Fbs Bookwriter.Skip
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is mostly consistent with a book-writing workflow, but it combines broad local script execution, persistent/profile memory, and undeclared credential or purchase capabilities that deserve review before installation.
Install only if you are comfortable running a large Node-based toolchain locally. Keep it sandboxed, use a dedicated book folder, inspect commands before execution, and do not provide account credentials or payment-related access unless the skill clearly explains why they are required. Review and periodically clean the .fbs memory/state files.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run unsandboxed, the skill's scripts may have broader access to local files and the host environment than a user expects from a writing tool.
The skill explicitly depends on shell/exec and suggests disabling the sandbox as a troubleshooting option. That expands the impact of any script or dependency beyond a tightly contained writing workspace.
使用 OpenClaw **exec / shell**;**cwd 必须为技能根** ... 若 OpenClaw 在 Docker 沙箱中运行且未注入宿主 `env`,需 ... 配置 `sandbox.docker.env` 或关闭沙箱
Keep the sandbox enabled when possible, approve each command, and run the skill only in a dedicated book project directory.
The skill can run local programs, so a faulty or unexpected script could affect the local environment.
Static scan evidence shows the package can spawn local processes. This is mostly aligned with the disclosed Node-script workflow, but PowerShell bypass behavior is sensitive and should stay user-approved.
const r = spawnSync('powershell', ['-NoProfile', '-ExecutionPolicy', 'Bypass', '-File', tmpPs1], {Review scripts before running optional diagnostics, and do not allow the agent to execute unfamiliar commands automatically.
Installing dependencies may download third-party packages to the local environment.
The skill requires a manual npm dependency install. That is normal for a Node-based document tool, but dependency provenance is part of the trust boundary.
在技能根执行一次依赖安装:`npm install`(Node ≥18;可选依赖用于 HTML/Docx 等,见 `package.json` `optionalDependencies`)。
Inspect package.json and use a trusted network/environment before running npm install.
The skill may involve account authentication, sensitive credentials, or paid/credit-based actions that are not obvious from the main installation contract.
These high-impact account and credential capabilities are reported even though the registry requirements state no required env vars and no primary credential, and SKILL.md does not clearly explain when such credentials or purchases are needed.
can-make-purchases; requires-oauth-token; requires-sensitive-credentials
Do not provide OAuth tokens, WeCom credentials, payment, or credit-related access unless the workflow clearly asks for it and you understand the scope.
Personal profile or writing-preference data could be reused across sessions or projects in ways the user may not expect.
The artifacts describe importing host-level user profile memory into the writing system. That can be useful for personalization, but the user-facing install text does not clearly bound when profile memory is read, how long it is retained, or how it can be reset.
状态:... 宿主融合记忆已并入 v2.1.2 主入口 ... 读取 memery 为画像种子 ... `~/.workbuddy/memery/{UID}_memery.md`Ask the skill to disclose memory reads/writes, review the .fbs memory files, and provide a clear reset/delete path before using profile-based personalization.