Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
novel-free
v1.0.3中文长篇小说多智能体创作技能(v1.0.1)。支持从零开始新建长篇小说项目,完成世界观/角色/大纲/章节写作、自动推进与读者反馈的完整流程。内置固定层压缩、fixed-context.md强制缓存、摘要+OOC合并触发三项核心优化,新增用户体验优化和自动化工具,显著降低token消耗与操作复杂度。适用场景:新建长...
⭐ 0· 95·0 current·0 all-time
by咲鹏@228998098
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (multi-agent novel writing) align with the included templates and agent prompts. Requests to read an OpenClaw model config (openclaw.json) and to create project directories match the stated need to detect available models and initialize projects. No unrelated cloud credentials or unrelated binaries are requested. Note: reading system/user config to enumerate models is coherent with model-mapping functionality but exposes additional local config data.
Instruction Scope
SKILL.md explicitly instructs the Coordinator to read ~/.openclaw/openclaw.json (fallbacks ./openclaw.json and /etc/openclaw/openclaw.json) and many local project files; it also includes runnable shell scripts (launch, init, auto-configure). While these file reads are coherent for model discovery and project initialization, they can expose local configuration content. The skill claims to filter fields named apiKey/token/secret/password before embedding credentials into prompts, but that is a declarative mitigation only and not enforceable by static inspection. The runtime instructions do not show any external network endpoints, but the included shell scripts were not fully inspected for network commands — agent instructions direct running those scripts (./novel-free-launch.sh etc.), which grants them the ability to perform arbitrary local actions when executed.
Install Mechanism
No install spec or remote downloads; the package is instruction- and script-based and will not fetch arbitrary code during installation. This lowers supply-chain risk. However, the repository includes multiple shell scripts which, if executed by the user or an agent with shell access, will create files and perform filesystem actions — review the scripts before running.
Credentials
The skill declares no required environment variables or credentials, which matches its stated purpose. However, it instructs reading openclaw.json files (user/system config) that may contain provider/model metadata and potentially credentials depending on user setup. The skill asserts it will filter credential fields before embedding prompts, but that is a behavioral claim rather than an enforceable guarantee. No other unrelated env vars are requested.
Persistence & Privilege
always:false and no claim of forcing persistent inclusion. The skill writes project files and metadata within user-specified project directories (including an 'external directory' mode). There is no evidence it modifies other skills or system-wide agent settings beyond reading openclaw.json as part of model discovery. This level of presence is consistent with a project-management writing tool.
What to consider before installing
What to check before installing/using:
- Inspect the shell scripts (scripts/*.sh and create-novel.sh, novel-free-launch.sh, init-project.sh) before running them. Look for network calls (curl/wget/nc/ssh/git remote operations), eval/exec of untrusted content, or commands that modify system files. If you are not comfortable, open the scripts in a text editor and confirm they only create/modify files under a project directory.
- Review your openclaw.json (especially ~/.openclaw/openclaw.json, ./openclaw.json, /etc/openclaw/openclaw.json) to see what it contains. If it contains secrets or provider API keys, consider moving them or using a minimal config copy for testing. The skill reads these files to enumerate available models; that is coherent but may expose config content to the skill logic.
- Do not run the included scripts as an automated agent with unrestricted permissions until you have verified their contents. Prefer running them manually in a sandbox or disposable environment (container, VM) the first time.
- The SKILL.md claims it filters obvious credential fields (apiKey, token, secret, password) before embedding prompts; treat that as an assurance but not proof. If you store API keys in openclaw.json or elsewhere, consider removing them prior to first run or using least-privilege/test keys.
- If you plan to use 'external directory' behavior, choose a project path you control (not system directories), and verify the scripts' write/read paths.
- If you want higher assurance, request the vendor/author to provide a short audited changelog or a human-readable summary of what each script does; alternatively run the scripts with dry-run/echo mode if present.
Reasoning summary: The skill appears functionally coherent with its stated purpose, but it exercises filesystem and local config reads and ships runnable scripts — these are legitimate for initialization and model mapping but create a modest risk if executed without review. Proceed after the checks above or run in a sandbox.Like a lobster shell, security has layers — review code before you run it.
latestvk97darrdrh8gsf6fqphm6eqbqn83ksw5
License
MIT-0
Free to use, modify, and redistribute. No attribution required.