中文 EN

扫描报告

扫描新文件

可信 — 风险评分 5/100
上次扫描:2 天前 重新扫描
5 /100
humanizer
Detect and remove AI writing patterns in text. Uses 24 pattern detectors, 500+ vocabulary terms, and statistical analysis (burstiness, type-token ratio, readability) to score text and suggest humanization fixes.
Pure text-processing Node.js skill with no runtime dependencies, no network access, no shell execution beyond invoking the CLI, and no sensitive filesystem access.
技能名称humanizer
分析耗时37.8s
引擎pi
可以安装
This skill is safe to use. No security concerns identified.
资源类型声明权限推断权限状态证据
文件系统 READ READ ✓ 一致 cli.js reads input files via fs.readFileSync; declared in SKILL.md
网络访问 NONE NONE No network imports (fetch/http) in any source file
命令执行 NONE NONE scripts/*.sh only invoke 'node'; no subprocess or raw shell commands
环境变量 NONE NONE No os.environ iteration or credential access
剪贴板 NONE NONE No clipboard access
数据库 NONE NONE No database access
技能调用 NONE NONE No skill invocation chains
浏览器 NONE NONE No browser automation
6 项发现
🔗
中危 外部 URL 外部 URL
https://img.shields.io/badge/License-MIT-yellow.svg
README.md:3
🔗
中危 外部 URL 外部 URL
https://img.shields.io/badge/tests-128%20passing-brightgreen
README.md:4
🔗
中危 外部 URL 外部 URL
https://img.shields.io/badge/node-%3E%3D18-brightgreen
README.md:5
🔗
中危 外部 URL 外部 URL
https://en.wikipedia.org/wiki/Wikipedia:Signs_of_AI_writing
README.md:11
🔗
中危 外部 URL 外部 URL
https://arxiv.org/abs/2503.01659
README.md:11
🔗
中危 外部 URL 外部 URL
http://test.org/path?query=1&foo=bar
tests/edge-cases.test.js:163

目录结构

30 文件 · 206.6 KB · 5931 行
JavaScript 14f · 4486L Markdown 9f · 1336L JSON 2f · 54L Text 3f · 31L Shell 2f · 24L
├─ 📁 assets
│ └─ 📝 banner.md Markdown 10L · 331 B
├─ 📁 docs
│ ├─ 📝 CONTRIBUTING.md Markdown 69L · 2.0 KB
│ ├─ 📝 EXAMPLES.md Markdown 79L · 5.3 KB
│ └─ 📝 PATTERNS.md Markdown 59L · 2.4 KB
├─ 📁 references
│ ├─ 📝 ai-vocabulary.md Markdown 171L · 5.5 KB
│ ├─ 📝 patterns.md Markdown 332L · 10.0 KB
│ └─ 📝 style-guide.md Markdown 106L · 3.9 KB
├─ 📁 scripts
│ ├─ 🔧 analyze.sh Shell 12L · 301 B
│ └─ 🔧 humanize.sh Shell 12L · 315 B
├─ 📁 src
│ ├─ 📜 analyzer.js JavaScript 419L · 14.8 KB
│ ├─ 📜 cli.js JavaScript 574L · 19.6 KB
│ ├─ 📜 humanizer.js JavaScript 411L · 14.2 KB
│ ├─ 📜 patterns.js JavaScript 986L · 28.1 KB
│ ├─ 📜 stats.js JavaScript 275L · 9.5 KB
│ └─ 📜 vocabulary.js JavaScript 617L · 15.1 KB
├─ 📁 tests
│ ├─ 📁 fixtures
│ │ ├─ 📄 ai-sample-1.txt Text 15L · 2.2 KB
│ │ ├─ 📄 ai-sample-2.txt Text 7L · 1.1 KB
│ │ └─ 📄 human-sample-1.txt Text 9L · 1.1 KB
│ ├─ 📜 analyzer.test.js JavaScript 337L · 13.2 KB
│ ├─ 📜 calibration.test.js JavaScript 141L · 7.2 KB
│ ├─ 📜 edge-cases.test.js JavaScript 201L · 7.1 KB
│ ├─ 📜 humanizer.test.js JavaScript 174L · 6.4 KB
│ ├─ 📜 performance.test.js JavaScript 86L · 3.2 KB
│ └─ 📜 statistics.test.js JavaScript 226L · 7.9 KB
├─ 📋 _meta.json JSON 5L · 131 B
├─ 📜 eslint.config.js JavaScript 31L · 559 B
├─ 📋 package.json JSON 49L · 1.3 KB
├─ 📝 README.md Markdown 361L · 15.8 KB
├─ 📝 SKILL.md Markdown 149L · 7.8 KB
└─ 📜 vitest.config.js JavaScript 8L · 152 B

依赖分析 3 项

包名版本来源已知漏洞备注
eslint ^9.0.0 npm dev Dev dependency only; not bundled with skill
prettier ^3.0.0 npm dev Dev dependency only; not bundled with skill
vitest ^3.0.0 npm dev Dev dependency only; not bundled with skill

安全亮点

✓ No runtime external dependencies — only devDependencies for linting and testing
✓ No network requests in any source file
✓ No subprocess, exec, or shell command execution beyond invoking node
✓ No credential, SSH, AWS, or .env file access
✓ No eval, Function(), or dynamic code execution
✓ No base64 encoding/decoding with shell piping
✓ No hidden instructions or obfuscated code
✓ Doc-to-code alignment is strong — declared capabilities match implementation
✓ No data exfiltration channels
✓ Shell scripts are simple wrappers with no curl/wget remote execution