Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Humanizer
v0.1.0Remove signs of AI-generated writing from text. Use when editing or reviewing text to make it sound more natural and human-written. Based on Wikipedia's comp...
⭐ 0· 44·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name, description, README, and SKILL.md all consistently describe a text-editing/humanizing editor — the declared functionality matches the instructions. However the SKILL.md's allowed-tools list (Read, Write, Edit, Grep, Glob) is broader than strictly necessary for editing a single input text and could be used to read or modify other files on the agent's filesystem if invoked that way.
Instruction Scope
The runtime instructions focus on identifying patterns and rewriting provided text and do not explicitly tell the agent to scan or exfiltrate unrelated files or environment variables. That said, the allowed-tools permit filesystem search (Grep/Glob) and file Write/Edit operations — if the agent invokes those tools autonomously, it could access or change files beyond the input text. The instructions are otherwise concrete and scoped to text-editing.
Install Mechanism
No install spec and no code files to execute (instruction-only), so nothing is downloaded or written during install. This is the lowest install risk.
Credentials
The skill requests no environment variables, credentials, or config paths. Its declared requirements are proportional to its purpose.
Persistence & Privilege
always:false and default agent-invocation settings. The skill does not request permanent presence or system-wide configuration changes.
What to consider before installing
This skill appears to do what it says — editing text to remove AI-like phrasing — but there are a few cautionary points before installing:
- Allowed tools are broad: the SKILL.md permits Read/Write/Edit/Grep/Glob. While editing a supplied text is fine, these permissions would let the agent search the filesystem and modify files if it chooses. If you install it, restrict its tool permissions or ensure the agent only processes text you provide.
- Metadata inconsistencies: versions and owner IDs differ across package.json, SKILL.md, and _meta.json, and no homepage or source is listed. That doesn't prove malice, but it makes provenance harder to verify. Prefer skills with clear, matching metadata and a known source.
- No network installs or credential requests were found (good), but because this is instruction-only the agent's behavior depends entirely on the platform's enforcement of allowed-tools and on how the skill is invoked. If you need to be cautious, run it in a sandboxed agent or ask the skill author to confirm that it will only operate on user-supplied text and will not perform filesystem searches or automated edits outside the target input.
If you want higher confidence before use, ask the publisher to: (1) unify metadata (version/owner), (2) remove Grep/Glob if not needed, or (3) explicitly state that the skill will only read and write the provided text and not search or modify other files.Like a lobster shell, security has layers — review code before you run it.
latestvk97a6zjzcvhvcbnnntrjavnxgh83p21s
License
MIT-0
Free to use, modify, and redistribute. No attribution required.