Skillv1.0.1

ClawScan security

De-AI-fy Text Skill1.0.0 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 1, 2026, 1:58 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, docs, and runtime instructions are consistent with its stated purpose (local rule-driven text 'humanization'); it requests no credentials, has no network/download install steps, and does not exhibit scope creep or hidden endpoints.
Guidance: What you should consider before installing: 1) This is a local, rules-based text processing library (no network calls or secret access detected) — good for privacy, but review rules.json because substitutions can change meaning; test on non-sensitive samples first. 2) The project optionally uses jieba for Chinese tokenization — install only if you want improved Chinese handling. 3) Run the included unit tests (python test_deai.py) and examples in a sandbox to verify behavior with your real data. 4) If you will use it on sensitive/regulated text, manually review the transformation rules and outputs because automated replacements may unintentionally alter legal/medical/financial meaning. 5) If you plan production use, pin the source (or vendor it) and periodically review the repository for updates or changes.

Purpose & Capability: okName/description (remove AI-like features / humanize text) match the included code and config: AITextDetector, TextHumanizer, DeAIProcessor and rules.json provide detection and replacement rules for Chinese and English. No unrelated binaries, env vars, or credentials are requested.
Instruction Scope: okSKILL.md describes local Python API and CLI usage and references only rules.json and local input/output files. The instructions do not ask the agent to read unrelated system files, access secrets, or send data to external endpoints.
Install Mechanism: okNo install spec is present (instruction-only at registry level) and the package is provided as source files. There are no downloads or third‑party install steps embedded in the skill that would write or execute remote code.
Credentials: okThe skill requires no environment variables, credentials, or config paths. The only optional dependency is jieba for better Chinese tokenization, which is local and documented. No unrelated secrets are requested.
Persistence & Privilege: okFlags show always:false and user-invocable:true. The skill does not request permanent platform-wide privileges, nor does it modify other skills or system-wide settings.