Fbs Bookwriter.Skip
PassAudited by VirusTotal on May 10, 2026.
Overview
Type: OpenClaw Skill Name: fbs-bookwriter-skip Version: 1.0.0 The skill bundle is a highly sophisticated and professional-grade toolchain for long-form document creation. While it possesses high-risk capabilities such as launching a local HTTP server for previews (presentation-preview-server.mjs), performing automated web searches (knowledge-fetcher.mjs), and executing shell commands (standard-execution-chain.mjs), these actions are strictly aligned with its stated purpose of research, writing, and document building. Notably, the bundle includes proactive security measures such as a command approval policy (command-approval-policy.mjs) to block destructive shell commands and a security fence (security-fence.mjs) to define filesystem and network boundaries. The instructions in SKILL.md actually enforce integrity by requiring the agent to provide script-based evidence for progress rather than relying on LLM hallucinations. No evidence of malicious intent, data exfiltration, or unauthorized persistence was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run unsandboxed, the skill's scripts may have broader access to local files and the host environment than a user expects from a writing tool.
The skill explicitly depends on shell/exec and suggests disabling the sandbox as a troubleshooting option. That expands the impact of any script or dependency beyond a tightly contained writing workspace.
使用 OpenClaw **exec / shell**;**cwd 必须为技能根** ... 若 OpenClaw 在 Docker 沙箱中运行且未注入宿主 `env`,需 ... 配置 `sandbox.docker.env` 或关闭沙箱
Keep the sandbox enabled when possible, approve each command, and run the skill only in a dedicated book project directory.
The skill can run local programs, so a faulty or unexpected script could affect the local environment.
Static scan evidence shows the package can spawn local processes. This is mostly aligned with the disclosed Node-script workflow, but PowerShell bypass behavior is sensitive and should stay user-approved.
const r = spawnSync('powershell', ['-NoProfile', '-ExecutionPolicy', 'Bypass', '-File', tmpPs1], {Review scripts before running optional diagnostics, and do not allow the agent to execute unfamiliar commands automatically.
Installing dependencies may download third-party packages to the local environment.
The skill requires a manual npm dependency install. That is normal for a Node-based document tool, but dependency provenance is part of the trust boundary.
在技能根执行一次依赖安装:`npm install`(Node ≥18;可选依赖用于 HTML/Docx 等,见 `package.json` `optionalDependencies`)。
Inspect package.json and use a trusted network/environment before running npm install.
The skill may involve account authentication, sensitive credentials, or paid/credit-based actions that are not obvious from the main installation contract.
These high-impact account and credential capabilities are reported even though the registry requirements state no required env vars and no primary credential, and SKILL.md does not clearly explain when such credentials or purchases are needed.
can-make-purchases; requires-oauth-token; requires-sensitive-credentials
Do not provide OAuth tokens, WeCom credentials, payment, or credit-related access unless the workflow clearly asks for it and you understand the scope.
Personal profile or writing-preference data could be reused across sessions or projects in ways the user may not expect.
The artifacts describe importing host-level user profile memory into the writing system. That can be useful for personalization, but the user-facing install text does not clearly bound when profile memory is read, how long it is retained, or how it can be reset.
状态:... 宿主融合记忆已并入 v2.1.2 主入口 ... 读取 memery 为画像种子 ... `~/.workbuddy/memery/{UID}_memery.md`Ask the skill to disclose memory reads/writes, review the .fbs memory files, and provide a clear reset/delete path before using profile-based personalization.