ClawHub

Novel Craft

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed novel-writing workflow skill that can research online and modify local story project files, with no evidence of malware or deceptive behavior.

Install this only for a novel project where you are comfortable with a file-backed assistant creating and editing outlines, settings, timelines, chapters, and rewrite logs. For existing drafts, ask the agent to preview affected files and confirm before web research or ripple rewrites, and keep version control or backups enabled.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill mandates automatic WebSearch and WebFetch of external content based on user-provided genre/style keywords, expanding behavior beyond local project management into network retrieval without clear necessity or user confirmation. This increases exposure to prompt-injection from fetched pages, untrusted content influencing outputs, and undisclosed external access that may surprise users or violate deployment expectations.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger phrases are broad and overlap with normal writing conversation such as '继续写' or '写大纲', which can cause the skill to activate unexpectedly. In a skill that can create files, modify project state, and initiate rewrite workflows, ambiguous activation materially increases the risk of unintended actions and unauthorized changes from casual conversation.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill describes automatic web retrieval and writing extracted techniques into project files without clearly warning the user that it will access external resources and persist data locally. Hidden network and file-write side effects reduce informed consent and can lead to privacy, compliance, and integrity issues if triggered unexpectedly.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The project initialization, chapter generation, and ripple-rewrite design can create and modify many local files, yet the skill does not clearly warn users about the scope of filesystem changes. In context, this is more dangerous because the skill is designed for broad automatic rewrites across dependent chapters, so a single activation could overwrite substantial creative work or generate large unreviewed changes.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal