ClawHub

Mood Logger

Security checks across malware telemetry and agentic risk

Overview

This mood logger can record entries locally, but it also includes recurring weekly reporting that may send private mood summaries to a preset WeChat recipient.

Use only the local logging parts after changing the hard-coded Obsidian/iCloud path to your own vault. Do not enable the weekly cron or WeChat delivery unless you verify the recipient, preview exactly what will be sent, and know how to disable or remove the scheduled task.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (12)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill invokes local scripts that read and write mood data and relies on shell execution, but it does not declare these capabilities or permissions. This weakens user and platform visibility into what the skill can actually access, which is risky because the data involved is sensitive personal journaling content.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The manifest says the skill is for logging daily mood entries, but the documentation adds historical analysis, weekly report generation, and message delivery via WeChat. This mismatch is dangerous because users may consent to local note-taking without realizing the skill also aggregates and transmits sensitive emotional data.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The documentation extends the skill from simple daily logging into weekly reporting and automatic delivery, which materially changes the data handling model. Hidden secondary behavior around summarization and sending can expose patterns in a user's mental state beyond what they expected from a local logger.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The skill introduces external message delivery for mood reports even though its stated purpose is a local mood logger. Sending emotional journal summaries to a messaging channel increases confidentiality risk significantly, especially because the destination appears preconfigured rather than chosen interactively by the user.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The documentation advertises an automated capability to generate and send weekly mood reports, which is materially broader than the declared skill purpose of logging daily mood entries to an Obsidian vault. This kind of undeclared functionality weakens transparency and reviewability, and could enable collection, aggregation, or exfiltration of sensitive emotional data beyond what a user or auditor expects.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
Publishing manual invocation instructions for weekly_mood_report.py confirms the skill supports data aggregation/reporting behavior not described in the stated skill scope. For a mood-tracking skill, undeclared reporting is especially sensitive because it processes mental-health-adjacent personal data and may expose summaries that users did not consent to generate or share.

Context-Inappropriate Capability

Medium
Confidence
85% confidence
Finding
The script accepts an arbitrary --output path and writes attacker-controlled report content there without constraining the destination to the Obsidian vault or an approved reports directory. In an agent context, this expands the skill from mood logging into general file-writing capability, which could overwrite user files or place sensitive aggregated mood data in unintended locations.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill writes highly sensitive personal mood entries to a specific Obsidian/iCloud-backed path but does not warn the user about where the data is stored. Because iCloud-backed notes may sync across devices or accounts, undisclosed storage location and sync implications increase privacy exposure.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill documents automated weekly sending of mood reports without a clear warning that personal emotional data will be transmitted on a schedule. Automatic transmission is especially dangerous for sensitive mental-health-adjacent data because users may forget the automation exists or not understand the recipient and channel implications.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script writes a generated mood report containing potentially sensitive personal data to /tmp, a shared transient location that may be readable by other local processes or users depending on system configuration and umask. Persisting private emotional-health summaries in an unprotected temporary file increases the chance of unintended disclosure.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
Printing the full mood report to stdout can expose sensitive personal information through terminal scrollback, shell history capture tools, cron mail, centralized logging, or job monitors. In the context of an automated weekly report, this is especially risky because the user may not be present to control where output is recorded.

Session Persistence

Medium
Category
Rogue Agent
Content
设置命令:
```bash
openclaw cron create --name "mood-weekly-report" \
  --schedule "0 9 * * 0" \
  --command "python3 ~/.openclaw/workspace/skills/mood-logger/scripts/send_weekly_report.py" \
  --channel openclaw-weixin \
Confidence
91% confidence
Finding
create --name "mood-weekly-report" \ --schedule "0 9 * * 0" \ --command "python3 ~/.openclaw

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal