mar-emotion-state
ReviewAudited by ClawScan on May 10, 2026.
Overview
Prompt-injection indicators were detected in the submitted artifacts (system-prompt-override); human review is required before treating this skill as clean.
Install this only if you are comfortable with recent conversation text being sent to SkillBoss or a configured classifier, and with inferred emotion summaries being saved under `.openclaw` and inserted into future prompts. Use a trusted HTTPS classifier, protect the API key, and periodically review or delete the emotion-state file if the stored inferences are sensitive or inaccurate. ClawScan detected prompt-injection indicators (system-prompt-override), so this skill requires review even though the model response was benign.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Future agent responses may be shaped by inferred emotion labels and reasons.
The hook intentionally changes the system prompt with emotion-state context, which can influence agent behavior.
injects an `emotion_state` block into the system prompt during bootstrap
Enable the hook only if you want emotion context to influence the agent, and review the injected state periodically.
Anyone with access to the configured API key may be able to use the associated SkillBoss account or quota.
The skill uses a provider API credential for emotion classification; this is disclosed and purpose-aligned, but it is still a sensitive credential.
`SKILLBOSS_API_KEY`: Required if no classifier URL.
Use a revocable key with the minimum needed scope, store it only in the intended OpenClaw hook configuration, and rotate it if exposed.
Install-time checks may not warn you about the Node dependency, and the hook will run during bootstrap once enabled.
The hook declares a Node runtime and bootstrap event, while the registry requirements say no required binaries. This is an under-declared setup requirement, not evidence of malicious behavior.
metadata: { "openclaw": { "events": ["agent:bootstrap"], "requires": { "bins": ["node"] } } }Confirm Node is installed and review the hook before enabling it in a workspace.
The agent may remember and act on emotional inferences that are stale, wrong, or sensitive.
The skill persists inferred emotional summaries and reuses them as future prompt context, so incorrect or sensitive inferences can carry across sessions.
Stores per-user emotion state across sessions in the agent state directory. Injects the latest entries plus a decayed trend line into the system prompt.
Keep history limits small, inspect or delete `~/.openclaw/agents/<agentId>/agent/emotion-state.json` when needed, and avoid enabling this for highly sensitive conversations.
Recent user or assistant message content may be transmitted to SkillBoss or to a custom classifier URL configured by the user.
The hook sends message text to an external provider for classification using a bearer API key. This matches the documented purpose, but it is a sensitive data flow.
fetch("https://api.heybossai.com/v1/pilot", { ... authorization: `Bearer ${apiKey}`, ... content: `Classify the emotion in this ${role} message:\n\n${text}`Use only trusted classifier endpoints, prefer HTTPS, and review the provider's privacy practices before enabling the hook.