FBS-BookWriter
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This book-writing skill is mostly coherent, but it needs review because it runs many local scripts and signals undeclared account, credential, purchase, and persistent-memory capabilities.
Install only if you trust the publisher and are comfortable with local Node scripts running in your project. Use a dedicated book folder, avoid giving tokens or purchase permissions unless the skill clearly explains why, and confirm how .fbs and host-memory data can be reviewed and deleted.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may run local scripts that read and write files in the chosen project, build deliverables, and perform checks.
The skill intentionally gives the agent local command-execution workflows. This is disclosed and central to the book-writing pipeline, but it is still powerful local tooling.
便于在 Gateway 内用 **shell/exec** 调用同一套 Node 工具链 ... 使用 OpenClaw **exec / shell**;**cwd 必须为技能根**
Use a dedicated book project folder, keep the working directory constrained to the skill/book root, and review high-impact commands before allowing them.
Installing and using the skill means allowing its Node scripts to execute locally.
Static scan evidence shows the package spawns Node subprocesses. The visible snippets mostly run bundled scripts, which matches the stated script-driven design.
const child = spawn(process.execPath, [scriptPath, ...args], {Install only from a trusted source, prefer sandboxing where possible, and avoid running optional maintenance or publishing scripts unless you understand them.
npm installation may download and execute package lifecycle code from dependencies.
The skill relies on npm dependencies after installation. This is normal for its Node-based export/build features, but dependency provenance matters.
在技能根执行一次依赖安装: `npm install`(Node ≥18;可选依赖用于 HTML/Docx 等,见 `package.json` `optionalDependencies`)
Review package.json/lockfile when available, install in a controlled environment, and keep dependencies updated.
The skill may contain account, token, entitlement, or purchase-related paths that are not clearly explained in the installation/credential contract.
These high-impact capabilities conflict with the registry requirement section that declares no env vars and no primary credential.
- can-make-purchases - requires-oauth-token - requires-sensitive-credentials
Before installation or use, require the publisher to document exactly which credentials are used, their scopes, whether any purchase/credit action can occur, and what user confirmation is required.
Draft content, preferences, project state, or summaries may persist across sessions and could affect later writing unless cleared.
The skill stores and mutates persistent project/host memory. This supports session recovery, but it can also preserve sensitive writing context or influence future sessions.
"hostMemory": {
"operations": ["create", "update", "delete"],
"updateRequiresId": true,
"deleteOnUserContradiction": true,
"authoritativeBookState": ".fbs/smart-memory/ 与 session-exit 落盘"Use this only for projects where persistent memory is acceptable, and ask for clear controls to view, export, disable, and delete stored memory.