Skillv1.0.0

ClawScan security

AI人味写作技 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 29, 2026, 10:35 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions match its stated purpose (text 'humanizing' and stylistic rewriting) and it requests no extra credentials or installs, but exercise caution because some guidance asks for embedding external artifacts which could involve private data.
Guidance: This skill is internally consistent with its stated goal of 'humanizing' Chinese creative text and doesn't request credentials or install software — that's good. Things to consider before installing or using it: (1) Source unknown / no homepage: you won't have formal documentation or an author to contact if outputs are problematic. (2) The guidance to 'embed handwritten scans, meeting audio transcriptions, unpublished preprints' can encourage you to supply private or unpublished materials — avoid uploading any sensitive, confidential, or unreleased work unless you explicitly accept that risk. (3) Because it's instruction-only, its behavior depends on how your agent is configured (Read/Write/Edit permissions): check what those permissions allow the agent to access in your environment. (4) Test the skill on non-sensitive sample text first to verify output quality and to confirm it doesn't ask for unexpected files or data. (5) Review any transformed text for hallucinations, privacy leaks, or inserted personal identifiers before publishing. If you need higher assurance, ask the publisher for provenance or prefer a skill with a verifiable homepage and maintainer contact information.

Review Dimensions

Purpose & Capability: okName/description (AI writing 'humanizer' for Chinese creative text) align with the SKILL.md content. The skill is instruction-only, asks no binaries, env vars, or installs, and all described operations are text-focused rewriting and stylistic transformation — reasonable for the stated purpose.
Instruction Scope: noteMost instructions are narrowly about detecting AI-like phrasing and applying layered rewriting (L1→L2→L3) which is within scope. One notable element (L3 B4) recommends embedding 'handwritten scans, meeting audio transcriptions, unpublished preprints or small-circle references' as cross-media anchors — this could lead the agent to request or incorporate private artifacts. The SKILL.md does not instruct reading system config or environment variables, but the cross-media suggestion is a privacy consideration rather than an obvious functional incoherence.
Install Mechanism: okNo install spec and no code files (instruction-only). This is the lowest-risk model: nothing will be written to disk or installed by the skill itself.
Credentials: okThe skill requires no environment variables, no credentials, and no config paths. There are no disproportionate requests for secrets or unrelated service access.
Persistence & Privilege: okalways:false and default autonomous invocation settings are unchanged. The skill does not request permanent presence or permissions to alter other skills or system-wide settings.