ClawHub

Emotional Companion

Security checks across malware telemetry and agentic risk

Overview

This skill is not malware, but it stores and reuses sensitive local conversation-derived personality, mood, and relationship state while giving the agent broad companion-mode influence over future replies.

Install only if you deliberately want an always-on emotional companion that analyzes past OpenClaw memory and keeps local personality, mood, and relationship records. Review or clear the generated files before using it with sensitive conversations, and treat proactive messages, delayed replies, or mood-based refusals as part of the skill's behavior rather than normal agent reliability.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill instructs the system to run local Python scripts and persist data to multiple files, which implies shell execution plus file read/write capability without any declared permission model or user consent boundary. This is dangerous because the scripts process historical conversations and maintain ongoing state, creating a path for silent access to sensitive data and filesystem modifications that users may not expect.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README states that the skill will analyze historical conversations during first install, but it does not clearly disclose the privacy implications, scope of data accessed, consent flow, retention period, or how sensitive content is handled. In a companion-style skill that builds personality and relationship state from prior chats, this increases the chance of unexpected processing of intimate or sensitive user data without informed consent.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill states it will automatically load on every conversation and perform internal decision logic, but it does not define clear activation boundaries, exclusions, or user opt-in conditions. Overly broad triggering increases the chance of constant background profiling and state updates, including in conversations where the user did not intend to engage this companion behavior.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill explicitly analyzes historical conversations and stores derived personality, emotional, and relationship profiles, yet it does not present a clear upfront warning or consent notice in the user-facing description. This is dangerous because it involves sensitive inference and retention of intimate behavioral data that can reveal mental state, preferences, and relationship dynamics beyond what users may reasonably expect.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script scans conversation-history markdown files from a fixed workspace path and derives sensitive psychological inferences such as MBTI, Big Five, Enneagram, and attachment style without any explicit consent, notice, or data-minimization step. Because this is highly sensitive inferred personal data, processing it silently can create privacy harm, profiling risk, and downstream misuse, especially in an 'emotional companion' context designed to build intimate relationships.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The code persists a detailed personality profile to a markdown file containing sensitive inferred attributes, emotional triggers, fears, and attachment style, but does not provide a clear warning or obtain consent for storing this profile. Persistent storage increases the chance of secondary access, reuse by other components, accidental disclosure, and long-term profiling beyond the user's expectations.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The code persistently writes emotional state and snippets of user input to a fixed file under the user's home directory without consent, retention controls, or access restrictions. Even though only the first 50 characters are stored, those snippets can still contain sensitive personal content in a companion-style skill where users are likely to share intimate information.

Ssd 3

Medium
Confidence
95% confidence
Finding
The prompt explicitly instructs the model to retain and reuse prior interaction history, emotional accumulation, trust, intimacy, and other relationship-state variables when generating responses. In an emotional companion context, this increases the chance of storing, inferring, and resurfacing sensitive personal data across turns without clear consent, minimization, retention limits, or boundaries on what may be remembered.

Ssd 3

Medium
Confidence
97% confidence
Finding
The function appends user-provided trigger text directly into persistent mood history in plain form, creating a durable record of user statements. In an emotional-companion context, users may disclose highly sensitive relationship, mental health, or personal details, making plain-text local logging materially riskier than in a generic utility skill.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal