技能 dittobot

✍️

dittobot

Name: dittobot
Author: RegionallyFamous

中风险 ⚙️ 外部命令🌐 网络访问📁 文件系统访问🔑 环境变量⚡ 包含脚本

改写任何文稿，同时保留你的独特风格

AI 改写工具常常把你独特的风格磨平，变成千篇一律、官腔十足的文字。Dittobot 能在让写作更清晰、更犀利或更自然的同时，保留你的语气、事实、节奏和意图。

支持: Claude Codex Code(CC)

🥉 75 青铜

下载技能 ZIP

在 Claude 中上传

前往设置 → 功能 → 技能 → 上传技能

开启并开始使用

测试它

正在使用“dittobot”。 Rewrite this to be less formal: 'I am writing to inquire about the status of my application. I submitted my materials on the 15th and would appreciate an update at your earliest convenience.'

预期结果:

简单跟进一下我的申请，15 号提交的。请问现在进展如何？

正在使用“dittobot”。 Punch up this sentence: 'The product has many features that users find useful in their daily work.'

预期结果:

这个产品把那些枯燥的活儿都包了，让你不用再费心。

正在使用“dittobot”。 Diagnose what is wrong with this paragraph: 'Our company is a leader in the industry. We have many solutions. Our team is dedicated to excellence. We serve many clients across many sectors.'

预期结果:

三个主要问题：(1) 每句话都以同样的方式开头，节奏平淡。(2) 「很多」「解决方案」「卓越」等模糊词汇没有任何具体含义。(3) 缺乏具体的证据、故事或细节。改进方法：变换句子的开头，用一个具体例子替换抽象名词，至少删掉四句话中的两句。

安全审计

中风险

v1 • 6/2/2026

Dittobot is a voice-preserving prose rewriting skill with standard installation and evaluation tooling. The static analyzer flagged 490 patterns, but the vast majority are false positives from markdown backtick formatting in documentation files (README, CHANGELOG, CONTRIBUTING, SKILL.md) being misread as shell execution. The 'weak cryptographic algorithm' findings refer to hash operations in Python evaluation/scoring scripts, not security-sensitive cryptography. The install script uses a curl|bash pattern which is conventional for skill installation but worth noting. No confirmed malicious intent; risk is medium due to install scripts, API access in live_eval.py, and overall tooling surface area.

已扫描文件

7,423

分析行数

发现项

审计总数

高风险问题 (1)

README.md:187 install.sh:10-14

Install script uses curl pipe to shell pattern

README.md:187 documents and install.sh uses a curl|bash installation pattern, which executes remote code directly. While standard for skill distribution, this pattern carries inherent supply chain risk if the remote URL is compromised.

中风险问题 (3)

scripts/live_eval.py:117 scripts/live_eval.py:138 scripts/live_eval.py:242 scripts/live_eval.py:530-532 scripts/live_eval.py:560

Live evaluation script accesses environment variables for API keys

scripts/live_eval.py reads multiple environment variables that appear to be API keys (for LLM provider authentication). This is expected for a skill that evaluates writing quality via API calls, but it means the skill requires and handles credentials.

install.sh:28 install.sh:50-51 scripts/install.py:48 scripts/install.py:55 scripts/install.py:78-95

Installation scripts perform shell substitution and file operations

install.sh and scripts/install.py use command substitution ($()) and file system operations (shutil, symlink creation, hidden file access in home directory). These are standard for installation tooling but represent execution surface area.

scripts/redact_case.py:23-25

Redaction script references crypto seed patterns for detection

scripts/redact_case.py references crypto seed/private key patterns as part of its redaction logic. This is the tool detecting and redacting sensitive patterns, not storing actual keys, but it shows the script handles sensitive pattern matching.

低风险问题 (3)

scripts/scorecard.py:14 scripts/live_eval.py:27 scripts/audit.py:12

Hash operations in scoring and evaluation scripts

Multiple Python scripts (scorecard.py, live_eval.py, audit.py, etc.) use hash functions. These are used for content comparison and scoring, not for security-sensitive operations. The static analyzer flags these as 'weak cryptographic algorithm' but they serve non-security purposes.

README.md:19-208 SKILL.md:47-138 CHANGELOG.md:6-38 CONTRIBUTING.md:7-72

Markdown backtick formatting detected as shell execution

The overwhelming majority of 'Ruby/shell backtick execution' findings are false positives. Markdown files (README.md, CHANGELOG.md, CONTRIBUTING.md, SKILL.md, etc.) use backticks for inline code formatting, which the static analyzer misinterprets as shell command execution patterns. These are documentation artifacts, not executable code.

scripts/rewrite_report.py:14

Dynamic import expression in report generation script

scripts/rewrite_report.py:14 uses a dynamic import() expression. This appears to be intentional for the skill's report generation module loading, not a security threat.

风险因素

⚙️ 外部命令 (6)

install.sh:28 install.sh:50 scripts/build_plugin.py:90 scripts/install.py:97 scripts/scorecard.py:48 .github/workflows/validate.yml:145

🌐 网络访问 (6)

scripts/live_eval.py:19 scripts/live_eval.py:32 scripts/live_eval.py:134 scripts/live_eval.py:143 scripts/build_plugin.py:41 install.sh:10

📁 文件系统访问 (7)

scripts/install.py:48 scripts/install.py:55 scripts/install.py:78 scripts/install.py:83 scripts/install.py:88 scripts/install.py:95 install.sh:51

🔑 环境变量 (7)

scripts/live_eval.py:117 scripts/live_eval.py:138 scripts/live_eval.py:242 scripts/live_eval.py:444 scripts/live_eval.py:530 scripts/redact_case.py:23 scripts/redact_case.py:25

⚡ 包含脚本 (1)

scripts/rewrite_report.py:14

检测到的模式

Curl pipe to shell (install pattern)Subprocess execution in build and install scripts

审计者: claude

质量评分

架构

100

可维护性

内容

社区

安全

规范符合性

你能构建什么

润色专业邮件

改写工作邮件，使其更清晰、更自信、恰当地正式，同时保留你自然的语气。

打磨博客文章和随笔

压缩初稿、删减冗余、增加力度，确保文字读起来像一个真实的人在写，而不是聊天机器人。

编辑求职信和个人简介

在匹配岗位语气的同时让你的个性可见，使申请材料脱颖而出。

试试这些提示

基础改写请求

Rewrite this email to be clearer and more direct, but keep my voice:

[paste your text here]

语气调整

Take this draft and make it sound warmer and less corporate. Keep all the facts and the main point exactly the same:

[paste your text here]

带具体方向的全面润色

Rewrite this blog post section. Goals: shorter sentences, cut filler, add one vivid detail, keep my dry humor, do not change any facts:

[paste your text here]

诊断模式

Do not rewrite this yet. Diagnose what is not working in this piece and list the top 3 issues with specific examples from the text:

[paste your text here]