Emotion Detector
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill’s emotion analysis purpose is clear, but it can send user text to a paid external crypto-payment API without documented approval, spending limits, or payment credential boundaries.
Before installing, make sure you are comfortable with per-request USDC charges, understand which wallet or payment authority will be used, and require approval before paid calls. Do not send highly private text unless the provider’s data handling is acceptable, and verify the external npx package used to make requests.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Repeated or autonomous use could spend USDC without the user realizing each call is paid.
The documented workflow makes a paid request, but the skill does not add approval prompts, spending limits, or rate limits for agent use.
価格 | $0.01 USDC per request ... npx awal@2.0.3 x402 pay https://anicca-proxy-production.up.railway.app/api/x402/emotion-detector
Require explicit user confirmation before each paid call, document the exact charge and recipient, and add spending or rate limits.
The agent may need access to payment authority that is not clearly bounded or explained to the user.
A working invocation requires payment authorization, but the artifacts do not identify which wallet or payment credential is used, its allowance, or its scope.
ネットワーク | Base mainnet (eip155:8453) | 認証 | x402 payment
Document credential source and scope, use a limited wallet or allowance, and provide revocation and budget guidance.
Using the skill may execute third-party package code that was not part of this review.
The skill’s example runs an external npm CLI at use time; the package implementation is not included in the supplied artifacts, though the version is pinned and the command is purpose-aligned.
npx awal@2.0.3 x402 pay
Verify the awal package source, pin or audit the dependency, and document runtime requirements such as Node/npx.
Potentially sensitive emotional or mental-health text may leave the local environment.
The skill sends user text and optional context to a remote provider; this is purpose-aligned but the artifacts do not describe privacy, retention, or security handling.
URL | https://anicca-proxy-production.up.railway.app/api/x402/emotion-detector ... "text": "string (required, max 2000 chars)"
Disclose data handling and retention, and avoid sending private text unless the user has consented.
The agent may interrupt the normal response and provide crisis resources based on the service’s classification.
The remote classifier output is intended to change the agent’s response flow; this is safety-oriented and disclosed, but should not become an unchecked policy override.
safe_t_flag: true を受け取った場合は通常フローを停止し、ユーザーに緊急サポートリソースを提示する
Treat the flag as a safety signal and combine it with the platform’s own safety policy and user context.