ClawHub

AI Novel Writer

Security checks across malware telemetry and agentic risk

Overview

This writing skill is not malware, but it asks the agent to automatically read project files and browse the web broadly without clear user control.

Install only if you are comfortable with the agent using this skill to inspect writing materials in the same project and perform web research. Keep unrelated private files, secrets, client material, or unpublished sensitive drafts out of the project folder, and instruct the agent to ask before browsing or to use specific approved sources.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill explicitly authorizes automatic full-network searching and states that access to all related websites is unrestricted, even though the stated purpose is ordinary text generation. This creates an unnecessary data-access and retrieval surface that could expose users to untrusted content, leak contextual data through outbound queries, or bypass normal user-consent expectations for network access.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill instructs automatic reading of multiple project files, including worldbuilding, outlines, and prior generated content, without user authorization. For a general writing skill, this is over-privileged behavior that can expose unrelated or sensitive project data and violates least-privilege expectations.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The skill is defined as applicable to essentially all body-text generation scenarios, with no meaningful boundaries on when it should activate. Overly broad triggering increases the chance that the skill runs in unintended contexts and combines with its automatic file-reading and web-access behaviors to perform actions users did not expect.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill describes automatic access to existing project content without a user-facing warning or consent mechanism. In context, this is more dangerous because the skill is marketed as a generic writing tool, so users may not realize it will inspect prior files and internal materials by default.

Missing User Warnings

High
Confidence
97% confidence
Finding
The documentation states that online searches and website access occur automatically and without restriction, yet gives no adequate warning to the user. This is especially risky in a general-content skill because it can silently contact external services, ingest malicious or low-trust content, and transmit sensitive prompt context through search terms.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal