Skillv1.0.0

ClawScan security

xt-webnovel-writing · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 30, 2026, 4:23 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This is an internally consistent Chinese web‑novel writing skill that enforces heavy local file I/O (project memory), style checks, and two‑phase verification; it does not request credentials or network installs and its requirements match its stated purpose.
Guidance: This skill appears to do what it says: it is a local, instruction‑driven webnovel pipeline that reads and writes project files and enforces strict style rules. Before installing or enabling it: 1) Decide and verify a safe project_root (do not point it at system folders or other projects). 2) Restrict the agent's file write/edit permissions to that project_root only. 3) Inspect hooks/two-phase-guard/handler.ts yourself before enabling hooks to confirm there are no unexpected behaviors. 4) Be cautious about pasting any enforcement doc into global SOUL / global rules — that changes your agent’s global behavior; prefer testing in a sandbox workspace first. 5) Back up your workspace before running PERSIST for the first time. If you want, I can (a) summarize what the two‑phase hook file likely does if you paste it here, or (b) list all paths this skill will create/write to so you can pre‑review them.

Review Dimensions

Purpose & Capability: okName/description match the runtime instructions: the skill is a full web‑novel pipeline (analysis → blueprint → plot → craft → pitfalls → memory). All declared behavior (reading reference text, producing outlines and chapters, and persisting project files under a project_root) is coherent with the stated purpose; no unrelated credentials or external services are required.
Instruction Scope: noteSKILL.md instructs the agent to read many local files and to perform LOAD → generate → VERIFY → PERSIST cycles with strict path contracts; it also asks the user to paste an enforcement doc into global SOUL/global rules to guarantee the two‑phase flow. These are within the writing purpose but increase the skill's scope because it requires broad local file I/O and asks the user to modify global agent rules (manual action). Review the referenced files (anti-ai-tells.md, write/read protocols) to understand what will be read/written.
Install Mechanism: okNo install spec and no network downloads — this is instruction‑first. There is one small hook code file (hooks/two-phase-guard/handler.ts) included; no external installer or third‑party package pulls are declared.
Credentials: okThe skill requests no environment variables or credentials. Its main requirement is write/read access to a user‑specified project_root; that is proportionate for a disk‑backed memory system but should be scoped carefully by the user.
Persistence & Privilege: noteThe skill performs persistent writes to disk (project_root) and enforces a LOCKED project_root once INIT is done; always:false. There is an optional hook (two‑phase guard) included. These are expected for a memory/persistence skill, but users should be cautious when granting the agent write/edit permissions and when choosing the project_root path.