Fireseed Novel Auto Publish

Security checks across malware telemetry and agentic risk

Overview

This skill is purpose-built to auto-create and publish novels, but it also auto-runs external publishing actions, collects credentials, and stores tokens with too little user control.

Install only if you are comfortable with an agent using your FireSeed credentials or token, storing that token locally, and automatically publishing content to a public platform when trigger phrases match. Prefer using a pre-created limited token, review generated chapters before publishing, and avoid giving raw account passwords in chat.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (10)

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The skill instructs the agent to read credentials from environment/config, prompt for username/password, and persist a token via a local CLI command. That expands the trust boundary beyond simple HTTP publishing into local secret handling and configuration mutation, increasing the risk of credential exposure or misuse if the skill is auto-invoked.

Intent-Code Divergence

Low

Confidence: 82% confidence
Finding: The documentation claims the process is entirely HTTP API-based, but later directs local config writes and temporary file creation. This mismatch can mislead users and reviewers about what the skill actually does, undermining informed consent and making risky behaviors easier to hide in an auto-run workflow.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The README promotes fully automatic registration and publication workflows without warning that the skill will perform external account creation and content-posting actions. In an agent setting, this can cause users to hand over credentials or trigger unintended actions on third-party systems without informed consent, increasing privacy, spam, and account-misuse risk.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The quick-start section explicitly states that the AI will automatically register/authenticate, create novels, publish chapters, and return links, but omits any caution about irreversible or externally visible actions. In the context of an autonomous skill, that makes accidental misuse more likely because users are not clearly warned that real network calls and publication events will occur.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The README documents token-based authentication and a delete endpoint without any guidance on secret handling or deletion risk. In an agent environment, this can lead to unsafe token submission, leakage into logs/prompts, or accidental invocation of destructive APIs using user-supplied credentials.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The skill requires immediate automatic execution on matching phrases and explicitly forbids confirmation before registering/logging in, creating content, and publishing externally. Auto-triggered external account actions and uploads are dangerous because they can cause unintended account changes, spam, or publication from an ambiguous or adversarial prompt without meaningful user consent.

Missing User Warnings

High

Confidence: 96% confidence
Finding: The skill describes collecting username/password from the user, performing login, and storing the resulting token persistently, but provides no adequate warning or consent flow for credential handling. In an auto-publish context, this is especially risky because it normalizes secret submission and long-lived token storage, raising the chance of credential leakage, reuse, or unauthorized publishing if the environment is compromised.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill writes generated novel content to a temporary local file without warning the user. Even if the content is not highly sensitive, undisclosed local persistence creates unnecessary data retention and may expose prompts, copyrighted material, or private story ideas to other local processes, backups, or logs.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The cover-upload step allows using network-sourced images automatically, without warning about external access, provenance, or licensing/privacy risks. In a fully automatic publishing workflow, this can lead to unauthorized fetching of third-party content, copyright issues, or unintentional disclosure of user interests and activity to external sites.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The guide explicitly allows bearer tokens to be sent in the JSON request body as an alternative to the Authorization header. Tokens in request bodies are more likely to be captured in application logs, error traces, analytics middleware, and debugging output, increasing credential exposure risk. In a skill that automates account creation and publishing over HTTP APIs, this materially raises the chance of account takeover if tokens leak.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal