ClawHub

Junli Ai Novel

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local novel-writing workflow skill that reads and updates project writing files, with no evidence of hidden network use, credential access, or destructive behavior.

Install this only for novel projects where you are comfortable letting the agent read outlines, character notes, timelines, prior chapters, and update project memory files. Use explicit project paths and review generated governance/runtime files before relying on them for important story-state changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
78% confidence
Finding
The continuation triggers include very generic phrases like 'continue writing' or 'next chapter', which can overlap with normal conversational language and cause the workflow to activate when the user did not intend a full project-resume operation. In this skill, unintended activation is more dangerous because the continuation path instructs reading multiple project memory files and potentially creating new runtime/planning artifacts.

Vague Triggers

Medium
Confidence
75% confidence
Finding
Memory-recovery triggers such as 'restore context' or 'wake memory' are ambiguous and may match ordinary user requests that do not mean 'scan and rebuild project memory'. Because this workflow explicitly reports missing files and reconstructs context from existing documents/body text, accidental invocation could expose or process more stored project content than necessary.

Vague Triggers

Medium
Confidence
77% confidence
Finding
The longform-governance trigger list contains broad terms like 'phase planning', 'structural change', or 'ultra-longform control', leaving activation boundaries to AI judgment. This is risky because the skill may enter a governance/audit mode unexpectedly, read or modify high-level planning documents, and block or redirect normal writing tasks without clear user intent.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal