Oathe Security Badge

Is artur-zhdan/humanize safe?

https://github.com/openclaw/skills/tree/main/skills/artur-zhdan/humanize

96
SAFE

The humanize-ai skill is a documentation-only writing assistant with no executable code, no prompt injection, and no data exfiltration mechanisms. All three files are legitimate editorial content (SKILL.md, README.md, _meta.json), the clone contacted only GitHub as expected, and all canary files remained intact. The sole noteworthy finding is a minor version inconsistency between the skill content and its registry metadata.

Category Scores

Prompt Injection 97/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 90/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 92/100 · 5%

Findings (3)

LOW Version metadata inconsistency between SKILL.md and _meta.json -10

The SKILL.md frontmatter declares version 2.1.1 while _meta.json declares version 1.0.0. This suggests the skill content was updated without a corresponding registry metadata bump, or the metadata was not synchronized. While not a security issue, it undermines provenance confidence.

INFO Write and Edit tool access declared -5

The skill requests Write and Edit permissions, which is expected for a document-editing assistant. However, it represents a broader permission surface than a read-only skill. No exfiltration instructions are present, and usage is consistent with the skill's stated purpose.

INFO Canary files accessed by audit infrastructure (not skill) 0

Honeypot files (.env, .ssh/id_rsa, .aws/credentials, .npmrc, .docker/config.json, gcloud credentials) were opened at timestamps 1771931033 (pre-clone, during audit setup) and 1771931050 (post-install, during audit teardown verification). Process execution timeline confirms no skill-related process was responsible. All files remained unmodified.