ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

12agent Novel

v2.8.0

中文长篇小说多智能体创作体系(12Agent)。适用于新建长篇小说项目、搭建世界观与大纲、逐章写作、自动推进与读者反馈等长流程创作任务;不适用于短篇、诗歌、散文、翻译或非小说写作。

0· 142·0 current·0 all-time
by咲鹏@228998098
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's name/description (multi‑agent novel writing) matches most of the included files (templates, agent prompts, project data). However the docs claim the system performs 'platform style research' (分析晋江/长佩/起点/番茄等平台) — that implies fetching or scraping external content, yet the manifest declares no network requirements, no credentials, and there is no install step to provide scraping tooling. This is a capability–requirement mismatch that should be clarified: where/how will that research run and what network access is required?
!
Instruction Scope
SKILL.md instructs the skill to read and write workspace files, read local model/config (openclaw.json, meta/config.md), spawn background sessions (sessions_spawn with background:true), and copy template files. It also explicitly requires filtering out credential fields before embedding config into prompts (good). Missing: a clear, non‑ambiguous description of any network activity for the 'style research' step. Background sessions_spawn calls increase autonomous behaviour and could run arbitrary tasks; the instructions do not enumerate or constrain what those background tasks may fetch or transmit.
Install Mechanism
No install spec (instruction‑only) — lower disk/exec risk. There is one initialization script (scripts/init-project.sh) claimed to only perform local directory creation and template copying. The script itself was present in file list but its contents were not shown here for manual verification; you should inspect the script before running to confirm it contains no network calls or destructive commands.
Credentials
The skill declares no required environment variables or credentials (good). SKILL.md does instruct reading local model/config files (openclaw.json, meta/config.md) and explicitly requires stripping credential fields (apiKey/token/secret/password) before embedding config into prompts. This is a reasonable and proportional design for a multi‑model orchestration skill, but it relies on correct filtering — verify filtering is implemented and that sensitive tokens are not accidentally exposed to sub‑sessions or remote endpoints.
Persistence & Privilege
always:false and default autonomous invocation are in place (normal). The main concern is the use of sessions_spawn with background:true to run early style research in the background: that grants the skill the ability to spawn independent sub‑sessions/tasks which may continue working asynchronously. This raises the blast radius if those sub‑sessions are allowed network access or can read workspace files — confirm host sandboxing, timeouts, and what background tasks are permitted to do.
What to consider before installing
This skill appears to be a detailed, coherent multi‑agent novel creation framework, but before installing or running it you should: 1) Inspect scripts/init-project.sh yourself (or in a sandbox) to confirm it only creates directories and copies templates and contains no network or destructive commands. 2) Confirm how 'early style research' is implemented and whether it requires outbound network access or web scraping — if you do not want background network activity, disable/ask the skill to skip that step. 3) Verify your host's session spawning (sessions_spawn) policy: background tasks can run autonomously and access workspace files; ensure they are sandboxed, have timeouts, and cannot exfiltrate secrets. 4) Make sure any local config (openclaw.json, meta/config.md) does not contain live API keys you care about; the SKILL.md instructs filtering credentials but you should verify that filtering actually occurs. 5) If you need strict privacy, run the skill in an isolated environment (no network) and review logs of spawned sessions to confirm no unintended external calls. If you want, provide the contents of scripts/init-project.sh here and I can review that file specifically.

Like a lobster shell, security has layers — review code before you run it.

latestvk971atf43842nv4ptxtx2t3cxh83jzgn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments