InkOS - Autonomous Novel Writing Agent
PassAudited by VirusTotal on May 13, 2026.
Overview
Type: OpenClaw Skill Name: inkos-novel-writer Version: 2.3.3 InkOS is an autonomous novel-writing CLI and web workbench that uses a multi-agent pipeline to generate, audit, and revise fiction. The skill bundle provides a comprehensive set of commands for project initialization, chapter generation, style analysis, and EPUB export. It includes a dedicated security section in SKILL.md emphasizing local-only file I/O, the absence of telemetry, and safe credential handling via environment variables. No indicators of malicious intent, data exfiltration, or harmful prompt injection were found; the tool's extensive capabilities (e.g., file system access and network calls to LLM providers) are consistent with its stated purpose of long-form creative writing.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill requires trusting the npm package and its updates, not just the visible SKILL.md instructions.
The runtime behavior depends on an external npm package, while the provided artifact set contains only SKILL.md and no package source code.
node | package: @actalk/inkos
Install only from the expected package source, review the package/homepage if possible, and pin or verify versions for important projects.
The configured API key can incur provider usage costs and grants access to the selected LLM account or project.
The tool requires an LLM provider credential and correctly encourages using an environment variable rather than putting the key directly in command history.
export OPENAI_API_KEY=sk-xxx inkos config set-global --provider openai --base-url https://api.openai.com/v1 --api-key-env OPENAI_API_KEY --model gpt-4o
Use a dedicated, least-privileged API key with spending limits, and avoid sharing project folders or logs that might reveal configuration.
Creative briefs, imported chapters, style references, and story context may be processed by the configured model provider.
The skill can send writing context to user-configured external model endpoints, including custom/proxy providers; the documentation warns users to trust those endpoints.
custom OpenAI-compatible provider support ... For compatible/proxy endpoints, use --provider custom and point ONLY to trusted endpoints
Use only trusted model endpoints and avoid sending confidential manuscripts or private source material unless the provider’s data handling terms are acceptable.
Imported text, worldbuilding notes, and generated story facts can remain in project files and influence later chapters.
The skill keeps persistent local story state and retrieval memory so future writing can reuse prior context.
Truth files are persisted as schema-validated JSON (`story/state/*.json`) ... SQLite temporal memory database (`story/memory.db`) enables relevance-based retrieval
Keep projects in trusted directories, review or delete memory/state files when importing sensitive material, and avoid mixing unrelated private content into a writing project.
Large batch runs can consume API credits and make many local project changes before the user reviews the output.
The tool intentionally automates multi-agent drafting, auditing, and revision, which is central to its purpose but may run multiple model calls per chapter.
generate, audit, and revise novel content with zero human intervention per chapter ... Self-correction loop runs until all critical issues clear
Start with small chapter counts, monitor token/cost usage, and review chapters before using approve-all or exporting.