ClawHub

Novel Writer

Security checks across malware telemetry and agentic risk

Overview

This is a coherent novel-writing and review skill whose local file reads and report/tracking writes are expected for its stated workflow.

Install this if you want an agent to help manage a local novel project, including reading manuscript files and writing review notes, reports, tracking tables, caches, and backups. Confirm the active novel directory before use and review generated JSON or report files before relying on them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The script is presented as a consistency checker, but it also performs write-side actions such as creating backup files and generating replacement/diff artifacts. In an agent skill context, this broadens the trust boundary from read-only analysis to filesystem mutation, which can surprise callers, alter user content, and be abused to create or overwrite files in locations derived from user-supplied paths.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger text covers very common requests related to writing, continuation, review, outlines, and character management, making invocation overly broad. In practice this can cause the skill to activate unexpectedly on ordinary creative-writing prompts and then gain access to local project files or perform writes and checks the user did not specifically request.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The markdown explicitly instructs the agent to create `伏笔表.json` using shell redirection, which performs a local file write without any requirement for user confirmation or disclosure. In an agent environment with tool access, this can cause unintended filesystem side effects, especially if the user only asked for advice rather than file operations.

Missing User Warnings

Low
Confidence
93% confidence
Finding
These sections provide in-place update commands that read and rewrite `伏笔表.json`, including appending entries and changing status fields, again without any user-facing warning or confirmation. Even though the file is part of the novel-writing workflow, silent modification is risky because an agent may overwrite local state, corrupt existing data, or perform actions the user did not explicitly authorize.

VirusTotal

43/43 vendors flagged this skill as clean.

View on VirusTotal