Back to skill
Skillv2.1.0
ClawScan security
Fanfic Writer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 15, 2026, 7:57 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's files, runtime instructions, and requested resources are consistent with a novel-writing pipeline that writes/reads project files and uses the host model; no unexplained credential requests or network installs were found.
- Guidance
- This skill appears to be what it claims: a multi-stage novel-writing pipeline that reads/writes project files and uses your OpenClaw-provided model. Before installing or running it: 1) decide where project files should live and set NOVELS_DIR to a folder you control (to avoid the odd hardcoded default path). 2) Inspect scripts/v2/openclaw_entry.py and scripts/v2/safety_mechanisms.py (and any omitted files named token_tracker.py, tomato_fetch.py, price_table.py) for network calls or external API use — those files are the most likely to contact external services. 3) Run the included test_v2.py in a controlled environment to verify imports and behavior. 4) Because the skill persists drafts, logs, and registry entries, do not run it on a machine that contains sensitive data you would not want written into the skill's working directory. If you want extra assurance, review any code that mentions 'fetch', 'requests', 'http', or 'openclaw config' to ensure it won't send sensitive information off-machine without your knowledge.
Review Dimensions
- Purpose & Capability
- okThe name/description (automated novel writing with staged confirmations) match the included Python scripts and prompt templates: outline generation, segmented writing, QC, state management, atomic I/O, merge and CLI entrypoints. There are no declared environment variables or credentials unrelated to the described purpose.
- Instruction Scope
- noteSKILL.md and the code direct the agent/user to create and operate on a local book workspace (init, write, merge, QC) and to call run_skill with oc_context provided by OpenClaw. The runtime instructions and CLI expect the skill to read and write many local files (configs, session state, chapter drafts, logs). This is coherent with the purpose, but it does mean the skill will persist user content and state to disk; it also references running 'openclaw config get' for troubleshooting (instructional example) which could reveal model config if executed by a user. No instructions were found that tell the agent to read arbitrary system secrets, shell history, or to transmit data to unknown external endpoints.
- Install Mechanism
- okThere is no install spec and no remote download/install step; the package is instruction-plus-source. That reduces install-time risk because nothing will be fetched/installed automatically. The repository contains many code files, but they are local and executed by Python when invoked by the user/agent.
- Credentials
- noteThe skill declares no required env vars or credentials. The code does reference an optional NOVELS_DIR environment variable to override the working directory; if unset it falls back to a hardcoded default Windows-style path (C:\Users\10179\clawd\novels). Requesting no secrets is proportionate, but the hardcoded default path is odd and may cause files to be created in an unexpected location on install — you may want to set NOVELS_DIR explicitly to a safe folder before running.
- Persistence & Privilege
- noteThe skill creates and updates persistent on-disk state (book directories, drafts, chapters, registry, session files, logs, final output). That is expected for a writing/workflow tool and consistent with the documented behavior (atomic I/O, snapshots, evidence chain). always:false and normal autonomous invocation are used. The skill does not appear to modify other skills' configs or request platform-wide privileges.