Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
novel-forge
v2.0.0Long-form novel workflow for creating, continuing, resuming, and repairing serialized fiction with externalized project state, role-to-model mapping, worldbu...
⭐ 0· 103·0 current·0 all-time
by咲鹏@228998098
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill is a stateful novel project manager and the included scripts (scaffold_project.py, build_context_pack.py, discover_projects.py, show_runtime_inventory.mjs) implement expected project discovery and scaffold functionality. Reading a local model inventory to recommend role→model mappings is coherent with the stated multi-agent workflow. However, the SKILL.md explicitly instructs reading /root/.openclaw/openclaw.json and persisting role→model mappings in project state; those config path accesses are not declared in the skill's metadata (required config paths/env vars are listed as none). This mismatch is plausibly an oversight but should be called out.
Instruction Scope
SKILL.md instructs the agent to read /root/.openclaw/openclaw.json and to run scripts/show_runtime_inventory.mjs before asking for model mapping. The runbook and scripts also instruct discovery of projects under a workspace derived from environment variables (OPENCLAW_WORKSPACE, NOVEL_FORGE_WORKSPACE, CLAUDE_WORKSPACE) or default paths in the user's home directory. These instructions cause the agent to read local configuration and workspace files (project.json, state/current.json, etc.). The skill also tells the main session to persist mappings and state files. The instructions therefore access filesystem paths and environment variables beyond what the skill metadata declares, which is a scope mismatch that could lead to unexpected reads/writes of user files.
Install Mechanism
No install spec is present; this is an instruction-plus-scripts skill. No network downloads or package installs are specified, and the code files are included with the skill bundle, so there is no external install-time execution risk from remote archives.
Credentials
The skill declares no required environment variables or config paths but the scripts and SKILL.md expect and read environment variables and a well-known config file. discover_projects.py reads OPENCLAW_WORKSPACE / NOVEL_FORGE_WORKSPACE / CLAUDE_WORKSPACE and falls back to ~/.openclaw/workspace or ~/.claude/workspace; show_runtime_inventory.mjs loads /root/.openclaw/openclaw.json by default. These are environment/config accesses that should have been declared in requires.env/requires.config; they may expose local config data (model/provider inventory) and read/write files under the user's workspace. No external credentials are requested, and there are no network exfiltration endpoints in the provided code, but the undeclared access to system config and env is disproportionate to the metadata.
Persistence & Privilege
The skill expects to create and update project files (project.json, worldbuilding.md, characters.md, outline.md, style.md, memory.md, state/current.json, chapters/*.md) inside a workspace/novel directory. That is consistent with a project scaffolder/orchestrator. It does not request always:true or other elevated platform privileges. It will persist role→model mappings and project state locally by design; this behavior is expected but should be accepted explicitly by the user because it writes files to your workspace.
What to consider before installing
What to consider before installing:
- The skill is coherent with its advertised purpose (a stateful long-form novel workflow) and the included scripts implement project discovery and scaffolding.
- However, SKILL.md and the scripts read local configuration and workspace environment variables that were not declared in the skill metadata. In particular the skill will (by default) read /root/.openclaw/openclaw.json and check OPENCLAW_WORKSPACE / NOVEL_FORGE_WORKSPACE / CLAUDE_WORKSPACE or ~/.openclaw/workspace, ~/.claude/workspace. That can expose local model/provider inventory and other config present in those files.
- The skill writes project files (project.json, state/current.json, chapters/*.md, worldbuilding.md, etc.) into a workspace/novel directory. This is expected for a scaffold/orchestrator, but be aware it will create and modify files in your workspace.
- There is no remote network exfiltration code in the provided scripts and no install-time downloads, but because the skill reads system config you should:
1) Inspect the actual /root/.openclaw/openclaw.json (or equivalent on your system) to confirm it contains only non-sensitive inventory metadata and no secrets you don't want read.
2) If you are uncomfortable with the skill reading that file, request the skill author to make the config path optional or to declare the required config paths/env vars in metadata so you can consent.
3) Run the bundled scripts in a sandbox or test workspace first to observe behavior (discover_projects.py, scaffold_project.py, show_runtime_inventory.mjs are localized and print JSON).
- If you need higher assurance, ask the author to update metadata to declare required config paths and env vars, or to add an explicit user prompt before reading system-level config. If you trust the author and the workflow, the skill appears usable; if you prefer minimal exposure, do not install it or run it only in an isolated workspace.Like a lobster shell, security has layers — review code before you run it.
latestvk975zwes3aejp87k72cfxmbd3n83sers
License
MIT-0
Free to use, modify, and redistribute. No attribution required.