Back to skill

Security audit

Novel Writer V3.2 - 小说写作引擎

Security checks across malware telemetry and agentic risk

Overview

This is a text-only novel-writing workflow whose file reading and saving behavior matches its stated purpose, with some user-control caveats.

Install this only if you want an agent to manage a novel project, read manuscript/context files, maintain writing state, and save or rewrite chapter files. Use a dedicated folder, keep backups or version history, and confirm filenames and overwrites before asking it to continue or rewrite existing work.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger phrases in the metadata are broad, generic writing terms such as novel writing, outlining, rewriting, and quality checking, which can easily overlap with ordinary user requests. This increases the chance of unintended activation and misrouting, causing the skill to take over interactions the user did not explicitly intend to delegate to this workflow.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The scene routing table maps ambiguous phrases like '写小说', '续写', '导入', and '检查质量' directly into operational modes without clear disambiguation or user confirmation. In a shared assistant environment, this can cause accidental invocation of import, resume, or rewrite behavior that reads prior state or performs file-related actions beyond the user's immediate expectation.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill specifies '保存到文件' as part of the chapter-writing workflow but does not disclose that file writes will occur or require explicit user consent. Silent persistence can surprise users, overwrite existing work, or leave sensitive drafts stored on disk without the user's awareness.

Missing User Warnings

Low
Confidence
82% confidence
Finding
The import and resume flows analyze existing novel content and internal state, but the skill does not explain how that data is handled, retained, or minimized. While this is not inherently malicious, it creates privacy and transparency risks because users may provide unpublished manuscripts or personally identifying material embedded in drafts.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.