Is humanize-ai-text safe?

https://clawhub.ai/moltbro/humanize-ai-text

62
CAUTION

This skill is a technically benign text processing toolkit that requests unnecessarily broad permissions (especially Shell access) for its stated purpose of detecting and rewriting AI-generated text. The Python scripts contain no malicious code, no network calls, and no data exfiltration mechanisms. However, the Shell permission is significantly overprivileged, the skill's explicit purpose is to bypass academic integrity tools like Turnitin, and the batch processing instructions could lead to unintended bulk file modifications.

Category Scores

Prompt Injection 55/100 · 30%
Data Exfiltration 85/100 · 25%
Code Execution 40/100 · 20%
Clone Behavior 90/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 35/100 · 5%

Findings (7)

HIGH Unnecessary Shell access requested -40

The skill requests Shell tool access in its allowed-tools, which grants arbitrary command execution capability. The skill's actual functionality (regex-based text detection and transformation) only requires Read and Write file access. The Shell permission is vastly overprivileged for the stated purpose and could be abused to execute any system command.

HIGH Overprivileged tool permissions for text processing -30

The skill requests Shell, Read, Write, StrReplace, and Glob — five tools for what is fundamentally a text find-and-replace operation. Shell access in particular allows the agent to execute arbitrary commands when following this skill's instructions. The batch processing examples explicitly instruct shell for-loops over all files matching wildcards.

MEDIUM Bulk file modification instructions -15

The SKILL.md contains batch processing examples that instruct the agent to iterate over ALL .txt and .md files in a directory and transform them. A user invoking this skill may not intend for all files to be modified, but the skill's instructions could lead the agent to do so.

MEDIUM Mutable pattern configuration file -20

patterns.json is loaded at runtime and controls all text replacements. If an attacker gains write access to this file post-install (or if the skill is updated), the replacement rules could be changed to inject arbitrary content into documents during transformation. The agent would execute these replacements without review.

LOW Ethically problematic purpose - AI detection evasion -65

The skill's explicit purpose is to help users bypass AI text detection tools (Turnitin, GPTZero, Originality.ai). While technically a text processing tool, its intended use case is to facilitate academic dishonesty and content fraud. This represents a reputational and ethical risk for users who install it.

INFO Scripts are clean text processors -15

All three Python scripts (detect.py, transform.py, compare.py) are straightforward text processing utilities. They read input files, apply regex-based pattern matching and replacement, and write output. No network calls, no imports of urllib/requests/socket, no data encoding for exfiltration.

INFO Clean install with no suspicious activity -10

The install process showed no network connections, no unexpected process execution, and no filesystem changes outside the skill directory. The .env and .aws/credentials reads in monitoring are from the OpenClaw platform initialization, not from the skill.