Security audit

Novel Master

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Chinese novel-writing assistant that creates local project files and trackers, with no evidence of hidden data access or exfiltration.

Install this if you want a structured, persistent novel-writing workflow. Expect local files to be created and updated under ~/.qclaw/workspace/novels/ for outlines, chapters, foreshadowing, conflicts, and progress state. Use simple book names without slashes or path components, and ask the agent to confirm before creating or modifying project files if you only want a quick story draft.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Rogue AgentSelf-Modification, Session Persistence
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (6)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill instructs the agent to read multiple reference files and write to project files under ~/.qclaw/workspace/novels, but no permissions are explicitly declared. That creates an implicit file access surface where the runtime or reviewer may underestimate the skill's capabilities, increasing the risk of unintended local file reads/writes if the skill is auto-enabled or loosely sandboxed.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 96% confidence
Finding: 这是描述与实际行为不符的情况。描述声称是一个覆盖长篇小说创作全链路的技能包，重点在内容创作与策划能力；但代码仅在本地 ~/.qclaw/workspace/novels 下创建目录和模板文件、维护 state.json，并对 foreshadowing.json 做增删查改式管理。它没有实现世界观设定生成、人物塑造、大纲规划、分章撰写、连续剧情创作、章节悬念生成或质量控制等主要宣称能力。虽然代码与小说写作场景相关，但其主用途更接近“项目脚手架与追踪工具”，与声明的核心能力存在实质差异，因此应判定为 mismatch。

Missing User Warnings

Low

Confidence: 88% confidence
Finding: The README presents automatic project scaffolding, file creation, and state tracking in the user's workspace without clearly warning that local files and persistent state will be created or updated. In an agent setting, undocumented write behavior can violate user expectations, reduce informed consent, and increase the chance of unintended workspace modification.

Vague Triggers

Medium

Confidence: 81% confidence
Finding: The trigger description includes broad phrases such as 写小说、创作故事、分章节写作、连续剧情、章节悬念、长篇小说, which can match many ordinary creative-writing requests. Overbroad activation can cause the skill to engage when the user did not intend it, leading to unnecessary file operations, forced workflows, or unexpected style constraints.

Natural-Language Policy Violations

Medium

Confidence: 74% confidence
Finding: The skill defaults to Chinese publication-style writing and states that publication-grade is the default target without offering a language or style choice first. While not a classic security flaw, this can override user intent and make the skill activate in ways the user did not authorize, especially when combined with broad triggers and file-writing behavior.

Session Persistence

Medium

Category: Rogue Agent
Content: ### Start Writing Just tell your AI: **"I want to write a mystery novel"** The AI will automatically: 1. Load genre references → 2. Generate a Creative Brief → 3. Produce Arc Outlines → 4. Write chapters → 5. Track foreshadowing → 6. Self-check quality
Confidence: 81% confidence
Finding: write a mystery novel"** The AI will automatically: 1. Load genre references → 2. Generate a Creative Brief → 3. Produce Arc Outlines → 4. Write chapters → 5. Track foreshadowing → 6. Self-check qual

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal