Back to skill

Security audit

novel-writing

Security checks across malware telemetry and agentic risk

Overview

This appears to be a purpose-built writing assistant that saves project files locally, with some transparency and scoping improvements users should understand before using it.

Install if you are comfortable with the skill reading and modifying files inside your novel project. Keep the project in its own folder, review changes before committing or sharing them, and prefer using it only when you explicitly want file-backed writing or state tracking.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill describes file read/write behavior over a local project structure and automatic state persistence, but no explicit permissions are declared. That creates a mismatch between what the skill can do and what a user or platform policy can audit, increasing the risk of unintended local file access or modification. In this context the file operations are central to the skill’s purpose, so this appears more careless than malicious, but still a real security issue.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The skill advertises very broad trigger scenarios such as starting a new book, chapter drafting, conflict checking, feedback analysis, and batch quality control without clear activation boundaries. Overly broad scope can cause the agent to invoke the skill in contexts the user did not intend, which is more concerning here because the skill also implies reading and writing local project files. The content does not look overtly malicious, but the ambiguity increases the chance of unauthorized or surprising actions.

Missing User Warnings

Low
Confidence
95% confidence
Finding
The skill says state.json is automatically updated after each write operation, but it does not warn the user that local files will be modified. Silent persistence is a real safety problem because users may expect text-generation assistance, not background mutation of workspace files. In this skill’s context the impact is limited to the project directory, so the issue is less severe than arbitrary file access, but it still undermines user consent and transparency.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.