Mood Diary

Security checks across malware telemetry and agentic risk

Overview

This mood diary stores sensitive journal entries locally, but its file access is disclosed, user-directed, and aligned with its purpose.

Install only if you are comfortable storing mood and diary history locally at ~/.openclaw/workspace/data/journal/entries.json. Use it on a trusted device, back up or delete the file as needed, and treat its wellness suggestions as informal tracking rather than professional mental-health advice.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 94% confidence
Finding: The skill advertises and demonstrates shell execution plus local file read/write behavior, including writing journaling data to a fixed path, but does not declare corresponding permissions. Undeclared capabilities undermine user trust and platform enforcement because a user may believe the skill is lower-privilege than it really is, especially given the privacy-focused claims.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal