ClawHub

Novel Assistant

Security checks across malware telemetry and agentic risk

Overview

This is a coherent novel-writing helper that manages local manuscript memory files, with expected but important file-change and optional Git-sync risks.

Install this only if you want an assistant to read and update local novel project files. Before compression or Git sync, verify the exact target file, keep an independent backup or commit, and remember that pushing to a remote Git repository publishes manuscript data to that repository.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
The documentation includes git remote add, git push, and git pull workflows, which introduce networked data transfer outside a purely local writing-assistant function. If followed blindly, users may publish proprietary drafts, notes, or sensitive collaboration metadata to remote repositories without adequate warning, review, or access-control guidance.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The trigger list contains broad everyday terms such as 小说, 章节, and 世界观, which can cause the skill to activate in contexts where the user did not intend file operations or stateful novel management. In a skill that can read, write, compress, and back up local files, accidental invocation increases the chance of unintended data modification or leakage across works.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill describes file-affecting operations such as local backup, memory compression, and version synchronization without clear warnings about overwrite, truncation, merge conflicts, or accidental disclosure. Because these actions can alter or remove user-authored material, the lack of risk disclosure and confirmation makes data loss and unintended exposure more likely.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script performs an in-place replacement by renaming the original file to a fixed .md.bak path and then writing a new file without confirmation, atomic replacement, or protection against backup overwrite. If run repeatedly or interrupted between rename and write, it can destroy the current file and prior backup, causing irreversible data loss in a tool intended to manage long-form creative work.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal