v1.0.3

novel-free

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:17 AM.

Analysis

The skill mostly matches its novel-writing purpose, but it reads local OpenClaw model/account configuration and sends project content to spawned model agents, so it should be reviewed before use.

GuidanceReview this skill before installing. If you use it, run scripts only in a dedicated project folder, check that OpenClaw configuration files do not expose API keys or tokens to project prompts, choose trusted model providers for sub-agents, and avoid storing unrelated private information in the novel workspace.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Unexpected Code Execution

SeverityLowConfidenceHighStatusNote

SKILL.md

`./novel-free-launch.sh`; `./create-novel.sh <项目名>`; `./scripts/simple-auto-configure.sh /path/to/project`; `./scripts/error-handler.sh backup <项目目录>`

The skill asks the user to run local shell scripts that create and manage projects, update configuration, and perform backups. This is central to the skill's stated automation purpose and is user-directed.

User impactRunning the scripts can create or modify files in the selected project directories.

RecommendationRun scripts only from the intended skill directory, choose a dedicated project folder, and review script behavior before using it on important files.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusConcern

SKILL.md

`openclaw.json` 读取优先级：`~/.openclaw/openclaw.json` → `./openclaw.json` → `/etc/openclaw/openclaw.json`; 嵌入子 Agent prompt 前过滤凭据字段（`apiKey`、`token`、`secret`、`password`）

The skill explicitly reads local OpenClaw configuration from user, project, and system locations and acknowledges credential-like fields may be present. This is not declared in the registry requirements as a required config path or credential.

User impactThe skill may inspect local model/provider configuration and could encounter API keys or tokens if they are stored in that configuration.

RecommendationReview or minimize openclaw.json before use, prefer manually entering model IDs if possible, and confirm the scripts/configuration process never copies credential fields into prompts or project files.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityLowConfidenceHighStatusNote

references/lifecycle-phase1-style-preview.md

`sessions_spawn({ task: `${read("references/agent-main-writer.md")} ... ${read("worldbuilding/world.md")} ... ${read("characters/protagonist.md")} ... ${read("outline/outline.md")}`, model: readConfig("meta/config.md", "mainWriter"), mode: "run" })`

The workflow sends project documents to spawned model-agent sessions. This is disclosed and purpose-aligned for multi-agent writing, but it is a data boundary users should notice.

User impactWorldbuilding, character, outline, and draft material may be provided to the configured model/provider agents.

RecommendationUse only trusted model providers for the configured agents and avoid placing unrelated secrets or private data in novel project files.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

references/context-feeding-strategy.md

`fixed-context.md 强制写入规范` ... `Phase 2 写作期间，Coordinator 的固定层输入只读 references/fixed-context.md` ... `resumeRequired = true 恢复时（会话重启后全量刷新）`

The skill stores compressed context and reuses it across chapter generation and session recovery. This persistence is expected for long novel continuity, but cached content can steer later outputs.

User impactIncorrect, unwanted, or sensitive content saved in the project cache and summaries may be reused in future writing tasks.

RecommendationPeriodically review fixed-context.md, rolling summaries, and tracker files, and keep non-project secrets out of the novel workspace.