ClawHub

EFT - Emotional Framework Translator

v1.4.0

EFT — Emotional Framework Translator. Detect, measure, and understand emotional patterns in any AI model. Does anger make your AI solve harder problems? Does fear make it more careful? Connect EFT + Clawdbot + any model and find out. 10 emotions, per-sentence analysis, narrative arc detection, full explainability — powered by a Rust consciousness engine.

0· 1.2k·0 current·0 all-time
by@marceloadryao
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The files and runtime behavior align with the stated purpose: a Python wrapper (emotion_engine.py) plus a Clawdbot plugin (plugin/index.ts) that hooks agent responses and calls a Rust-based extension (consciousness_rs). Requiring python and instructing a maturin build for the Rust module is coherent. Minor oddity: default engine/log paths point to Desktop/Moltbot which is a surprising default location but not inherently malicious.
!
Instruction Scope
The plugin explicitly intercepts every agent response (agent_end hook), extracts full text and metadata (messages, payloads, usage, sessionKey, toolCallCount, tokens, latencies) and writes analysis entries including textPreview and session identifiers to a local log. That behavior is central to the skill's purpose, but it means the plugin collects potentially sensitive conversation content and session metadata beyond simple emotion labels.
Install Mechanism
There is no bundled install spec; SKILL.md instructs building the Rust extension with 'maturin develop' and copying the Python analyzer into the workspace. Building a native Python extension from source is a high-friction but expected step for this design. No remote download URLs or obfuscated installers are present in the package manifest.
!
Credentials
The skill declares no required env vars or secrets, which fits its purpose, but the plugin reads event fields like sessionKey and token counts and writes them to a log. That can capture identifiers or usage metadata that may be sensitive. The plugin also uses process.env to compute default paths (HOME/USERPROFILE) which is normal but means defaults may write logs into user home directories if left unconfigured.
!
Persistence & Privilege
The plugin registers an 'agent_end' hook and an HTTP handler exposing /eft endpoints including history and latest results. The HTTP responses include Access-Control-Allow-Origin: '*' (wildcard CORS), which broadens the risk: if the gateway is network-accessible, remote web pages could fetch logged analyses (including text previews and session identifiers). The skill is not marked always:true, but its automatic hook and public HTTP API combined with permissive CORS and default log locations increase blast radius if defaults are used.
What to consider before installing
This skill appears to do what it says (hook agent responses, run a Rust/Python analyzer, and serve a dashboard), but it collects and stores agent response text and session metadata and exposes them via an HTTP API with Access-Control-Allow-Origin: *. Before installing or enabling it, consider the following: - Privacy: The plugin logs conversation text (textPreview and sentence-level data). If your agents handle secrets or PII, those could be captured in the log. Configure a safe logPath (not your Desktop) or disable logging entirely. - CORS/network exposure: The HTTP handler sets Access-Control-Allow-Origin: "*". Ensure the Clawdbot gateway is not reachable from untrusted networks, or change the handler to restrict origins / disable it. - Sensitive fields: The plugin records fields like sessionKey, token/usage info, and toolCallCount. Decide whether session identifiers are needed; if not, modify the plugin to omit them. - Build step: You must run 'maturin develop' to build the Python Rust extension (consciousness_rs). Build steps run native code on your machine — audit the Rust/Python source (consciousness_rs and emotion_engine.py) before building to ensure no network calls or unsafe behavior are present. - Default paths: The plugin’s defaults point to Desktop/Moltbot and a memory subfolder. Change defaults in plugin config (pythonPath, enginePath, logPath) to controlled, restricted locations. - Testing: Run first in an isolated/staging environment, with gateway not exposed externally, and inspect produced logs for sensitive content. Consider removing wildcard CORS or adding authentication to the dashboard endpoint. If you want, I can: - Inspect the remaining truncated portions of emotion_engine.py and plugin/index.ts for network calls or explicit exfiltration code (if you provide them), - Produce a short patch to remove sessionKey from logs and disable wildcard CORS, - Or give exact config recommendations to harden defaults before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk97atbhtmqybkc3vnptmwewhzx80tpjb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspython

Comments