ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Novelcraft

v3.2.3

Fully autonomous book author. Creates complete novels from idea to finished PDF/EPUB. Modular workflow with standardized config schema v3.2: Concept → Option...

1· 82·1 current·1 all-time
by@kesuek
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (autonomous book author) align with the instructions: the SKILL.md describes spawning subagents to write chapters, managing manifests, producing PDFs/EPUBs, and optional image generation. The workload (file reads/writes under ~/.openclaw/workspace/novelcraft/, manifest updates, spawning subagents, optional HTTP calls to image providers) is coherent with producing books. Minor mismatch: registry metadata lists no required binaries, but README, GETTING-STARTED and clawhub.yml recommend/expect pandoc and xelatex for publication; this should be clarified (they are optional for image-less/draft output but required for PDF/EPUB generation).
!
Instruction Scope
SKILL.md gives the agent broad operational instructions including killing existing subagent sessions, listing active subagents, spawning new subagents with long timeouts, writing/locking files in the user's workspace, and sending messages/HTTP requests to configured image providers. These actions are within the skill's purpose (orchestration of writing tasks) but are powerful primitives. There are also contradictions in the doc: e.g., a 'DO NOT poll sessions_list' directive exists alongside sample code that calls subagents({action: 'list'}). The samples instruct filesystem locking and automatic retries with up to 3 retries — all expected for orchestration but they grant the skill wide discretion to modify files and manage agent sessions, so test in step-by-step mode first.
Install Mechanism
No install spec and no code files (instruction-only) — low installation risk. Nothing is downloaded or written by an installer. The only runtime effects are via the agent's existing APIs and file system operations described in SKILL.md.
Credentials
The skill declares no required environment variables or credentials, which fits an instruction-only, local-first authoring tool. The docs do discuss optional external image providers and advise storing API keys in environment variables or external secret stores, but those env vars are not required by the skill. This is reasonable for optional features; however, if you enable remote image providers you may end up providing external endpoints and keys — review those carefully before enabling images. No unrelated credentials are requested.
Persistence & Privilege
always:false (good). The skill instructs persistent, repeated file writes to the user's workspace and direct control over subagent sessions (kill, spawn). While this is functionally required for orchestrating chapter subagents, it increases blast radius if the skill runs autonomously. The skill does not request system-wide configuration changes or other skills' credentials, but its ability to kill and spawn sessions and to write manifest files means you should avoid enabling full autonomous mode until you trust the config.
What to consider before installing
This skill appears to be what it claims (an autonomous novel author), but exercise caution before giving it autonomous control. - Start in 'step-by-step' mode (the docs recommend this) and test with a tiny project. - Review SECURITY.md and module-images.md before enabling images. Do not enable external image providers (API endpoints) or paste secrets into project files until you know where data is sent. - Confirm whether you need pandoc/xelatex for your use case; the registry metadata omits them but the docs reference them for PDF/EPUB generation. - Note the skill uses powerful agent APIs (list/kill/spawn subagents and write locks/manifests). Ensure you understand and trust this behavior before running in autonomous mode. - Point out to the maintainer the contradictory guidance (e.g., 'DO NOT poll sessions_list' vs example code that lists subagents) and ask for clearer, minimal privileges for subagent management. - If you plan to use image generation, configure providers to local/offline endpoints where possible and keep API keys in an external secret store (not in project-manifest or module-*.md files). If you want, I can list the exact doc lines that contradict each other and propose a minimal checklist to safely test the skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk97byartzh3cdexcfcd5f1w7wh84bknv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments