Back to skill

Security audit

InkOS - Autonomous Novel Writing Agent

Security checks across malware telemetry and agentic risk

Overview

InkOS is a coherent novel-writing tool whose file edits, API-key use, local memory, and automation are disclosed and aligned with its purpose.

Install only if you trust the npm package and the LLM provider you configure. Use a dedicated API key with spending limits, avoid untrusted custom base URLs, keep private manuscripts in protected project folders, and use version control or exports before running bulk rename, rewrite, delete, daemon, or multi-chapter generation workflows.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The natural-language control path is documented as a primary entry point and can trigger stateful operations such as rewriting chapters, switching modes, and updating project artifacts, but it lacks a nearby warning that free-form prompts may cause file modifications. In an external-agent setting, ambiguous or prompt-injected instructions could lead to unintended writes or broad project changes with limited user awareness.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The rename and replace workflows explicitly support bulk modifications across chapters and truth files, but the documentation does not emphasize scope, reversibility, or backup requirements. In practice, a mistaken or adversarial instruction could corrupt large portions of a project in one pass, especially when routed through a natural-language agent interface.

Ssd 3

Medium
Confidence
85% confidence
Finding
The interaction flow returns updated sessions, execution state, pending decisions, and recent interaction events, and elsewhere the skill advertises structured logging and persisted project artifacts. For external-agent use, this creates a real data-retention surface where user prompts, generated content, and operational metadata may be stored or exposed longer than expected, increasing privacy and leakage risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.