ClawHub

novel-free

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Chinese long-form novel writing skill that creates and manages local writing project files, with no evidence of hidden network access, exfiltration, or destructive behavior outside its stated purpose.

Install only if you want this skill to manage a local novel project directory. It will create, update, overwrite, and back up project files such as chapters, metadata, trackers, and fixed-context summaries. Keep separate backups for important writing projects, review generated changes before treating them as final, and be aware that model auto-configuration may read local OpenClaw model configuration to choose model IDs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation advertises automatic backup, external project creation, model configuration, and environment isolation, but it does not prominently warn users that these actions will modify files and directories on the local filesystem. In a skill that encourages running shell scripts, omission of modification warnings increases the chance of unintended writes, overwrites, or confusing state changes.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This section gives direct commands for restore, backup, project switching, and environment isolation without any adjacent notice about filesystem effects or potential data movement. Because recovery and management scripts often touch many paths, users may run them with incomplete understanding, increasing the risk of accidental data loss, overwriting, or changes to the wrong project.

Vague Triggers

Low
Confidence
78% confidence
Finding
The description defines a broad long-form novel creation capability but does not clearly constrain when the skill should activate or what explicit user triggers are required. In agent environments, vague scope can cause over-invocation or inappropriate routing, which may expose project context, waste tokens, or let the skill influence tasks beyond intended novel-writing workflows.

Natural-Language Policy Violations

Medium
Confidence
70% confidence
Finding
The description presents the skill as Chinese-only without indicating whether the language is a default, preference, or hard requirement chosen by the user. In multi-user or multilingual agent systems, implicit language forcing can mis-handle requests, reduce transparency, and cause the skill to respond in an unexpected locale without consent.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The document directs the coordinator to write and later overwrite `references/fixed-context.md`, but it does not require any user confirmation, backup, or warning that existing project content will be replaced. In an agentic file-writing workflow, silent overwrites can destroy prior edits, summaries, or manually curated context, causing integrity loss and hard-to-detect project corruption.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The refresh procedure explicitly says to overwrite `references/fixed-context.md`, yet it provides no safeguard against replacing valuable existing content and no user-facing notice that the file will be destroyed and regenerated. Because this skill is designed for iterative long-form writing, repeated automated refreshes increase the chance of accidental data loss and propagation of stale or malformed summaries into later chapters.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The workflow instructs the agent to perform a batch of persistent writes across multiple project files in a fixed sequence, but it does not require explicit user confirmation, preview, or warning before modifying state. In an agent setting, this creates a real integrity risk: a mistaken or adversarially-influenced run could overwrite chapters, trackers, and metadata, making recovery difficult and amplifying the effect of a bad output.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The document directs the coordinator to write the final chapter directly to `chapters/ch{NNN}.md` without clearly disclosing that this is a persistent overwrite of project content. This is a lower-severity but real safety issue because users may assume the result is provisional while the workflow treats it as authoritative output.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal