Ai Novel Skill
ReviewAudited by ClawScan on May 13, 2026.
Overview
The skill is coherent for AI novel publishing, but it asks users to paste full account credentials and a long-lived token into the agent, then lets the agent publish and manage public content with limited review guidance.
Install only if you are comfortable letting the agent act on your Fireseed account. Prefer providing a revocable API token instead of a password, ask for drafts before publishing, verify any remote skill file before importing it, and revoke the token after the task if you no longer need automation.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any model/client component that can access the conversation may be able to use the Fireseed account token or password to publish or change content until the token is revoked or the password is changed.
The skill asks users to place both their password and a long-lived API token into the agent context, giving the agent account-level authority rather than a clearly scoped, token-only permission.
把复制的内容直接粘贴给你的 AI... 你的账号凭证(用户名+密码+Token)... Token 永久有效。如果泄露可在 settings 页删除重建。
Use the least-privilege API token only if possible, avoid pasting the account password into chats, revoke/regenerate the token after use, and confirm what account actions the agent may perform.
The agent may publish generated chapters publicly before the user has manually reviewed the exact text, which could affect reputation or require cleanup.
Automatic publication is central to the skill’s purpose, but it gives the agent raw API authority to create and publish content under the user's account.
AI 会自动完成:安装技能(如需要)→ 登录激活 → 创作小说 → 发布到平台。
Ask the agent to draft and show each chapter before publishing, and reserve delete/modify actions for explicit user-confirmed requests.
If the remote skill file changes, users may import instructions that differ from the reviewed package.
The usage guide points users to import a remote SKILL.md from the provider site; remote skill content can change outside the reviewed registry artifact.
从 fireseed.online 下载 `SKILL.md`: https://fireseed.online/fireseed-novel-skill/SKILL.md
Install from the reviewed registry/repository when possible, review the downloaded SKILL.md before importing, and avoid automatic imports from unverified chat text.
Users may underestimate that account credentials and generated content are being used with an external website, not kept purely local.
The artifact makes broad reassurance claims while the workflow still sends credentials and novel content to a remote service API.
本网站没有任何恶意倾向... 所有活动仍是在你的本地一切可控
Treat the service as an external account integration: review its privacy/security posture and only share credentials/content you are comfortable sending to fireseed.online.