Fireseed Writing Expert
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is mostly aligned with novel writing, but its artifacts show unbounded file-writing paths, external publishing without clear confirmation in the provided top-level instructions, persistent style/DNA libraries, and a potentially misleading “copyright risk” claim.
Before installing, confirm you are comfortable with a writing skill that can run bundled Python, read and write files in your novel workspace, store reusable style/DNA metadata, and publish externally. Use safe project names without slashes or ../, review generated content before publishing, and treat copyright/plagiarism checks as limited heuristics rather than guarantees.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malformed or malicious project name could make the agent write novel files outside the expected writing workspace.
The project directory is built directly from the user-supplied target_project value. Absolute paths or ../ segments could cause the skill to create and write files outside the intended workspace/novels area.
proj_dir = self.novels_dir / target_project ... d.mkdir(parents=True, exist_ok=True)
Validate project names, reject absolute paths and path traversal, resolve the final path, and enforce that all writes stay under workspace/novels.
A user could unintentionally send or publish content to fireseed.online if a publish request is interpreted too broadly.
The top-level workflow routes publish-like phrases to an external publishing action, but the provided top-level artifact does not show a separate final confirmation, review step, or rollback guidance for public posting.
包含 “发布到”“上线”“发表到平台” → 调用 `publish`
Require an explicit final confirmation that shows the destination, account, project, chapters, and content summary before any publish or append action.
Installing the skill means trusting its bundled Python subskills to run when invoked.
The controller dynamically loads Python modules for local subskills. This matches the dispatcher design, but it is still runtime code execution from skill files.
spec = importlib.util.spec_from_file_location(skill_name, entry_path) ... spec.loader.exec_module(module)
Keep dynamic loading restricted to bundled, reviewed subskill paths and avoid loading user-created or externally downloaded modules.
Style or DNA information from one writing project may be reused or listed in later sessions.
The skill stores extracted writing DNA in a global library for reuse across projects. This is useful for the stated workflow, but it creates persistent derived context.
更新全局 DNA 库 `root_meta/dna_library.json`,添加该 DNA 的索引。
Tell users where extracted data is stored, provide a delete/clear option, and avoid storing source text unless explicitly requested.
Users may believe generated clones are legally or ethically safe when the artifacts only show a basic plagiarism heuristic.
The workflow claims to avoid copyright risk while relying on a simple similarity threshold. That may overstate the safety of cloning an existing novel’s structure, style, and character behavior patterns.
适用场景:将一部小说的核心特征...迁移到新的题材或设定中,避免版权风险。 ... 如果超过 5%,重新生成该章。
Rephrase the claim as a limited similarity check, warn that it is not legal advice, and encourage substantial original transformation and human review.