Novel Character Graph
AdvisoryAudited by VirusTotal on Apr 26, 2026.
Overview
Type: OpenClaw Skill Name: novel-character-graph Version: 1.0.2 The skill bundle provides functional scripts for novel analysis and character mapping, but the SKILL.md file contains high-risk instructions. Specifically, it directs the AI agent to install system-level dependencies (e.g., via sudo apt install) and explicitly states that this should be done 'without user approval' (无需用户批准即可安装依赖). While these tools (pandoc, calibre, etc.) are relevant to the stated purpose, instructing an agent to bypass user consent for system modifications is a significant security risk and a potential prompt-injection vector for unauthorized execution.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a novel file or extracted character data contains HTML or script-like text, opening the generated report could run unwanted browser code.
Character names and descriptions are inserted directly into generated HTML/SVG without HTML escaping or sanitization.
<h3 class="text-xl font-bold text-orange-400 mb-2">{char['name']}</h3> ... {char.get('identity', '')} ... f'{char["name"][:4]}</text>'Escape all user-derived fields with html.escape, avoid inserting raw strings into HTML/SVG, and consider a restrictive Content Security Policy for generated reports.
Opening the report may contact third-party services, and the remote Tailwind script runs in the page that contains the generated analysis.
Generated reports load third-party JavaScript and fonts from external CDNs at viewing time.
<script src="https://cdn.tailwindcss.com"></script> ... @import url('https://fonts.googleapis.com/css2?family=Ma+Shan+Zheng&family=Noto+Sans+SC...Use bundled local CSS/assets for offline reports, or clearly warn users before generating HTML that depends on third-party web resources.
Running that example in the wrong folder could overwrite text files or convert files that were not intended for this project.
The reference handbook includes a user-directed bulk conversion command that overwrites every .txt file in the current directory after conversion.
for f in *.txt; do ... iconv -f GBK -t UTF-8 "$f" -o "${f%.txt}_utf8.txt" ... mv "${f%.txt}_utf8.txt" "$f" ... doneRun conversion commands only in a copy of the target folder, keep backups, and prefer writing converted files to a separate output directory.
The visible instructions look coherent, but hidden formatting/control characters reduce transparency and make the original source harder to audit.
The neutralized artifact metadata indicates hidden/comment content and Unicode control characters were removed from SKILL.md before display.
"hiddenCommentBlocksRemoved": 1, "controlCharactersRemoved": 6
Inspect the raw SKILL.md before installation and remove any hidden comments or Unicode control characters that are not necessary.