fiction-crafter

Security checks across malware telemetry and agentic risk

Overview

This is a coherent fiction-writing skill that saves local story files and notes as advertised; the main caution is that its optional clean command can delete prior drafts and notes.

Use this in a dedicated novel project folder. Expect it to create and update `output/` chapter files and `.learnings/` continuity notes. Do not run `./scripts/init-novel.sh ... --clean` unless you are ready to remove prior generated chapter markdown and reset the skill's stored story state.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 94% confidence
Finding: The skill explicitly requires file read/write access and instructs the agent to create and update many workspace files, but it does not declare permissions in a structured way. This creates a transparency and consent gap: users may invoke what appears to be a writing skill without realizing it will persist state and modify files across the workspace.

Missing User Warnings

Low

Confidence: 83% confidence
Finding: The README states that the skill will automatically generate chapter files and update `.learnings/` memory files, but it does not clearly warn users that running the skill modifies the local workspace. In agent environments, silent file creation or mutation can surprise users, overwrite content, or pollute repositories, especially when outputs are written automatically over multiple steps.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill repeatedly instructs creation and modification of files under `output/` and `.learnings/` without a prominent warning that using the skill has filesystem side effects. In a broad-trigger writing skill, silent writes can surprise users, overwrite existing content, or persist sensitive material they did not expect to store.

Missing User Warnings

High

Confidence: 99% confidence
Finding: The initialization instructions say the script will clear prior records in `.learnings/` but do not provide a strong destructive-action warning, backup guidance, or confirmation requirement. This can lead to irreversible data loss of prior project state, especially because the skill is designed for iterative long-form writing where those records are essential continuity data.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal