Fireseed Auto Novel Publish
AdvisoryAudited by Static analysis on May 4, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A broad or mistaken prompt could result in AI-generated content being posted under the user's Fireseed account before the user has reviewed it.
This explicitly tells the agent to authenticate, create content, and publish it to an external platform automatically; the visible artifacts do not add a required draft-review or final-confirmation checkpoint before public posting.
只需对 AI 说一句「创作一部小说,发布到 fireseed 平台」,剩下的全部自动完成。 ... AI 会自动:注册/认证 → 创建小说 → 逐章写作 → 发布 → 返回阅读链接
Require an explicit 'publish to Fireseed' request and a final human approval step after showing the generated title, metadata, chapters, and destination account; use separate confirmations for edits or deletion.
The assistant may suggest or prepare Fireseed publishing for ordinary novel-writing prompts unless the user is clear.
The trigger list includes generic writing requests, not only explicit Fireseed publishing requests, so the publishing workflow could be invoked in situations where the user only wanted local drafting.
trigger: - 写小说 - 创作小说 - 生成小说 - 发布小说 - 上传小说
Only invoke the Fireseed API workflow when the user explicitly asks to publish or manage works on Fireseed; otherwise keep the task as local writing.
Anyone or any agent context with the token could publish or modify Fireseed content during the token lifetime.
The skill requires Fireseed credentials or a 7-day token. That is expected for publishing to the user's account, but it gives the agent account-level publishing authority.
# 登录获取 Token(有效期 7 天)
curl -X POST https://fireseed.online/api/auth/token ... -d '{"username":"你的用户名","password":"你的密码"}'Use a dedicated Fireseed account if possible, prefer Authorization headers over placing tokens in request bodies, avoid sharing tokens in logs or chats, and revoke or rotate tokens after use.