Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Fanfic Writer
v2.1.0自动化小说写作助手 v2.1 - 基于证据的状态管理、多视角QC、原子I/O、每个阶段人工确认
⭐ 2· 1.2k·5 current·5 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (automated novel writing with staged confirmations) match the included Python scripts and prompt templates: outline generation, segmented writing, QC, state management, atomic I/O, merge and CLI entrypoints. There are no declared environment variables or credentials unrelated to the described purpose.
Instruction Scope
SKILL.md and the code direct the agent/user to create and operate on a local book workspace (init, write, merge, QC) and to call run_skill with oc_context provided by OpenClaw. The runtime instructions and CLI expect the skill to read and write many local files (configs, session state, chapter drafts, logs). This is coherent with the purpose, but it does mean the skill will persist user content and state to disk; it also references running 'openclaw config get' for troubleshooting (instructional example) which could reveal model config if executed by a user. No instructions were found that tell the agent to read arbitrary system secrets, shell history, or to transmit data to unknown external endpoints.
Install Mechanism
There is no install spec and no remote download/install step; the package is instruction-plus-source. That reduces install-time risk because nothing will be fetched/installed automatically. The repository contains many code files, but they are local and executed by Python when invoked by the user/agent.
Credentials
The skill declares no required env vars or credentials. The code does reference an optional NOVELS_DIR environment variable to override the working directory; if unset it falls back to a hardcoded default Windows-style path (C:\Users\10179\clawd\novels). Requesting no secrets is proportionate, but the hardcoded default path is odd and may cause files to be created in an unexpected location on install — you may want to set NOVELS_DIR explicitly to a safe folder before running.
Persistence & Privilege
The skill creates and updates persistent on-disk state (book directories, drafts, chapters, registry, session files, logs, final output). That is expected for a writing/workflow tool and consistent with the documented behavior (atomic I/O, snapshots, evidence chain). always:false and normal autonomous invocation are used. The skill does not appear to modify other skills' configs or request platform-wide privileges.
Assessment
This skill appears to be what it claims: a multi-stage novel-writing pipeline that reads/writes project files and uses your OpenClaw-provided model. Before installing or running it: 1) decide where project files should live and set NOVELS_DIR to a folder you control (to avoid the odd hardcoded default path). 2) Inspect scripts/v2/openclaw_entry.py and scripts/v2/safety_mechanisms.py (and any omitted files named token_tracker.py, tomato_fetch.py, price_table.py) for network calls or external API use — those files are the most likely to contact external services. 3) Run the included test_v2.py in a controlled environment to verify imports and behavior. 4) Because the skill persists drafts, logs, and registry entries, do not run it on a machine that contains sensitive data you would not want written into the skill's working directory. If you want extra assurance, review any code that mentions 'fetch', 'requests', 'http', or 'openclaw config' to ensure it won't send sensitive information off-machine without your knowledge.Like a lobster shell, security has layers — review code before you run it.
latestvk971ry7d7rktzgtmrkanz1gkp9816enh
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
📖 Clawdis