Security Audit

novel-to-script

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

TRUSTED

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

novel-to-script received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential Arbitrary File Write via Untrusted Filename.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

85%

Behavioral Risk Signals

Filesystem Write

1 finding

Shell Execution

1 finding

Dynamic Code

1 finding

Security Findings1

Severity	Finding	Layer	Location
HIGH	Potential Arbitrary File Write via Untrusted Filename The skill instructs the agent to save a generated script file using a filename derived from the '作品名' (work name) of the novel content. The save location is specified as '与小说文件同级目录' (same directory as the novel file). If the '作品名' is extracted directly from untrusted novel content without proper sanitization, an attacker could inject directory traversal sequences (e.g., `../`, absolute paths) or other special characters into the filename. This could cause the 'Write tool' to save the file to an arbitrary location on the file system, potentially overwriting critical files, writing malicious content, or leading to data exfiltration. If the 'Write tool' is implemented via shell commands, this could also lead to command injection. 1. Input Sanitization: Strictly sanitize the '作品名' (work name) extracted from untrusted novel content. Remove or escape any characters that could be interpreted as directory separators (`/`, `\`), path traversal sequences (`..`), or shell metacharacters. 2. Restricted Write Scope: Configure the 'Write tool' to only allow writing to a pre-defined, isolated, and temporary output directory, rather than the same directory as the input novel file. This prevents writing to arbitrary locations. 3. User Confirmation: Before writing any file, especially if the path is derived from untrusted input, prompt the user for explicit confirmation of the full target path. 4. Secure Tool Implementation: Ensure the 'Write tool' itself is implemented securely, using safe file I/O functions that do not interpret filenames as shell commands and that properly handle path canonicalization.	LLM	SKILL.md:51

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/8d8608195ebcfea4.svg)](https://skillshield.io/report/8d8608195ebcfea4)