Back to skill
Skillv1.0.52
ClawScan security
Ai Content Rewriter · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 16, 2026, 3:49 AM
- Verdict
- suspicious
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is only marketing copy (pricing/ROI/features) and provides no runtime instructions, dependencies, or endpoints — it doesn't match its claimed functionality and is incomplete.
- Guidance
- This package appears to be a placeholder or marketing page rather than a working skill. Before installing or enabling it: 1) Ask the publisher for a concrete SKILL.md that explains runtime behavior (what API or binary is called, required env vars, sample payloads, and where data is sent). 2) Verify the source and author identity and prefer skills with a homepage or repo. 3) Demand privacy/data-handling details (where rewritten content is sent/stored). 4) Do not provide any credentials until you see explicit, proportional needs (e.g., an API key for a named rewriting service). 5) Consider rejecting or sandbox-testing this skill — in its current form it is non-functional and therefore suspicious rather than malicious.
Review Dimensions
- Purpose & Capability
- concernName/description claim an automated multi-language batch rewriter, but the SKILL.md contains only marketing, pricing, and ROI claims with no actionable instructions, APIs, or dependencies. There is no explanation of how rewriting is performed, so required capabilities are missing.
- Instruction Scope
- concernSKILL.md provides no runtime guidance (no commands, no API endpoints, no file paths, no data flow). Because the instructions are absent, an agent would have to improvise behavior or will be non-functional; vague/absent instructions are a semantic risk and should be clarified.
- Install Mechanism
- okInstruction-only skill with no install specification and no code files — lowest install risk (nothing written to disk by the skill itself).
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. There is no apparent request for unrelated secrets or system access.
- Persistence & Privilege
- okSkill is not marked always:true and has default invocation flags. It does not request persistent presence or modify other skills; no privilege escalation indicators present.