novel-forge

Long-form novel workflow for creating, continuing, resuming, and repairing serialized fiction with externalized project state, role-to-model mapping, worldbu...

What to consider before installing: - The skill is coherent with its advertised purpose (a stateful long-form novel workflow) and the included scripts implement project discovery and scaffolding. - However, SKILL.md and the scripts read local configuration and workspace environment variables that were not declared in the skill metadata. In particular the skill will (by default) read /root/.openclaw/openclaw.json and check OPENCLAW_WORKSPACE / NOVEL_FORGE_WORKSPACE / CLAUDE_WORKSPACE or ~/.openclaw/workspace, ~/.claude/workspace. That can expose local model/provider inventory and other config present in those files. - The skill writes project files (project.json, state/current.json, chapters/*.md, worldbuilding.md, etc.) into a workspace/novel directory. This is expected for a scaffold/orchestrator, but be aware it will create and modify files in your workspace. - There is no remote network exfiltration code in the provided scripts and no install-time downloads, but because the skill reads system config you should: 1) Inspect the actual /root/.openclaw/openclaw.json (or equivalent on your system) to confirm it contains only non-sensitive inventory metadata and no secrets you don't want read. 2) If you are uncomfortable with the skill reading that file, request the skill author to make the config path optional or to declare the required config paths/env vars in metadata so you can consent. 3) Run the bundled scripts in a sandbox or test workspace first to observe behavior (discover_projects.py, scaffold_project.py, show_runtime_inventory.mjs are localized and print JSON). - If you need higher assurance, ask the author to update metadata to declare required config paths and env vars, or to add an explicit user prompt before reading system-level config. If you trust the author and the workflow, the skill appears usable; if you prefer minimal exposure, do not install it or run it only in an isolated workspace.

Type: OpenClaw Skill Name: novel-forge Version: 2.0.0 The skill bundle is classified as suspicious primarily due to its requirement to read and process the sensitive system configuration file `/root/.openclaw/openclaw.json` via `scripts/show_runtime_inventory.mjs`. This file typically contains API keys and internal system metadata; exposing its contents to the AI agent and user constitutes a significant information disclosure vulnerability. While the stated intent is to provide a model inventory for the 'multi-agent' workflow described in `SKILL.md`, the high-privilege access to system-level configuration files is a risky capability that could be abused, although no explicit evidence of intentional data exfiltration or remote code execution was found.