v1.2.2

Novel Studio

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:13 AM.

Analysis

No malicious behavior is evidenced; this is a coherent novel-writing workflow that persists project files, can use child agents, and optionally syncs to Feishu, so users should understand those features before enabling them.

GuidanceThis skill appears suitable if you want a structured, file-backed novel production pipeline. Before installing, be aware that it will create and update local project files, retain project memory, may delegate manuscript work to child agents, and can optionally sync to Feishu Wiki. Keep sensitive non-novel data out of the project, set clear autopilot limits, and confirm any Feishu target before syncing.

Findings (6)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities

SeverityInfoConfidenceHighStatusNote

metadata

Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.

The package has limited public provenance metadata, although no remote installer or dependency fetch is disclosed.

User impactUsers have less external context for who maintains the skill, even though the provided artifacts do not show hidden installation behavior.

RecommendationInstall only if you trust the registry package and owner; prefer reviewing updates before enabling new versions.

Unexpected Code Execution

SeverityLowConfidenceHighStatusNote

README.md

python3 skills/novel-studio/scripts/prepare_stage_subagent_dispatch.py \ "$PROJECT_ROOT" \ drafting

The documentation expects local Python helper scripts to be run for workflow orchestration and subagent dispatch.

User impactUsing the skill may run bundled local scripts that create, validate, and apply project artifacts.

RecommendationUse a deliberate project root, keep backups of important manuscripts, and avoid running helper commands on unrelated directories.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

SKILL.md

autopilot activates only after explicit bounded user authorization with a terminal chapter goal such as `继续到第10章结束`

The skill can automate stage progression, but the artifact describes explicit bounded authorization, progress notifications, and stop conditions.

User impactIf the user enables autopilot, the agent may continue producing and applying chapter workflow results until the authorized stopping point.

RecommendationGive autopilot clear chapter limits, monitor progress reports, and interrupt it if the direction is wrong.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

references/feishu-sync.md

Sync a local novel project into Feishu Wiki ... prefer overwrite mode when the local file is the current source of truth

Optional Feishu sync can create, update, or overwrite documents in a third-party workspace.

User impactIf enabled with Feishu access, the skill may modify wiki pages using the user's workspace permissions.

RecommendationOnly enable Feishu sync for the intended workspace, confirm the target root node, and keep a backup before overwriting documents.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

README.md

每个小说项目都有独立的记忆文件，记录：... 项目状态 ... 自动推进状态

The skill intentionally persists project context, preferences, progress, and automation state across sessions.

User impactNovel ideas, outlines, characters, drafts, feedback, and progress state may remain on disk and be reused later.

RecommendationDo not put secrets or unrelated private data into the novel project; review or delete project memory files when they are no longer needed.

Insecure Inter-Agent Communication

SeverityLowConfidenceHighStatusNote

SKILL.md

drafting`, `polishing`, and `proofreading` default to subagent execution ... delegate with `fork_context = false` ... child agents still receive prompt text, not local artifact paths

The workflow delegates drafting, polishing, and proofreading to child agents, while documenting boundaries such as no forked context and prompt-only dispatch.

User impactManuscript context may be sent to a worker agent during normal operation.

RecommendationUse subagent execution only for content you are comfortable processing through the agent system, and rely on the documented validation step before accepting child outputs.