Is biostartechnology/humanizer safe?

https://github.com/openclaw/skills/tree/main/skills/biostartechnology/humanizer

95
SAFE

The biostartechnology/humanizer skill is a benign writing editing tool with no malicious characteristics. The SKILL.md contains only prose instructions for detecting and removing AI writing patterns, with no executable code, hidden directives, exfiltration instructions, or prompt injection techniques. Canary files were accessed read-only by the monitoring infrastructure as part of pre/post integrity checks and remained fully intact. The only notable findings are a version metadata inconsistency between _meta.json (1.0.0) and SKILL.md (2.1.1), and standard permission concerns with Write/Edit tool access that are proportionate to the skill's stated purpose.

Category Scores

Prompt Injection 93/100 · 30%
Data Exfiltration 98/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 90/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 88/100 · 5%

Findings (5)

LOW Version metadata mismatch -5

_meta.json records the latest published version as 1.0.0, while SKILL.md frontmatter declares version 2.1.1. This suggests the registry metadata was not updated when the skill file was updated, or the wrong version of the skill was published. Users relying on version pinning may receive unexpected behavior.

LOW Write/Edit permissions enable broad file modification -5

The skill requests Write and Edit tool access, which is appropriate for humanizing text in files but grants the agent the ability to modify any file the user directs it toward. If a user inadvertently applies the skill to sensitive documents, it could alter them. This is a permission-scope concern, not malicious intent.

INFO Persona redefinition in skill preamble -2

The skill opens with 'You are a writing editor...' which redefines the agent's working identity. This is standard skill convention and the persona is narrow and benign, but it does constitute a persona shift instruction. No override of system instructions or user preferences is attempted.

INFO Personality injection may bleed into unrelated agent output -7

The 'PERSONALITY AND SOUL' section instructs the agent to have opinions, use first person, and let 'some mess in'. While appropriate for writing editing tasks, these instructions could subtly influence agent communication style in adjacent interactions if the skill remains active.

INFO Post-install network connections to openclaw infrastructure 0

After installation, the openclaw-gateway process (pid=1083, pre-existing) established new ESTABLISHED connections to 54.211.197.216:443 (AWS) and 104.16.3.34:443 (Cloudflare). These are attributable to the Oathe audit reporting infrastructure, not to the skill. No process spawned by the skill made network connections.