Ai Humanizer.Bak
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a purpose-aligned offline text humanizing tool, with a minor provenance/version mismatch users should verify before running its optional CLI.
This skill looks safe for its stated purpose of editing user-provided text. Before installing or running the optional CLI, verify the source because the registry identity and embedded package metadata do not match. Review any autofixed text before using it.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You may be reviewing or installing a repackaged or renamed copy rather than the exact upstream project described in the files.
The registry metadata identifies the evaluated package as ai-humanizer-bak version 1.0.0 with unknown source, while the embedded metadata and package files describe ai-humanizer version 2.1.0. This creates a provenance/version ambiguity, though it does not by itself show malicious behavior.
"slug": "ai-humanizer", "version": "2.1.0"
Verify the publisher and source before running the optional CLI, and compare the registry artifact with the referenced repository if provenance matters.
If you choose to use the standalone CLI, you are trusting the cloned repository and npm-installed development tooling.
The README documents user-directed standalone CLI installation from GitHub with npm. This is expected for a CLI text tool and is not automatic, but it means users who follow the README will execute code outside the instruction-only skill path.
git clone https://github.com/brandonwise/humanizer.git cd humanizer npm install
Use the instruction-only skill if you do not need the CLI; if you do use the CLI, inspect the repository and dependency install before running it.