技能 dittobot

✍️

dittobot

Name: dittobot
Author: RegionallyFamous

中風險 ⚙️ 外部命令🌐 網路存取📁 檔案系統存取🔑 環境變數⚡ 包含腳本

改寫任何文章，同時保留你的語氣

AI 改寫工具常常會把你獨特的語氣磨平，變得千篇一律又官腔。Dittobot 能在讓你的寫作更清晰、更銳利或更自然的同時，保留你的語調、事實、節奏與意圖。

支援: Claude Codex Code(CC)

🥉 75 青銅

下載技能 ZIP

在 Claude 中上傳

前往設定 → 功能 → 技能 → 上傳技能

開啟並開始使用

測試它

正在使用「dittobot」。 Rewrite this to be less formal: 'I am writing to inquire about the status of my application. I submitted my materials on the 15th and would appreciate an update at your earliest convenience.'

預期結果:

簡單追蹤一下我的申請進度,我在 15 號送出了資料。目前進度如何?

正在使用「dittobot」。 Punch up this sentence: 'The product has many features that users find useful in their daily work.'

預期結果:

這產品把那些無聊的瑣事都處理掉了,讓你不用親自動手。

正在使用「dittobot」。 Diagnose what is wrong with this paragraph: 'Our company is a leader in the industry. We have many solutions. Our team is dedicated to excellence. We serve many clients across many sectors.'

預期結果:

三個主要問題:(1) 每個句子的開頭都一樣,節奏平板。(2) 「許多」、「解決方案」、「卓越」這類模糊詞彙沒有具體意義。(3) 缺乏具體證據、故事或細節。修正方法:變化句子開頭、用一個具體例子取代抽象名詞,並至少刪除四個句子中的兩個。

安全審計

中風險

v1 • 6/2/2026

Dittobot is a voice-preserving prose rewriting skill with standard installation and evaluation tooling. The static analyzer flagged 490 patterns, but the vast majority are false positives from markdown backtick formatting in documentation files (README, CHANGELOG, CONTRIBUTING, SKILL.md) being misread as shell execution. The 'weak cryptographic algorithm' findings refer to hash operations in Python evaluation/scoring scripts, not security-sensitive cryptography. The install script uses a curl|bash pattern which is conventional for skill installation but worth noting. No confirmed malicious intent; risk is medium due to install scripts, API access in live_eval.py, and overall tooling surface area.

已掃描檔案

7,423

分析行數

發現項

審計總數

高風險問題 (1)

README.md:187 install.sh:10-14

Install script uses curl pipe to shell pattern

README.md:187 documents and install.sh uses a curl|bash installation pattern, which executes remote code directly. While standard for skill distribution, this pattern carries inherent supply chain risk if the remote URL is compromised.

中風險問題 (3)

scripts/live_eval.py:117 scripts/live_eval.py:138 scripts/live_eval.py:242 scripts/live_eval.py:530-532 scripts/live_eval.py:560

Live evaluation script accesses environment variables for API keys

scripts/live_eval.py reads multiple environment variables that appear to be API keys (for LLM provider authentication). This is expected for a skill that evaluates writing quality via API calls, but it means the skill requires and handles credentials.

install.sh:28 install.sh:50-51 scripts/install.py:48 scripts/install.py:55 scripts/install.py:78-95

Installation scripts perform shell substitution and file operations

install.sh and scripts/install.py use command substitution ($()) and file system operations (shutil, symlink creation, hidden file access in home directory). These are standard for installation tooling but represent execution surface area.

scripts/redact_case.py:23-25

Redaction script references crypto seed patterns for detection

scripts/redact_case.py references crypto seed/private key patterns as part of its redaction logic. This is the tool detecting and redacting sensitive patterns, not storing actual keys, but it shows the script handles sensitive pattern matching.

低風險問題 (3)

scripts/scorecard.py:14 scripts/live_eval.py:27 scripts/audit.py:12

Hash operations in scoring and evaluation scripts

Multiple Python scripts (scorecard.py, live_eval.py, audit.py, etc.) use hash functions. These are used for content comparison and scoring, not for security-sensitive operations. The static analyzer flags these as 'weak cryptographic algorithm' but they serve non-security purposes.

README.md:19-208 SKILL.md:47-138 CHANGELOG.md:6-38 CONTRIBUTING.md:7-72

Markdown backtick formatting detected as shell execution

The overwhelming majority of 'Ruby/shell backtick execution' findings are false positives. Markdown files (README.md, CHANGELOG.md, CONTRIBUTING.md, SKILL.md, etc.) use backticks for inline code formatting, which the static analyzer misinterprets as shell command execution patterns. These are documentation artifacts, not executable code.

scripts/rewrite_report.py:14

Dynamic import expression in report generation script

scripts/rewrite_report.py:14 uses a dynamic import() expression. This appears to be intentional for the skill's report generation module loading, not a security threat.

風險因素

⚙️ 外部命令 (6)

install.sh:28 install.sh:50 scripts/build_plugin.py:90 scripts/install.py:97 scripts/scorecard.py:48 .github/workflows/validate.yml:145

🌐 網路存取 (6)

scripts/live_eval.py:19 scripts/live_eval.py:32 scripts/live_eval.py:134 scripts/live_eval.py:143 scripts/build_plugin.py:41 install.sh:10

📁 檔案系統存取 (7)

scripts/install.py:48 scripts/install.py:55 scripts/install.py:78 scripts/install.py:83 scripts/install.py:88 scripts/install.py:95 install.sh:51

🔑 環境變數 (7)

scripts/live_eval.py:117 scripts/live_eval.py:138 scripts/live_eval.py:242 scripts/live_eval.py:444 scripts/live_eval.py:530 scripts/redact_case.py:23 scripts/redact_case.py:25

⚡ 包含腳本 (1)

scripts/rewrite_report.py:14

偵測到的模式

Curl pipe to shell (install pattern)Subprocess execution in build and install scripts

審計者: claude

品質評分

架構

100

可維護性

內容

社群

安全

規範符合性

你能建構什麼

潤飾專業郵件

改寫工作郵件,使其更清晰、更自信、且合宜地正式,同時保留你自然的語氣。

精修部落格文章與隨筆

收緊草稿、刪除冗詞、增加力道,並確保寫作聽起來像真實的人,而不是聊天機器人。

編輯求職信與個人簡介

讓應徵資料在符合職位語氣的同時脫穎而出,並保留你的個人風格。

試試這些提示

基本改寫請求

Rewrite this email to be clearer and more direct, but keep my voice:

[paste your text here]

語氣調整

Take this draft and make it sound warmer and less corporate. Keep all the facts and the main point exactly the same:

[paste your text here]

完整強化並附上明確指示

Rewrite this blog post section. Goals: shorter sentences, cut filler, add one vivid detail, keep my dry humor, do not change any facts:

[paste your text here]

診斷模式

Do not rewrite this yet. Diagnose what is not working in this piece and list the top 3 issues with specific examples from the text:

[paste your text here]