Novel Writer

Security checks across malware telemetry and agentic risk

Overview

This is a coherent novel-writing skill, but it asks the agent to perform recurring hourly file writes and Desktop copies without clear user opt-in or stop controls.

Install only if you want a local fiction-writing assistant that can read and update files for this novel project. Treat the hourly cron instruction as needing explicit opt-in; review or constrain any agent action before it writes chapters, changes memory files, updates the outline, or copies files to the Desktop.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill explicitly describes an hourly automated workflow that writes new chapter content, updates multiple memory files, updates the story outline, and copies output to the desktop, but it does not present any user consent, confirmation, scope limitation, or safety notice around these filesystem modifications. In an agent environment, unattended recurring writes can overwrite user data, create unwanted files, and exfiltrate or expose generated content to broader locations like the desktop without the user's explicit approval each time.

VirusTotal

54/54 vendors flagged this skill as clean.

View on VirusTotal