Epic Novel Writer

Security checks across malware telemetry and agentic risk

Overview

This appears to be a bounded writing/editing workflow skill, with the main issue being unclear archive-file creation rather than harmful behavior.

Before installing, expect the skill to edit files in `在编辑稿/` and potentially create archive/version folders. Use it in a project-specific directory and confirm whether you want automatic baseline archives created.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Intent-Code Divergence

Medium

Confidence: 91% confidence
Finding: The skill establishes a safety boundary that all edits must occur only under `在编辑稿/` and that archive directories are read-only, but elsewhere directs the agent to create and populate archive directories outside that boundary. This creates contradictory file-scope rules that can cause the agent to write outside the declared workspace, undermining operator expectations and increasing the risk of unintended filesystem modification.

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The skill says archive directories should only be created when the user explicitly asks for archiving, but later mandates automatic creation of a `v0` archive at completion. That contradiction can cause the agent to perform side-effecting writes the user did not request, violating least surprise and potentially creating unwanted files or snapshots.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal