ClawHub

xt-webnovel-writing

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Chinese webnovel writing skill that keeps project memory on disk, with bounded file paths and no evidence of hidden exfiltration or destructive behavior.

Install only if you want a structured, file-backed webnovel project workflow. Use an explicit project_root, keep it in version control or backups, and say “one-time short text, no project, no memory” when you do not want files created or updated.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger list is very broad and includes common phrases such as '开头', '大纲', '续写', and '接着写', which can cause the skill to activate outside the intended context. Over-broad invocation can route unrelated user requests into this skill, causing unintended file operations, memory/project initialization, or intrusive workflow constraints to run in contexts where the user did not ask for them.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The workflow instructs the agent to write back chapter state and memory in project scenarios, but it does not require explicit user notice or confirmation before modifying user files. This creates a silent state-mutation risk where a user asking for text polishing may unknowingly trigger persistent writes, which can overwrite project data or create unwanted records.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The self-check reinforces fixed-path writes but still omits a clear warning that file operations are side effects affecting the user's workspace. In a project-writing context, that makes unintended overwrites or stale state propagation more likely, especially because the workflow normalizes persistence as part of routine operation.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger list is extremely broad and includes common terms such as '开头', '大纲', '简介', '记忆', and 'project', which can cause the skill to activate in contexts where the user did not intend persistent file-backed novel-writing behavior. In this skill, unintended activation is more dangerous because the workflow can create or modify on-disk project structures and route writing tasks through mandatory memory/persistence steps, increasing the risk of unauthorized file operations or misrouting user requests.

Vague Triggers

High
Confidence
94% confidence
Finding
The skill advertises very broad trigger phrases such as “检查 / 点评 / 挑错 / 诊断 / audit” and also states it may auto-run before other subskills deliver output. In an agentic routing system, this can cause unintended invocation on ordinary user language, leading to misrouting, unexpected file access to project memory, or unsolicited analysis behavior beyond the user's clear intent.

Vague Triggers

High
Confidence
95% confidence
Finding
The trigger list is extremely broad and includes generic phrases such as '开头', '剧情', '节奏', 'outline', and 'draft prose', which can cause the skill to activate for ordinary writing-related requests outside the user's intended scope. That creates a routing/invocation vulnerability: the agent may unexpectedly enter a high-authority workflow with file I/O and persistence behaviors, increasing the chance of unauthorized writes or unwanted stateful processing.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The workflow mandates LOAD/PERSIST operations and writing multiple files under project_root by default for draft prose generation, but it does not require an explicit user-facing confirmation immediately before modifying data. In practice, if this skill is triggered unexpectedly or the user is unaware of the persistence behavior, it can silently alter project state, create files, or overwrite chapter metadata, making accidental data modification and privacy leakage materially likely.

Vague Triggers

Medium
Confidence
76% confidence
Finding
The trigger list is very broad and overlaps heavily with ordinary Chinese writing requests, increasing the chance this skill auto-activates when a user did not intend project initialization, persistence, or rigid workflow routing. In this skill context, that matters because the workflow can ask for extra fields, internally derive hidden steps, and in long-form mode write structured artifacts to disk, so over-triggering can cause unintended file creation and incorrect handling of user requests.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal