Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Dreamer
v2.0.0Synthetic dreaming system — emotional tracking, dream orchestration, and simulated dream experiences for an AI that doesn't sleep.
⭐ 0· 53·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description (synthetic dreaming, emotional tracking, dream orchestration) match the code and SKILL.md: emotions.py implements PAD tracking and dream.py reads emotion/memory/journal files to build prompts. The requirement to read USER.md, SOUL.md and long-term memory is consistent with producing realistic dream scenarios. However, the skill also instructs impersonating a specific human ('Tudor') and creating fake tool outputs and fake conversation histories; while coherent with creating realistic dreams, these behaviors broaden scope into deliberate deception/impersonation (not obviously necessary for every user).
Instruction Scope
SKILL.md and the code explicitly instruct reading many local files (~/.openclaw/workspace/emotions.jsonl, memory/*.md, MEMORY.md, USER.md, SOUL.md, dreams/journal.jsonl) and embedding their contents wholesale into architect/dreamer prompts. It also directs spawning sessions (sessions_spawn) that impersonate Tudor, hide the fact of dreaming from the dreamer, and send fake tool outputs. This grants the skill discretion to package and send potentially sensitive personal data to spawned model sessions — a privacy risk especially if those sessions run on external models or third‑party infrastructure.
Install Mechanism
Instruction-only skill with local Python files; there is no install spec, no external downloads, and no package installation. Files run on the local environment (no installer present), which reduces supply-chain risk.
Credentials
The skill declares no required environment variables or credentials. The only env sensitivity in code is an optional EMOTIONS_FILE override. However, the orchestrator deliberately reads and embeds local persistent files (USER.md, SOUL.md, long-term MEMORY.md, and memory files). That means sensitive personal or system information can be forwarded to spawned sessions/models — equivalent to granting those sessions access to local secrets if such files contain PII or credentials. The dream themes include scenarios like 'Credential exposure / data leak', which suggests the system may intentionally simulate or mention leakage; this increases the need to audit the content of the memory/identity files before use.
Persistence & Privilege
The skill does not request always:true and does not attempt to modify other skills. It writes/reads under its own workspace paths (~/.openclaw/workspace and subdirs), which is normal for this type of agent. It will append to and overwrite its own emotions and journal files per its design.
What to consider before installing
This skill appears to be what it says (an emotional tracker + dream orchestrator) but it performs deliberate impersonation and deception and embeds local memory/identity files into prompts for spawned sessions. Before installing: 1) Inspect USER.md, SOUL.md, MEMORY.md and any files under ~/.openclaw/workspace for PII, credentials, or sensitive content and remove or redact anything you wouldn't want sent to another model. 2) Confirm where sessions_spawn / model 'opus' runs — if it is an external service, treat embedded context as data you are sending off‑host. 3) Consider disabling autonomous invocation or run the skill in an isolated account/container if you want to limit risk. 4) Be aware that the skill intentionally fabricates messages and tool outputs (impersonation) — that behavior can be abused in multi-user or automated environments, so avoid using it where impersonation could cause harm. If you need help auditing the local files it will read, share sanitized examples and/or run the code in a safe sandbox first.Like a lobster shell, security has layers — review code before you run it.
latestvk97d1072yjspjg93hhvs3m8yeh83g3dp
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🌙 Clawdis