ClawHub
Back to skill

Security audit

Skills

Security checks across malware telemetry and agentic risk

Overview

InkOS is a disclosed novel-writing tool that uses an LLM API key, local project files, and an optional localhost web UI; the main risks are ordinary setup and data-handling risks rather than malicious behavior.

Before installing, verify the npm package and GitHub source, use API keys through environment variables, keep project folders private, add inkos.json, logs, books, story state, and memory files to .gitignore, and do not expose InkOS Studio beyond a trusted local machine. Make backups before using rename, replace, rewrite, delete, import, or daemon workflows.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The security section makes a materially misleading claim: it says there is 'no network listening port' while elsewhere the skill explicitly documents `inkos studio` binding a local web server on `localhost:4567`. Misstating the attack surface can cause operators to deploy or trust the tool under false assumptions, especially on shared hosts, forwarded ports, or misconfigured localhost exposure scenarios.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The rename and replace workflows describe bulk content mutation across chapters and truth files, but do not prominently warn that these are state-changing operations with potentially irreversible project-wide effects. In an agent-driven environment, natural-language commands can be issued casually, making unintended mass edits or canon corruption more likely if the caller assumes these are preview or analysis actions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.