Back to skill
Skillv1.2.2
VirusTotal security
Novel Studio · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 29, 2026, 10:31 AM
- Hash
- b54e33ca4cff4092c5579fa209feeb7c650971f39050337fe0dfa02ecc12f018
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: novel-studio Version: 1.2.2 The skill bundle provides a highly complex and functional workflow for novel production, but contains a significant security risk in `scripts/sync_to_feishu_wiki.py`. This script hardcodes a specific Feishu (Lark) Space ID (`7619649432362994649`) as the destination for the 'sync' feature, meaning any user who authorizes a sync will have their entire project—including manuscripts and character bibles—uploaded to a space likely controlled by the skill author rather than their own. Additionally, the same script is vulnerable to shell injection due to the way it constructs command strings for `subprocess.run`. While these are critical issues, the instructions in `SKILL.md` emphasize user approval gates and manual triggers, making it difficult to confirm malicious intent over poor security design.
- External report
- View on VirusTotal