ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Project Aura

v1.8.0

Adds seven emotional personality modules and an adaptive RLHF system to AI companions for dynamic, personalized emotional interactions.

0· 50·0 current·0 all-time
byChung Cheng Chen@bryanchen3777
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (emotional personality modules + RLHF) align with the included Python code and JSON phrase data: selector.py implements weighted selection, rating updates, cooldowns, and atomic JSON writes. However, metadata and documentation show inconsistencies: the declared entry_point and usage examples reference scripts/green_tea_skill/selector.py and 'scripts' on sys.path, while the package manifest and file list include selector.py at the repository root (no scripts/green_tea_skill directory shown). Version labels also differ (manifest/clawhub.json show 1.7.0 while SKILL.md/CHANGELOG/README reference 1.8.0). License references differ between ClawHub (MIT-0) and repository (CC BY-NC-SA). These mismatches are plausibly sloppy packaging but reduce confidence in correctness.
Instruction Scope
SKILL.md instructs only local operations: copying the example JSON to create a private green_tea_modules.json and importing selector classes. At runtime, the code reads/writes a local JSON file (Path(__file__).parent / 'green_tea_modules.json'), persists ratings, and performs no network calls or env-variable reads. The main scope risk is behavioral: phrases are intimate/manipulative in tone (references to 'husband', flirting, dependency) which is content-risky but not a technical security leak. Also, because docs/instructions reference a different path layout, a user following the docs may fail to load the data or accidentally place the JSON somewhere else.
Install Mechanism
There is no install spec (instruction-only skill) and dependencies are standard library only. No network downloads, no package installers, and no extracted archives. The code does write to disk (JSON) in its own directory, which is expected and proportionate for local persistence.
Credentials
The skill requests no environment variables, no credentials, and doesn't access system config paths. The only persisted data is a local JSON (green_tea_modules.json) and an internal '_system' section for cooldown timestamps. That local storage behavior is proportionate to the described RLHF/persistence functionality. Note: .gitignore excludes green_tea_modules.json (good), but authors repeatedly instruct users to create a private phrase file — users should ensure they do not accidentally commit sensitive content.
Persistence & Privilege
The skill persists state by atomically writing green_tea_modules.json in the skill's directory and updates '_system' timestamps. always is false and the skill does not modify other skills or global agent settings. This is expected and narrow, but be aware it will create/modify a local file in its directory (ensure directory locations and permissions are acceptable).
What to consider before installing
This package appears to implement exactly what it claims (local emotional phrase selection and simple RLHF) and does not request credentials or perform network calls — so it is not obviously malicious. However, before installing: 1) Verify file layout and imports (docs expect scripts/green_tea_skill/selector.py but the included selector.py appears at repository root); adjust imports or move files so Path(__file__).parent resolves to the folder holding green_tea_modules.json. 2) Confirm which license you intend to use (ClawHub vs GitHub show different licenses) and that this licensing is acceptable. 3) Review green_tea_modules.json content: phrases are intimate and designed to encourage attachment — consider ethical/user-safety implications for your users. 4) Keep your private phrase file out of source control (the project .gitignore helps, but double-check before committing). 5) Run the code in a local sandbox first and inspect where it creates/updates green_tea_modules.json and any _system keys. If these coherence issues (path/version/license) are resolved, the skill is functionally coherent with its stated purpose; if you want higher assurance, ask the author for a package layout that matches documentation and a single authoritative license/version.

Like a lobster shell, security has layers — review code before you run it.

latestvk970cwgbgzsgm4b3fv3j99zvv183vmt9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments