Back to skill

Security audit

laolei novel writer

Security checks across malware telemetry and agentic risk

Overview

This skill is a novel-writing helper that openly uses local story files to keep chapters consistent, with no executable code or hidden access found.

Install this if you want an assistant to maintain local files for a novel project. Use a dedicated folder, review generated summaries because they guide later chapters, and avoid including private information unless you are comfortable with it being saved in those project files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs the agent to create and continually modify local files like outline.md, chapters_summary.md, and deceased.md without an explicit warning or confirmation boundary for file writes. In an environment where the agent can access the filesystem, this can lead to unintended file creation, overwriting, or persistent storage of sensitive user-provided content, especially because the workflow normalizes repeated reads and writes across sessions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.