Back to skill
Skillv3.3.0
ClawScan security
Novel Writer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 11, 2026, 8:58 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's files, CLI commands, and runtime instructions align with a long‑form novel authoring and consistency‑checking tool; nothing requested is disproportionate to that purpose.
- Guidance
- This skill appears to be what it claims: a long‑form novel writing and auditing toolkit that reads and updates project files and runs bundled Python scripts. Before installing or running it: (1) review the included Python scripts (especially large files like consistency_check.py and any CLI entrypoints) so you understand any file writes and any network/activity they may perform; (2) run it on a dedicated/sandboxed project directory (not your home dir) so grep/read/tail operations and JSON/MD updates are limited to intended files; (3) take a backup of important work (the CLI has backup commands but do a manual copy first); (4) if you need offline guarantees, inspect the code for any network calls or telemetry (none are evident in SKILL.md/README, but full source review is recommended); (5) optional dependencies (jieba) are only needed for semantic checks — install them explicitly and review their provenance. If you cannot review the code, run the tool in an isolated environment (container/VM) to reduce risk.
Review Dimensions
- Purpose & Capability
- okName/description, SKILL.md, README, and the included scripts and references consistently implement a long‑form novel writing/auditing engine (context loaders, consistency checks, state machines, foreshadowing tracking, CLI). There are no unrelated credentials, binaries, or network endpoints declared in the metadata that would contradict the stated purpose.
- Instruction Scope
- noteThe SKILL.md explicitly instructs the agent to read and write many project files (markdown, JSON), run the bundled Python CLI (scripts/cli.py) and lightweight shell commands (grep, tail), and perform deep manual‑style reading. That is coherent with a writer/editor tool, but the runtime instructions do permit reading/writing arbitrary files inside whatever working directory is used and executing the included Python scripts (which can implement arbitrary logic). Reviewers should be aware the skill's actions are file‑system heavy and will mutate project files (tracking JSONs, reports, backups).
- Install Mechanism
- okNo install spec is provided (instruction-only skill with code files present). The repository contains local Python scripts and tests; optional dependencies (e.g., jieba) are mentioned but not required in metadata. No external download URLs, brew/npm installs, or extract steps are present in the metadata that would raise high‑risk install concerns.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. The runtime instructions reference only project‑local files (大纲.md, 设定词典.md, character_states.json, 正文/*, etc.), which are appropriate for a novel‑writing tool. There are no undeclared credential accesses in the provided SKILL.md.
- Persistence & Privilege
- okalways is false and the skill does not request forced inclusion or platform‑wide privileges. Its normal behavior includes updating project files (tracking tables, snapshots, reports) which is expected for this domain; it does not request access to other skills' configuration or system‑wide settings.