Back to skill

Security audit

novel-master v2

Security checks across malware telemetry and agentic risk

Overview

This is a coherent novel-writing helper, but its state-management scripts can write outside the intended workspace if project or character names contain path characters.

Install only if you want a persistent long-form Chinese novel workflow. Expect it to create and update project files under ~/.qclaw/workspace/novels, and avoid using book or character names containing slashes, absolute paths, or ../ until the publisher adds path validation and a clearer opt-in step for stateful project setup.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill explicitly instructs creation and updating of files under a workspace directory, including project folders, tracker JSON files, and state.json, but no corresponding permissions are declared. This creates a capability/permission mismatch that can lead to unintended file system access or unsafe execution assumptions by the host environment.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The activation example uses a very generic trigger phrase like '我要写一本悬疑小说', which overlaps heavily with ordinary writing requests and can cause the skill to activate without clear user intent to use this specific package. In an agent ecosystem, overly broad activation increases the chance of unintended takeover of common tasks, potentially overriding other tools or injecting its workflow when the user only asked for general help.

Natural-Language Policy Violations

Medium
Confidence
78% confidence
Finding
The README frames the skill as a publication-grade Chinese novel creation package by default, but does not clearly require confirmation that the user wants Chinese output. This can lead to mismatched language behavior, causing the agent to steer users into Chinese-language generation or assumptions about output style without explicit consent.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The trigger description includes broad requests such as writing novels, stories, chapter-by-chapter writing, and long-form fiction, which can match common user phrasing and cause the skill to activate unexpectedly. Over-broad activation increases the chance the skill takes over benign creative requests and performs file-oriented workflow steps the user did not intend.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.