Transform AI-generated text into authentic human writing. Detects and removes 24 AI patterns, replaces 500+ AI vocabulary terms, analyzes statistical signals...
Security Analysis
medium confidenceThe skill's instructions match its stated goal, but a prompt‑injection signal in the SKILL.md and an included runtime script (scripts/humanize.js) that wasn't reviewed raise concerns — review the code for hidden behavior before installing.
Name/description (humanize AI text) aligns with the delivered materials: SKILL.md plus references for patterns, vocabulary, and metrics. No credentials or unrelated binaries are requested, and the content explicitly documents the detection and rewriting features that match the stated purpose.
SKILL.md instructs the agent to scan the included reference files and to add personality (misspellings, tangents, parenthetical asides). Those instructions are within the stated purpose, but the pre-scan detected 'unicode-control-chars' in SKILL.md (a prompt‑injection signal). That suggests the documentation may include hidden control characters intended to manipulate parsers or evaluations. Also, the skill advocates injecting plausible-sounding personal details and strategic typos — a legitimate writing feature, but one that increases risk of producing deceptive or fabricated content if misused.
No install spec was provided (instruction-only), which minimizes system write/execution risk. However, the package contains one script file (scripts/humanize.js) — since no install runs were specified, the script presence is not inherently dangerous but should be reviewed for network or system interactions before use.
The skill requires no environment variables, credentials, or config paths. This is proportionate to the described functionality.
Skill flags show always:false and normal agent invocation; it does not request permanent presence or modify other skills. No elevation of privilege is declared.
Guidance
This skill generally does what it says (detect AI patterns and rewrite text to 'sound human'), but stop and review before installing or running: 1) Open and inspect scripts/humanize.js for any network calls, obfuscated strings, eval/Function usage, child_process or filesystem writes, or access to process.env. Search for fetch/axios/http/https, require('child_process'), spawn/exec, fs.writeFile/ftruncate, base64 decoding, suspicious domains or IP literals, and any code that sends text out. 2) Remove or inspect any hidden/unusual unicode/control characters in SKILL.md (they can be used for prompt injection or to confuse parsers). 3) Consider the policy risk: the skill intentionally injects typos, tangents, and plausible-sounding personal details — do not use it to generate formal/legal/regulated documents or to fabricate facts or sources. 4) If you cannot fully audit scripts/humanize.js, treat the skill as untrusted and run it in a sandboxed environment with no network access. Providing source code or a full code review would raise confidence; absence of that keeps this assessment at 'suspicious'.
Latest Release
v1.0.0
Initial release: 24 AI pattern detectors, 500+ vocabulary database, statistical signals (burstiness, TTR, CoV), personality injection (parentheticals, typos, tangents, random thoughts), and CLI tool for scoring and humanization
More by @Kevjade
Published by @Kevjade on ClawHub
