Novel
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a local offline novel note/logging CLI, with no evidence of credential or network misuse, but it persistently stores entered data and the command installation is not clearly declared.
This skill looks safe to try if you want a local terminal-based writing log. Before installing or invoking it, confirm that the `novel` command comes from the intended package, and remember that anything you enter may be saved under `~/.local/share/novel/` until you delete it.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If `novel` is not installed by the reviewed skill/package, the command may fail or resolve to a different local program.
The documentation instructs use of a `novel` terminal command, but the registry metadata does not declare how that command is installed or required, so the command source should be verified.
Required binaries (all must exist): none ... No install spec — this is an instruction-only skill.
Before using it, confirm that the `novel` command on your PATH comes from the intended reviewed artifact or trusted package.
Private plot ideas, character notes, or other text entered into the tool can remain on disk and appear in recent, search, stats, or export outputs.
The script creates a persistent local data directory and appends user-provided command content to history/log files.
DATA_DIR="${HOME}/.local/share/novel" ... _log() { echo "$(date '+%m-%d %H:%M') $1: $2" >> "$DATA_DIR/history.log"; }Treat this as a local notebook: avoid entering secrets, and review or delete `~/.local/share/novel/` if you no longer want the stored history.