ClawHub
Back to skill

Security audit

小说AI创作助手

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed novel-writing assistant with optional local manuscript helper scripts, and no hidden network, credential, destructive, or persistent behavior was found.

Install only if you want a Chinese-oriented novel-writing assistant. When using the scripts, point them only at manuscript files or project folders you intend to process, review generated edits before applying them, and use explicit skill invocation if your environment supports multiple skills to avoid broad trigger ambiguity.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (11)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill advertises and documents file-oriented scripts such as outline generation, consistency checking, and word counting, including directory scanning and output-file writing, but it declares no permissions. This creates a trust and enforcement gap: users and hosts may assume a purely conversational writing helper while the skill can read manuscript files and write generated content, increasing the risk of unintended data access or modification.

Tp4

High
Category
MCP Tool Poisoning
Confidence
81% confidence
Finding
The documented behavior extends beyond the stated purpose of ideation, continuation, polishing, and logic checking to include directory-wide word counting, watch-mode monitoring, and outline validation/generation. That mismatch can cause users to invoke the skill under a narrower trust model than its actual capabilities, especially where watch mode continuously monitors local files.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The listed trigger phrases are extremely generic everyday terms such as writing, continuation, polishing, and logic checking, so the skill may activate during ordinary conversation without clear user intent to invoke it. This can cause unintended routing of user prompts into the skill, leading to unexpected behavior, prompt/context hijacking within the skill boundary, or accidental disclosure of user content to the skill workflow.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The example activation wording reinforces ambiguous invocation by advertising common conversational words as triggers without a namespace or explicit command format. In a multi-skill environment, this increases accidental activation risk and makes it easier for unrelated user requests to be captured by this skill instead of normal assistant behavior.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger phrases for story generation are very broad terms like '写小说' and '创作故事', which are common user requests and can cause the skill to activate unintentionally in unrelated contexts. Over-broad activation increases the chance that the skill intercepts prompts unexpectedly, leading to misrouting, policy bypass opportunities, or confusion about which instructions are in effect.

Vague Triggers

Medium
Confidence
92% confidence
Finding
Continuation triggers such as '续写', '扩写', and '接下来呢' are ambiguous conversational phrases that can appear naturally in many chats. This makes accidental activation likely, especially in environments with multiple skills, and can cause the system to apply this skill's behavior when the user did not intentionally select it.

Vague Triggers

Medium
Confidence
91% confidence
Finding
Polishing triggers like '润色', '修改文章', and '改写' are generic editing requests that overlap with ordinary assistant usage. In a shared skill ecosystem, such unconstrained triggers can hijack benign requests and broaden the skill's reach beyond explicit user intent, increasing prompt-routing and instruction-conflict risk.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The trigger phrases for story ideation are broad everyday writing terms such as '写小说' and '创作故事', making accidental activation plausible in general conversation. Broad activation increases the chance the skill will process unrelated user text or begin using file-backed workflows without sufficiently explicit intent.

Vague Triggers

Medium
Confidence
76% confidence
Finding
Continuation triggers like '续写', '继续写', and '接下来呢' are highly ambiguous and can appear in normal conversation or while discussing text informally. This raises the risk of unintended skill activation and downstream processing of prior content, potentially including reading surrounding chapters or applying structured transformations the user did not explicitly request.

Vague Triggers

Medium
Confidence
79% confidence
Finding
Editing triggers such as '润色', '修改文章', and '改写' are generic writing-assistance phrases that overlap heavily with ordinary requests. In a skill that may read files and produce rewritten outputs, accidental activation can lead to unintended transformations, overwrites, or broader-than-expected content handling.

Natural-Language Policy Violations

Medium
Confidence
93% confidence
Finding
The sample content is entirely written in Chinese and presents a Chinese-only output/example format without any indication that the skill can adapt to the user's preferred language. This can cause exclusion, misunderstandings, or unsafe downstream use when users assume the assistant will honor their language choice but the skill implicitly constrains responses to Chinese.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.