ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Operator Humanizer

v2.0.0

Transform AI-generated text into authentic human writing. Detects and eliminates AI tells across 24 content/language/style/communication patterns, 500+ AI vo...

4· 1.3k·4 current·4 all-time
byKevin Jeppesen @ TheOperatorVault.io@kevjade
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description, the many reference docs, and the single helper script (scripts/humanize.js) line up with a text-transformation/humanization tool. There are no declared binaries, env vars, or external credentials that would be unexpected for this purpose.
!
Instruction Scope
SKILL.md gives granular rules for removing AI tells and injecting 'personality' — that is coherent — but also explicitly recommends adding parenthetical asides, tangents, strategic typos, and invented-seeming personal anecdotes and unverifiable details (e.g., 'I talked to a grid engineer last month'). That encourages fabrication of facts and personal claims beyond mere stylistic edits. Additionally, a pre-scan found unicode-control-chars in the SKILL.md which can be used for prompt-injection; this is a significant red flag in the instruction text itself.
Install Mechanism
No install spec is provided (instruction-only + included files). That's lower-risk because nothing is downloaded at install time. However, the skill does include a JS file that will run when invoked; its behavior should be reviewed (no install process to inspect network or runtime calls at install time).
Credentials
The skill requests no environment variables, binaries, or credentials — appropriate and proportional. Caveat: because a runtime script (scripts/humanize.js) is included, the script could access the runtime environment (filesystem, network, process env) if permitted; its contents were not provided for review, so this is an unknown that should be inspected before trusting the skill with sensitive data.
Persistence & Privilege
Skill flags show always:false and no special privileges. It does not request permanent presence or system-level configuration. Autonomous invocation is allowed (default) but not combined with other high-risk signals here.
Scan Findings in Context
[unicode-control-chars] unexpected: Hidden Unicode control characters were detected in SKILL.md. These can be used to manipulate how prompts are parsed or to perform prompt-injection attacks (e.g., hiding instructions, breaking parsing). This is not expected for a purely stylistic text-transformation skill and should be removed/inspected thoroughly.
What to consider before installing
What to consider and next steps before installing or using this skill: - Review the included script (scripts/humanize.js) before enabling the skill. Look for any network requests, telemetry, or access to process.env / filesystem and confirm they are necessary and safe. - Remove or neutralize the detected unicode control characters in SKILL.md (and any other files) before use; treat them as potential prompt-injection payloads. - Be aware the instructions explicitly encourage adding invented personal anecdotes, specific but unsupported facts, and strategic misspellings. Do NOT use this skill for content that must be factual, legally binding, audited, or customer-facing without human editorial review. - If you plan to let the agent invoke the skill autonomously, restrict the agent's permission scope and test on non-sensitive sample text first. Consider disabling autonomous invocation for high-risk workflows. - Ask the publisher for provenance: where the code was sourced, a homepage, and a repo link. Lack of source/origin increases risk — prefer skills with transparent repositories and clear authorship. - If you lack the ability to audit the JS, run the skill in an isolated sandbox and monitor network and file activity during a test run. If you want, I can: (1) scan the contents of scripts/humanize.js for network calls and suspicious patterns, (2) strip unicode hidden chars from SKILL.md and show a cleaned version, or (3) suggest safer rule modifications to avoid encouraging fabricated claims.

Like a lobster shell, security has layers — review code before you run it.

latestvk977an79bv5zd2rj905hgzw1fh835fya

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments