ClawHub

大女主小说创作主编

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed novel-writing workflow that can read and write local output files, with some routing and path-scope caveats but no evidence of malware, credential access, network exfiltration, or destructive behavior.

Install only if you want an autonomous long-form fiction workflow. Use a dedicated output folder, do not point it at sensitive directories, and expect it to inspect existing novel files in that folder for continuation and create final/intermediate writing files there.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The README examples broaden activation beyond the manifest’s stricter trigger conditions, encouraging invocation from generic writing requests like '写一个后宫为背景的权谋故事'. That mismatch can cause the skill to activate without the explicit user intent required by the metadata, leading to unintended autonomous behavior and file-processing side effects.

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
Stating that the editor 'never asks any questions' and operates fully autonomously conflicts with the manifest’s requirement to trigger only on explicit intent. In ambiguous cases, this bias toward self-starting behavior increases the chance of unauthorized activation and downstream actions without sufficient user confirmation.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The invocation examples include broad, everyday writing phrases that can match ordinary conversation rather than a clearly scoped request for this specific skill. In a skill-routing system, such examples can train or encourage over-triggering, causing the agent to launch a multi-step workflow when the user did not intend it.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The README describes autonomous workflow stages including scanning existing files and producing multiple outputs, but does not clearly warn users about those side effects at the point of use. This reduces informed consent and can surprise users with unintended reads of prior content or writes into project directories.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs the agent to save a TXT file to a path supplied by the caller and to create missing directories, but it imposes no restriction on where that path may point. In an agent environment with filesystem tools, this can enable arbitrary file writes or directory creation outside an intended workspace, potentially overwriting sensitive files or planting content in privileged locations.

VirusTotal

53/53 vendors flagged this skill as clean.

View on VirusTotal