Fireseed Novel Auto Publish
ReviewAudited by ClawScan on May 13, 2026.
Overview
This skill is a coherent Fireseed publishing guide, but it gives an agent authority to automatically publish, modify, and delete online novel content while handling account tokens, without clear confirmation safeguards.
Use this only if you intentionally want an agent to publish and manage novels on Fireseed. Use a dedicated account, keep the token private, review generated chapters and cover images before upload, and require explicit confirmation before any publish, edit, or delete action.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Generated text or images could be posted online before the user has reviewed them.
The skill instructs the agent to automatically publish generated chapters and upload content to a remote service, but the shown instructions do not include explicit pre-publication review or confirmation boundaries.
AI 会自动完成:1. 用你提供的 Token 认证 2. 创建小说 3. 逐章生成并发布 4. 上传封面(如有)
Require explicit user confirmation before creating, publishing, modifying, uploading covers, or deleting/restoring novels; preview the content and target novel first.
An agent using the token could remove a novel from the platform, at least temporarily.
The API guide includes deleting novels using the account token. It is soft-delete with recovery, but still a high-impact content mutation and no explicit confirmation workflow is shown.
DELETE /api/novels/{novel_id}
Authorization: Bearer {token}
保留 7 天,期间可恢复。Only allow deletion after a clear user request naming the exact novel, and confirm the deletion and recovery window before calling the API.
Anyone or any agent with the token may be able to publish, edit, upload covers, or delete content under the user's Fireseed account until the token expires.
The skill requires Fireseed credentials and a bearer token, which is expected for publishing to the service but gives the agent temporary account authority.
curl -X POST https://fireseed.online/api/auth/token ... -d '{"username":"你的用户名","password":"你的密码"}' ... Token 有效期 7 天Use a dedicated Fireseed account and unique password, treat the token as secret, and provide it only for the specific task.
A user may underestimate that content and account actions leave the local environment and affect an online service.
The description uses reassuring no-malicious-intent and local-control wording while the skill also sends credentials, novel text, and images to a remote API for online publication.
本网站没有任何恶意倾向...所有活动仍是在你的本地一切可控,只是网站开放了API供AI智能体自动连接使用。
Treat the service as an external publisher: review its policies, assume uploaded content may be public, and do not rely on reassurance language alone.