Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description promise (injecting 'hormonal' cron jobs and a parentality preview) matches what the SKILL.md, templates, schemas, and the included parentality engine script actually do: run a conversational interview, compute a hormone/profile JSON, and produce cron job prompts and parenting suggestions. There are no unrelated required binaries, env vars, or external installers requested.
Instruction Scope
SKILL.md explicitly instructs the agent to read local agent files (SOUL.md, USER.md, MEMORY.md, memory/). It also instructs generation of cron prompts and to write logs into memory/dreams and memory/journal paths, and to message humans/contacts. These file reads/writes and outbound messaging are consistent with personalization and scheduled behavior but are privacy-sensitive and will give the skill access to any content in those agent files. The skill does not instruct reading unrelated system paths or secrets.
Install Mechanism
Instruction-only skill with one included Python utility; there is no install spec or remote download. The README suggests a git clone into the user's OpenClaw workspace — that is a manual installation step and not an automated remote install by the skill. No URLs that would trigger arbitrary code execution were specified by an install step.
Credentials
The skill requests no environment variables or credentials. Some features (parentality token budget/top-up suggestions) imply the agent or a human may need to change resource quotas or permissions, but the skill itself does not request cloud keys or secrets. That is proportionate to the declared functionality; however, acting on token-topup suggestions would require separate privileged actions outside the skill.
Persistence & Privilege
The skill produces persistent artifacts conceptually (cron job definitions and ongoing 'pills' that run on schedules). The registry flags show always:false and normal autonomous invocation. Because cron jobs cause repeated autonomous behavior and outbound messages, installing/activating the prescription will create persistent, autonomous activity in the agent environment — that is expected for this skill but something to be aware of before enabling.
Assessment
This skill is coherent with its stated goal: it personalizes an agent by reading local agent files, producing a hormone profile, and emitting cron job prompts. Before installing or enabling it, consider: 1) the skill will read SOUL.md, USER.md, MEMORY.md and memory/ — those files can contain private user information, so review them if you care about privacy; 2) the skill will suggest cron jobs and message prompts that, when applied, will cause autonomous, persistent behavior (regular messages to humans/other agents, journaling to disk). If you want to proceed, review the generated prescription carefully before executing any cron-install commands (especially any that would modify token budgets, send messages, or change permissions). If you are uncomfortable with automated outbound messaging or persistent crons, run the interview and prescription generation in a dry-run/isolated environment and apply changes manually after inspection.Like a lobster shell, security has layers — review code before you run it.
emotionsvk97a7y5s5hfgb87dp781exf4hn81gftelatestvk97a7y5s5hfgb87dp781exf4hn81gfteopenclawvk97a7y5s5hfgb87dp781exf4hn81gfteparentalityvk97a7y5s5hfgb87dp781exf4hn81gfte
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🩺 Clawdis