Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Novel Writer Agent
v1.0.0小说创作智能体。当需要生成小说大纲、撰写正文、管理写作进度时触发本技能。用于:(1) 根据选题策划文档生成完整小说大纲 (2) 分章节创作正文 (3) 质量自检和敏感词过滤 (4) 中英文双语创作 (5) 素材库管理和调用
⭐ 0· 37·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name and description (novel outline, per-chapter writing, quality checks, bilingual support,素材库管理) match the SKILL.md instructions. However, the skill repeatedly promises a persistent '素材库' (automatic addition, periodic cleanup) but declares no install, no config paths, and no environment variables — the mechanism for storage/persistence is unspecified.
Instruction Scope
Runtime instructions are focused on generating outlines, writing chapters, performing self-checks (including sensitive-word filtering), and managing a素材库. The instructions do not direct the agent to read unrelated system files, request unrelated credentials, or transmit data to third-party endpoints. They do assume receiving a '选题策划师文档' as input, but do not specify where that document comes from.
Install Mechanism
There is no install spec and no code files — lowest risk from installation. The skill is instruction-only, so nothing will be written to disk by an installer. This is consistent with an in-conversation writing assistant.
Credentials
The skill requests no environment variables or credentials, which is appropriate for a pure writing assistant. But its stated features (自动入库, 定期清理, 素材库积累) imply a need for persistent storage or external services; the skill provides no details or required access for that, creating an ambiguity about where data will be kept and who can access it.
Persistence & Privilege
always is false and the skill does not request system privileges or to modify other skills. The only persistence concern is functional: the skill promises a素材库 lifecycle (add, clean, prioritize) without declaring how or where it will persist that data. That could be harmless (ephemeral in-agent memory) or could hide use of an external store — the SKILL.md does not specify.
What to consider before installing
This skill's behavior and instructions match a novel-writing assistant, but there are unanswered questions you should resolve before trusting it with real or sensitive drafts:
- Provenance: the package has no source or homepage and the owner is unknown; prefer skills with an identifiable source.
- Persistence: ask how the '素材库' is stored (local ephemeral state vs. external database/cloud). If data is stored externally, get details about the storage location, access controls, and retention/ deletion policies.
- Sensitive-content handling: the skill claims sensitive-word filtering and '禁止违禁内容' — ask which filter list and process it uses and whether filtering happens locally or is sent to external services.
- Access & permissions: confirm it will not request credentials or access other system resources; test with non-sensitive sample documents first.
If the author provides a clear storage design (where material library is kept, who can access it) and a source repo/homepage, the remaining concerns are minor. Without that, treat the skill cautiously.Like a lobster shell, security has layers — review code before you run it.
latestvk977nxaw6v2tg83966cphzycrx842d5g
License
MIT-0
Free to use, modify, and redistribute. No attribution required.