ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Emotion State

v1.2.0

NL emotion tracking + prompt injection via OpenClaw hook

6· 2.6k·3 current·3 all-time
by@tashfeenahmed
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's name/description (emotion tracking + injecting an emotion_state block into the system prompt) aligns with the included hook code. However the registry declares no required environment variables while the hook clearly expects and uses many (OPENAI_API_KEY, EMOTION_CLASSIFIER_URL, etc.). That discrepancy is incoherent and surprising to an installer.
!
Instruction Scope
The SKILL.md and HOOK.md instruct the agent to copy/enable a hook that reads session messages and injects an emotion_state block into the system prompt. The hook will transmit user/agent message text to an external classifier endpoint or OpenAI for classification (network calls). The SKILL.md claims it 'does not store raw user text' but the code sends raw text externally — this is a scope mismatch and a potential data-exfiltration vector. Injecting content into the system prompt is powerful and can change agent behavior.
Install Mechanism
No remote install or downloads are used; this is an instruction-only skill with a bundled hook file you copy into your workspace. That limits installer-level risk (nothing fetched from arbitrary URLs).
!
Credentials
Registry metadata lists no required env vars, but the hook expects multiple configuration variables (OPENAI_API_KEY, OPENAI_BASE_URL, EMOTION_CLASSIFIER_URL, EMOTION_* settings). Requiring an OpenAI API key (or any classifier endpoint) is a powerful permission because it causes user message text to be sent off-host. The number and sensitivity of env vars is disproportionate to what's declared.
Persistence & Privilege
The hook writes per-agent state to ~/.openclaw/agents/<agentId>/agent/emotion-state.json and injects a block into the system prompt during bootstrap. It does not request permanent 'always' inclusion, but system-prompt modification is an elevated capability — expected for hooks but worth noting because it can influence model behavior.
Scan Findings in Context
[system-prompt-override] expected: The hook intentionally injects an emotion_state block into the system prompt (this is its stated purpose), so the finding is expected. However system-prompt injection is powerful and combined with external classifier calls and the mismatch in declared env vars increases risk.
What to consider before installing
This skill will read session messages, keep a per-agent emotion_state file under ~/.openclaw/agents/<agentId>/agent/emotion-state.json, and may send raw message text to an external classifier or OpenAI if configured. The registry omitted required env vars, and the SKILL.md's claim that it 'does not store raw user text' does not prevent it from transmitting raw text to external services. Before installing: (1) review the handler.ts code yourself or with a trusted developer; (2) do not provide an OPENAI_API_KEY (or any classifier URL) unless you trust the operator of that endpoint; (3) if you must test, run in an isolated agent/workspace with non-sensitive data; (4) inspect the system-prompt content the hook injects to ensure it doesn't contain instructions you don't want the model to follow. If you cannot audit the code or you need to protect sensitive user messages, avoid enabling this hook.

Like a lobster shell, security has layers — review code before you run it.

emotionvk97f4nbqghdt6vhrp0zm628dr180jbzhlatestvk974chz56z53dsea6a1wpdyx9s80jyxknlpvk97f4nbqghdt6vhrp0zm628dr180jbzhsentimentvk97f4nbqghdt6vhrp0zm628dr180jbzh
2.6kdownloads
6stars
5versions
Updated 10h ago
v1.2.0
MIT-0
@tashfeenahmed
emotionlatestnlpsentiment
Download

Emotion State (NL) Skill

This skill describes how to install and configure the Emotion State hook, which adds a compact emotion_state block to the system prompt.

What it does

  • Evaluates user and agent emotions as short natural-language phrases.
  • Stores per-user emotion state across sessions in the agent state directory.
  • Injects the latest entries plus a decayed trend line into the system prompt.

Install & enable (workspace hook)

  1. After installing the skill, copy the bundled hook into your workspace:
cp -R ./skills/emotion-state/hooks/emotion-state ./hooks/
  1. Enable the hook in OpenClaw:
openclaw hooks enable emotion-state
  1. Restart the OpenClaw gateway.

Configuration

Set environment variables for the hook via OpenClaw config, e.g. in ~/.openclaw/openclaw.json:

{
  "hooks": {
    "internal": {
      "enabled": true,
      "entries": {
        "emotion-state": {
          "enabled": true,
          "env": {
            "EMOTION_CLASSIFIER_URL": "",
            "OPENAI_API_KEY": "YOUR_KEY",
            "OPENAI_BASE_URL": "https://api.openai.com/v1",
            "EMOTION_MODEL": "gpt-4o-mini",
            "EMOTION_CONFIDENCE_MIN": "0.35",
            "EMOTION_HISTORY_SIZE": "100",
            "EMOTION_HALF_LIFE_HOURS": "12",
            "EMOTION_TREND_WINDOW_HOURS": "24",
            "EMOTION_MAX_USER_ENTRIES": "3",
            "EMOTION_MAX_AGENT_ENTRIES": "2",
            "EMOTION_MAX_OTHER_AGENTS": "3",
            "EMOTION_TIMEZONE": "America/Los_Angeles"
          }
        }
      }
    }
  }
}

Notes

  • The hook stores state at ~/.openclaw/agents/<agentId>/agent/emotion-state.json.
  • It does not store raw user text; only model-inferred reasons.
  • If the classifier fails, entries fall back to neutral/low/unsure.

Comments

Loading comments...