Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Ai Humanizer.Bak
v1.0.0Humanize AI-generated text by detecting and removing patterns typical of LLM output. Rewrites text to sound natural, specific, and human. Uses 24 pattern det...
⭐ 0· 14·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name, description, SKILL.md, and included source code all focus on detecting and rewriting AI-style text — that is coherent. However, the package contains a full Node.js CLI (package.json, src/, scripts/) while the skill declares no required binaries or install steps; the skill expects Node >=18 but required binaries are listed as none. Also registry metadata (owner/slug/version) differs from embedded _meta.json/package.json values, which suggests the bundle may have been repackaged or renamed.
Instruction Scope
SKILL.md instructs the agent to detect 24 patterns, compute statistics, and rewrite text to preserve meaning and match tone. It does not ask the agent to read unrelated system files, access credentials, or transmit data to external endpoints. The scope is appropriate for a humanizer.
Install Mechanism
There is no install spec (instruction-only skill) which minimizes install-time risk. The repository files are included in the bundle; no remote downloads, URL shorteners, or extract-from-remote steps are present in the manifest. Running the included CLI would require npm/node, but that is a user action rather than an automatic installer in this bundle.
Credentials
The skill declares no required environment variables, credentials, or config paths. The code and SKILL.md do not reference secrets or external service tokens. This is proportionate for an offline text-analysis/humanization tool.
Persistence & Privilege
always:false and user-invocable:true. The skill does not request persistent privileges, does not modify other skills, and does not declare actions that would enable forced inclusion. Autonomous invocation is allowed by platform default but is not combined with other privilege escalations here.
What to consider before installing
This skill's stated purpose and its codebase align: it is a Node.js tool to detect and rewrite AI-like writing. Before installing or running it, check these things: 1) Packaging mismatches — the registry metadata (owner, slug, version) does not match the embedded _meta.json and package.json (different owner/slug and v2.1.0 in files vs registry v1.0.0). That can indicate a repackaged or stale bundle; ask the publisher where the code came from. 2) Runtime expectation — the code expects Node >=18 (package.json) but the skill declares no required binaries; make sure you only run the included scripts on a trusted machine and that Node is present. 3) Review the source before executing — although the provided excerpts show no network or credential access, you should scan src/ for any outbound network calls (fetch/http, child_process spawning of curl/wget, or hidden endpoints) and run tests in a sandbox if you plan to execute code. 4) If you only need the SKILL.md behavior, you can use it as an instruction-only skill without running the CLI; if you plan to run the CLI, prefer doing so in an isolated environment. 5) If the source author matters to you, verify the upstream GitHub repo and confirm that this bundle was published by the same owner. If you want, provide the full src directory and I can look for network calls, obfuscated code, or other red flags — that would raise confidence in the assessment.Like a lobster shell, security has layers — review code before you run it.
latestvk9765q1jy442cg3ap5ddgrmzj584gbja
License
MIT-0
Free to use, modify, and redistribute. No attribution required.