Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Novel Studio
v1.2.2End-to-end Chinese web novel production workflow for turning a novel idea into a structured deliverable project. Covers hot-search and trend scan, discovery...
⭐ 0· 200·3 current·3 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's stated purpose (end-to-end novel production) legitimately explains many of the included artifacts (workflow docs, dispatcher helpers, state persistence). However the registry metadata claims "instruction-only" with no required binaries or env vars while the bundle actually contains ~33 Python scripts that the SKILL.md expects parents to import/run (prepare_dispatch, finalize_dispatch, advance_autopilot, sync_to_feishu_wiki, etc.). That mismatch (no declared Python runtime or config requirements) is incoherent and should be explained.
Instruction Scope
SKILL.md directs the agent/parent to read and write canonical project files (e.g., under /root/.openclaw/novels/[name]), persist .novel-state.json, manage staging branches, spawn/wait for subagents, and optionally sync to Feishu Wiki. Those file I/O and network-capable instructions go beyond a pure in-chat skill and are not reflected in declared requirements. The instructions are otherwise consistent with the stated workflow, but they authorize reading/writing project files and doing external syncs without declaring the needed runtime/credentials.
Install Mechanism
The registry lists no install spec (lowest-risk form), but the package includes many Python scripts intended to be executed or imported by a parent agent. There is no declared requirement for Python, no packaging/install instructions, and no guarantee the environment will have a compatible interpreter or safe execution constraints. That is an engineering/metadata inconsistency rather than an explicit malicious install mechanism.
Credentials
Declared required env vars: none. Yet the skill references network sync (Feishu Wiki) and spawn/wait agent operations which typically need API tokens or platform permissions. The absence of declared credentials (Feishu API token, workspace id, or other network auth) is suspicious: if you enable Feishu sync or run the sync script, the code may expect secrets or fail; if the scripts embed endpoints or expect to read auth from filesystem, that increases risk. In short: requested/declared environment access is under‑specified relative to the skill’s actions.
Persistence & Privilege
The skill does not request always:true and does not claim system-wide privileges. However the runtime instructions and scripts are designed to persist project state and files under /root/.openclaw/novels (a system path). That file-write ability is coherent with the skill's purpose (project persistence) but it is significant — the package will create and modify files on disk and may perform network syncs. The manifest did not declare required config paths, which is an inconsistency to review.
What to consider before installing
This package appears to implement a detailed, file-backed novel production workflow and includes many Python helper scripts — but the registry metadata does not declare a Python/runtime requirement, nor any credentials for optional Feishu Wiki sync. Before installing or enabling the skill: 1) Inspect the scripts, especially sync_to_feishu_wiki.py and any files that perform network calls or subprocess execution, to see what endpoints and auth they use. 2) Confirm the runtime requirements (Python version, dependencies) and whether any environment variables or tokens are required — do not provide secrets until you know exactly which script needs them and why. 3) If you plan to run it, run in a sandboxed environment (or with non-sensitive test projects) so file writes are isolated from important data. 4) If you want Feishu sync, request the skill owner to declare required env vars (API token, tenant/app id, required scopes) in the registry metadata and to document secure handling of tokens. 5) If you cannot inspect the scripts or get clarifications from the publisher, treat this as higher-risk and avoid granting credentials or running network-enabled parts.Like a lobster shell, security has layers — review code before you run it.
chinesevk97f9t7ynwemb26g09v3wsb6gn83vfjflatestvk974c53jxj19e1w2jq0zg4x52d83vt7vnovelvk97f9t7ynwemb26g09v3wsb6gn83vfjfworkflowvk97f9t7ynwemb26g09v3wsb6gn83vfjfwritingvk97f9t7ynwemb26g09v3wsb6gn83vfjf
License
MIT-0
Free to use, modify, and redistribute. No attribution required.