment variables, credentials, or config paths. Allowed-tools (Read, Write, Edit, Grep, Glob, AskUserQuestion) are reasonable for a text-editing skill but imply file read/write capability only when used; that is proportionate for editing tasks.
Persistence & Privilege: okalways is false and no special privileges are requested. Autonomous invocation is allowed (platform default) but the skill does not request permanent presence or elevated access to other skills/configuration.