ClawHub

武侠小说创作主编

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed wuxia-fiction writing workflow that creates and resumes novel files, with no evidence of malware, credential access, networking, or deceptive behavior.

Install this if you want an autonomous wuxia-novel generator that can save and resume work from files. Use a dedicated project/output folder, avoid pointing it at broad private directories, and expect it to make creative decisions and write output files without asking many follow-up questions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill expands a writing/orchestration role into filesystem operations on arbitrary user-specified paths, including scanning and writing intermediate files. That creates unnecessary file-access capability for a non-filesystem-centric skill and can expose, overwrite, or persist sensitive local data if the path is broad or points to unintended locations.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The skill explicitly instructs shell-style directory scanning (`ls`) to enumerate existing files before writing. For a creative-writing skill, this is excessive privilege and increases the chance of unintended data discovery, leakage of filenames, or contextual prompt contamination from unrelated files in the target directory.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The activation examples and metadata make the skill trigger on very generic requests like 'write a story' or 'I want to write a novel,' which can cause the agent to invoke this skill outside the user's intended scope. In a multi-skill environment, overly broad routing can hijack unrelated writing tasks and lead to unexpected autonomous behavior, especially because the README also says the skill will act proactively and make decisions without asking questions.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README states that the skill will 'scan existing files' to detect continuation points and will generate multiple output files, but it does not describe boundaries, consent, or safety restrictions for filesystem access. That creates a risk of unintended reading of user content and unexpected file creation or overwriting, which is more concerning because the workflow is described as fully automatic and not asking the user any questions.

Vague Triggers

High
Confidence
95% confidence
Finding
The trigger phrases are extremely broad and overlap with generic storytelling, writing, and even casual 'tell me a story' requests, causing the skill to activate in situations where the user did not intend heavy orchestration behavior. In context, that broad activation is more dangerous because the skill also performs filesystem scanning and writing, so accidental invocation can lead to unexpected local side effects.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill directs scanning, reading, and saving to user-specified or default paths without an upfront warning that local filesystem actions will occur. This undermines informed consent and can surprise users with persistence of intermediate artifacts, exposure of existing files, or writes into directories they did not realize would be touched.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The eval content reinforces extremely broad trigger behavior by expecting the skill to activate on vague prompts such as general requests to write a story or novel. In an orchestration environment, this can cause unintended invocation over more appropriate skills, leading to incorrect routing, surprise behavior, and possible context leakage into an unnecessary specialist workflow.

Natural-Language Policy Violations

Medium
Confidence
94% confidence
Finding
The skill hard-codes a single Chinese wuxia writing style and locale-specific voice ('还珠楼主' style, 江湖口吻, Chinese-only output conventions) without asking whether the user wants that language/register. This can override user preference, reduce accessibility, and cause unsafe or inappropriate behavior in multilingual contexts because the agent is instructed to force a specific linguistic and cultural output format.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal