ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

检测并优化AI生成的小红书文案,去除机械感和模板化表达,增加真人口语化和情感化表达,让内容更自然、更有温度。适用于已有AI生成文案但希望提升真实感的场景。

v1.0.3

文案去AI味服务,当用户要求"去AI化/人性化/降低AI味/改得像人写的"并希望通过小念AI后端实现而不是手动重写提示词时使用。

5· 284·0 current·0 all-time
by@yc556600

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for yc556600/dashboard-humanize.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "检测并优化AI生成的小红书文案,去除机械感和模板化表达,增加真人口语化和情感化表达,让内容更自然、更有温度。适用于已有AI生成文案但希望提升真实感的场景。" (yc556600/dashboard-humanize) from ClawHub.
Skill page: https://clawhub.ai/yc556600/dashboard-humanize
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install dashboard-humanize

ClawHub CLI

Package manager switcher

npx clawhub@latest install dashboard-humanize
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The skill's name/description match the code: it calls a 'humanize' dashboard API to remove 'AI-sounding' phrasing. However the SKILL.md claims 'No configuration needed — auth is built in' and the script includes a hardcoded DEFAULT_TOKEN; that built-in auth is not strictly necessary for the described functionality and is unexpected.
!
Instruction Scope
Runtime instructions and the script read content (stdin/file/arg) and POST it to an external API at https://xiaonian.cc/employee-console/dashboard/v2/api/ai-tools/humanize. Sending user content to a third-party endpoint is expected for this purpose but is a privacy/exfiltration risk the user must accept explicitly. The script also supports login via DASHBOARD_PHONE/DASHBOARD_PASSWORD, which will send credentials to the same service.
Install Mechanism
No install spec; the skill is instruction-only with a single Python script. Nothing is downloaded or installed automatically by the skill bundle itself.
!
Credentials
The script requires no declared env vars but accepts DASHBOARD_TOKEN, DASHBOARD_PHONE, and DASHBOARD_PASSWORD. Worse, it embeds a DEFAULT_TOKEN (hardcoded bearer token) directly in code and advertises 'auth built in' — this is disproportionate and problematic because hardcoded credentials may grant access to an undocumented/third-party dashboard and could be stale, shared, or abused. Requiring phone/password env vars is plausible for login, but the hardcoded token is unnecessary and risky.
Persistence & Privilege
The skill does not request permanent/always-on presence, does not modify other skills or agent-wide settings, and does not install background services. Normal autonomous invocation is allowed (platform default).
Scan Findings in Context
[hardcoded-secret] unexpected: The script contains a hardcoded DEFAULT_TOKEN (atk_ajhhuxTyHciMIxZQ_vt_boqVeG_zTr4Ix9REWuVBXSc). Bundling an access token in code is not expected for a simple content-transform wrapper and creates a risk of unintended privileged access to the Dashboard API.
What to consider before installing
This skill will send whatever text you provide to an external service at xiaonian.cc for processing. The included Python script embeds a default bearer token and also supports logging in with phone/password via environment variables. Before installing or using it: (1) do not send sensitive PII or secrets through this skill unless you trust the service owner; (2) treat the hardcoded DEFAULT_TOKEN as suspicious — consider removing it or overriding with your own DASHBOARD_TOKEN if you control the target service; (3) verify the endpoint and who operates it (owner/homepage are unknown); (4) if you prefer local processing, avoid using this skill and instead run local rewriting or use an internal, auditable API. If you must use it, set the DASHBOARD_TOKEN explicitly and avoid putting credentials in shared environments.

Like a lobster shell, security has layers — review code before you run it.

latestvk9710f3cq1vpwgkdp634mjt5d1835sr0
284downloads
5stars
4versions
Updated 3d ago
v1.0.3
MIT-0
@yc556600
latest
Download

Dashboard Humanize(去AI化/人性化)

Use the bundled script to call the existing Dashboard Console API. No configuration needed — auth is built in.

Quick start

Pipe stdin:

echo "这里是一段明显AI味的文案..." | python3 skills/local/dashboard-humanize/scripts/humanize.py \
  --title "标题" \
  --tone normal \
  --purpose general_writing \
  --length standard

From a file:

python3 skills/local/dashboard-humanize/scripts/humanize.py --content-file input.txt > output.txt

Return full JSON (includes ai_score / detailed_result when available):

python3 skills/local/dashboard-humanize/scripts/humanize.py --content "..." --json

What to send to the API

Payload fields map 1:1 to HumanizerRequest:

  • title (optional)
  • content (required)
  • prompt (optional)
  • length default standard (script choices: short|standard|long)
  • tone default normal
  • purpose default general_writing
  • language default Simplified Chinese

For exact request/response shapes, read: references/api.md.

Notes

  • Full route path is /employee-console/dashboard/v2/api/ai-tools/humanize.
  • Override token via env DASHBOARD_TOKEN if needed.

Comments

Loading comments...