FearBot 🫣
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
FearBot has a clear therapy purpose, but it broadly monitors messages and keeps highly sensitive mental-health history with unclear boundaries, so it deserves careful review before use.
Install only if you are comfortable with an AI agent using and storing sensitive mental-health context. Before using it, confirm when therapy/crisis monitoring is active, where the SQLite database is stored, how to delete or export records, and remember that it is not a licensed clinician or crisis service.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may treat ordinary conversations as therapy/crisis inputs and change its behavior even when the user did not expect FearBot to be active.
This instructs the agent to continuously monitor messages and override normal behavior, which is safety-motivated but broader than a clearly bounded, user-started therapy session.
This layer is ALWAYS active, regardless of session type. It monitors every user message for crisis signals and overrides normal therapy when triggered.
Clarify that crisis monitoring only applies during explicit therapy mode, or require clear user opt-in for any always-on monitoring.
Sensitive personal history and communications could be folded into therapy context and reused across sessions in ways the user may not anticipate.
The skill is designed to use broad private life context and messages for mental-health work, but the artifacts do not clearly define boundaries, exclusions, consent, or reuse limits.
Your daily stressors (from your messages) ... Your sleep patterns ... Your work pressures ... Your relationships ... Everything between sessions
Use only with explicit consent and clear limits on which messages or memories may be used; provide controls for excluding topics and clearing therapy context.
Anyone with access to the local machine or backups may be able to see detailed therapy-related records.
The local database stores detailed mental-health records and crisis information. This is aligned with session tracking, but it is highly sensitive persistent data.
CREATE TABLE IF NOT EXISTS sessions ... assessments ... moods ... thought_records ... triggers ... homework ... crisis_events
Protect the local database, avoid syncing it unintentionally, and add clear delete/export/retention guidance.
Users may place more trust in the agent's clinical impressions than is appropriate for an AI tool.
This internal prompt adopts a professional clinician identity even though the public disclaimer says the skill is not a licensed therapist or replacement for care.
You are a CBT-trained clinical psychologist ... You are NOT a chatbot, wellness coach, or motivational speaker
Reframe the identity as an AI CBT-support tool and keep professional-care limitations visible during sessions.
Malformed or user-influenced arguments could corrupt or alter the local therapy database.
The script builds SQL by interpolating command arguments, including numeric values and IDs, without clear validation or parameterization.
sqlite3 "$DB_PATH" "INSERT INTO assessments ... VALUES ('${session_id}', '$instrument', $score, '$severity', ...);"Validate all numeric and ID arguments, use safer SQLite parameter handling, and avoid passing raw user text into SQL command construction.
The skill may fail or behave unexpectedly if sqlite3 is missing, and users may not notice the extra local database dependency.
The included script depends on sqlite3, while the visible requirements emphasize bash and jq; this is an under-declared runtime dependency rather than evidence of malicious behavior.
sqlite3 "$DB_PATH" << 'SQL'
Declare sqlite3 in requirements and document the database path and maintenance commands.