Cheeeeeeeeeer
v1.0.0Emotional support and encouragement skill that detects user frustration and provides warm, personalized motivation with multiple response styles.
⭐ 0· 232·0 current·0 all-time
byHo Loong@nemohohaloai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description (emotional support) align with the instructions: analyzing user messages for keywords/emojis/punctuation and returning short encouragements. There are no unrelated environment variables, binaries, or external services declared that would be inappropriate for this purpose.
Instruction Scope
Instructions specify automatic monitoring of user messages and automatic triggers (threshold 0.3) that can cause unsolicited responses. The SKILL.md does not describe data retention, logging, or whether message text is sent to external services. Automatic analysis of user messages is expected for this skill, but the lack of details about storage/transmission and the relatively low trigger threshold are usability/privacy concerns.
Install Mechanism
This is an instruction-only skill with no install steps (low risk). However, the SKILL.md references implementation files (detector.js, index.js, manifest.json) that are not present in the package, which is an inconsistency worth clarifying (either those are illustrative or missing).
Credentials
No environment variables, credentials, or config paths are requested. The skill does not ask for unrelated secrets or elevated access.
Persistence & Privilege
always:false is set (good). The skill can be invoked autonomously (platform default) and the SKILL.md enables automatic triggers that will act without explicit per-message commands; combined this can lead to unsolicited messages. This is a behavioral/privacy consideration rather than an outright privilege escalation.
Assessment
This skill appears to do what it says (detect frustration and send short encouragements) and doesn't request credentials or install code. Before installing, consider: (1) Source transparency — there is no homepage and the owner is opaque; if you don't trust the publisher, be cautious. (2) Automatic triggers — the skill will monitor messages and may send unsolicited replies (threshold 0.3 is fairly low); confirm you can opt out or adjust sensitivity. (3) Data handling — SKILL.md does not say whether analyzed messages are logged or sent externally; ask the author whether any user text leaves the local agent or is stored. (4) Missing implementation files — the doc references detector.js/index.js but no code is included; ask whether those are illustrative or part of an implementation you will install. If these questions are answered satisfactorily (no external transmission, adjustable threshold, opt-out), the skill is reasonable to install for its intended purpose.Like a lobster shell, security has layers — review code before you run it.
latestvk977favjaadtrd1pxf6tejwn99828z5x
License
MIT-0
Free to use, modify, and redistribute. No attribution required.