Fanfic Writer
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is mostly a coherent local novel-writing assistant, but Review is warranted because one merge script can write outside the project folder if given an unsafe title.
Install only if you are comfortable with a local writing tool that creates persistent project files and uses your configured model. Prefer manual mode, set a token/cost budget, avoid slashes or '..' in book titles until the merge-path issue is fixed, and keep generated workspace folders private.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malformed or adversarial book title could create or overwrite a text file outside the novel project folder.
The final output filename is derived from the book title or caller-provided output filename without sanitizing path separators or '..', so a crafted title can cause a write outside the intended final/ workspace.
out = output_filename or f"{config['title']}_完整版.txt"
out_path = final_dir / out
with open(out_path, 'w', encoding='utf-8') as f:Sanitize the title/output filename to a safe basename, reject path separators and '..', and verify the resolved output path remains under final_dir before writing.
Users who expect every step to pause for approval may accidentally run a more automated workflow.
This disclosed auto mode may surprise users because the primary skill description emphasizes human confirmation at each phase; auto mode can generate multiple chapters and consume model calls with less review.
# 自动模式写作 (推荐) python -m scripts.v2.cli write --run-dir <path> --mode auto --chapters 1-10
Use manual mode unless you intentionally want automation, set a budget, and update the documentation to clearly reconcile manual-confirmation and auto-mode behavior.
Story details and user edits remain in local project files and can influence later writing sessions.
The skill stores session context, pending confirmations, user modification requests, and draft segments locally so it can resume and maintain continuity.
"pending_confirmation": None, "user_modifications": [], "chapter_draft_segments": [],
Keep run directories private, review or clear state/session files before sharing a project, and verify stored context before resuming important work.