Story Writer

Security checks across malware telemetry and agentic risk

Overview

This is a coherent story-writing helper that stores drafts and simple usage history locally, with no evidence of credential access, exfiltration, destructive behavior, or hidden automation.

Install only if you are comfortable with story drafts, character names, and basic command history being retained locally under the story-writer data directory. Avoid saving confidential unpublished material unless local retention and backups on this machine are acceptable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Low

Confidence: 87% confidence
Finding: The logging helper writes command activity to a persistent history file without any user-facing disclosure, which can silently retain sensitive story titles, genres, and potentially personal or confidential creative material. In a writing tool, users may input proprietary or private content, so undisclosed retention creates a privacy risk even though the data stays local.

Missing User Warnings

Low

Confidence: 89% confidence
Finding: The save command stores full draft content on disk but does not clearly inform the user of the storage path before or during the operation. This can lead users to unknowingly persist sensitive or proprietary text locally, which is a privacy and data-handling transparency issue.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal