FBS-BookWriter
PassAudited by VirusTotal on May 10, 2026.
Overview
Type: OpenClaw Skill Name: fbs-bookwriter Version: 2.1.2 The FBS-BookWriter skill bundle is a highly sophisticated multi-agent framework for long-form document creation and management. It features a robust security architecture, including a command approval policy (command-approval-policy.mjs) that explicitly blocks destructive shell commands and a path-sanitized local preview server (presentation-preview-server.mjs). The system implements extensive self-auditing through various 'gate' scripts and maintains a strict 'Virtual Study' boundary (.fbs directory) for state management. While it includes complex features like 'Self-Enhancement Evolution' and 'Smart Memory,' these are designed to refine AI strategies and user preferences locally; no evidence of data exfiltration, malicious persistence, or unauthorized remote execution was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may run local scripts that read and write files in the chosen project, build deliverables, and perform checks.
The skill intentionally gives the agent local command-execution workflows. This is disclosed and central to the book-writing pipeline, but it is still powerful local tooling.
便于在 Gateway 内用 **shell/exec** 调用同一套 Node 工具链 ... 使用 OpenClaw **exec / shell**;**cwd 必须为技能根**
Use a dedicated book project folder, keep the working directory constrained to the skill/book root, and review high-impact commands before allowing them.
Installing and using the skill means allowing its Node scripts to execute locally.
Static scan evidence shows the package spawns Node subprocesses. The visible snippets mostly run bundled scripts, which matches the stated script-driven design.
const child = spawn(process.execPath, [scriptPath, ...args], {Install only from a trusted source, prefer sandboxing where possible, and avoid running optional maintenance or publishing scripts unless you understand them.
npm installation may download and execute package lifecycle code from dependencies.
The skill relies on npm dependencies after installation. This is normal for its Node-based export/build features, but dependency provenance matters.
在技能根执行一次依赖安装: `npm install`(Node ≥18;可选依赖用于 HTML/Docx 等,见 `package.json` `optionalDependencies`)
Review package.json/lockfile when available, install in a controlled environment, and keep dependencies updated.
The skill may contain account, token, entitlement, or purchase-related paths that are not clearly explained in the installation/credential contract.
These high-impact capabilities conflict with the registry requirement section that declares no env vars and no primary credential.
- can-make-purchases - requires-oauth-token - requires-sensitive-credentials
Before installation or use, require the publisher to document exactly which credentials are used, their scopes, whether any purchase/credit action can occur, and what user confirmation is required.
Draft content, preferences, project state, or summaries may persist across sessions and could affect later writing unless cleared.
The skill stores and mutates persistent project/host memory. This supports session recovery, but it can also preserve sensitive writing context or influence future sessions.
"hostMemory": {
"operations": ["create", "update", "delete"],
"updateRequiresId": true,
"deleteOnUserContradiction": true,
"authoritativeBookState": ".fbs/smart-memory/ 与 session-exit 落盘"Use this only for projects where persistent memory is acceptable, and ask for clear controls to view, export, disable, and delete stored memory.