ClawHub

Chinese Novelist Skill

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Chinese novel-writing skill that creates local story files and runs a simple word-count helper, with no evidence of hidden data access or malicious behavior.

Install only if you are comfortable with the skill creating and updating a local novel folder after you approve the plan. Use a dedicated workspace, choose a simple novel name, check for existing files before starting, and remember that Python will be used to run the bundled word-count checker.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill instructs reading local files such as `00-大纲.md` and prior chapter files, but it declares no corresponding permissions or user-visible warning. That creates hidden file-access behavior: the agent may inspect workspace content beyond what users reasonably expect from a 'novel writing' skill, increasing the risk of unintended data exposure or overbroad access.

Tp4

High
Category
MCP Tool Poisoning
Confidence
82% confidence
Finding
The skill is presented as a writing assistant, but its behavior also includes local file inspection and script-driven word-count analysis. This mismatch is dangerous because users may invoke it expecting pure text generation while the skill actually reads and processes filesystem content and executes helper scripts, reducing informed consent and making side effects less visible.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README explicitly encourages unattended, multi-chapter generation and shows output being written into many files under a local `novels/` directory, but it does not clearly warn users that the skill may create a large number of files or consume substantial local resources. In an agentic coding environment, silent bulk file creation can surprise users, clutter repositories, overwrite adjacent content if path handling is later broadened, and make misuse easier because the user is told they can 'leave the workbench' while it runs.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill directs the agent to create project folders and write multiple local files without clearly warning the user in the public description. Hidden write behavior can modify the user's workspace, overwrite content, or leave persistent artifacts unexpectedly, which is especially risky for broadly triggered skills.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill requires running a local Python script for word-count checks, but this execution behavior is not clearly disclosed to users. Any hidden shell or script execution expands the attack surface: it depends on local environment state, can fail unpredictably, and may be abused if script paths or surrounding files are modified.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal