FearBot ๐ซฃ
v1.0.0CBT-based therapy for anxiety, depression, stress, and trauma. Provides structured cognitive behavioral therapy using Beck's model with validated clinical assessments (GAD-7, PHQ-9, DASS-21, PCL-5). Includes crisis detection, thought records, differential diagnosis, and session tracking. Activate with "therapy mode", "fearbot", or "start therapy".
โญ 5ยท 1.7kยท0 currentยท0 all-time
MIT-0
Download zip
LicenseMIT-0 ยท Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name, description, and included reference prompts all align with an AI CBT assistant. However, the skill.json declares required binaries [bash, jq] while the shipped script clearly uses sqlite3 (and common POSIX tools like sed, sqlite3, date, tr) โ sqlite3 is not listed as a required binary. Also SKILL.md and README claim therapy data are stored as JSON/MD files under ~/clawd/data/therapy/ (sessions.json, assessments.json, thought-records.md, mood-log.json), but the included script actually writes a SQLite DB at ${OPENCLAW_WORKSPACE:-${HOME}/clawd}/data/therapy.db. Those inconsistencies between declared capabilities, filenames, and the actual implementation are disproportionate and need clarification.
Instruction Scope
The documentation and reference files instruct the agent to include a 'Crisis Detection' layer that monitors 'ALL messages' and says the crisis layer is 'ALWAYS active' and 'monitors every user message.' It's unclear whether 'every message' means (a) every therapy-related message while in a therapy session (expected), or (b) every user message across the entire agent context/system (scope creep). The skill also instructs assembling a system prompt containing full session context pulled from local DB โ legitimate for therapy โ but because the prompts say to use the agent's broader message context (sleep patterns, daily messages, work stress), the skill implicitly expects access to the agent's full message history. If deployed, that expands the skill's observational surface beyond isolated therapy interactions; confirm explicit boundaries and consent. The instructions reference local file paths and the SQLite DB; they do not send data externally (the SKILL.md explicitly says so).
Install Mechanism
This is an instruction-only skill with a single shell script and no install spec โ no external downloads or remote install URLs are present. That minimizes supply-chain risk. The script will create and write a local SQLite DB; nothing in the package downloads remote code or executables.
Credentials
No required environment variables or credentials are declared, which is good for privacy. However the script reads OPENCLAW_WORKSPACE optionally to determine DB location but does not declare it. The bigger proportionality issue is functional: the skill asks to use the agent's full context (messages, sleep patterns, relationships) โ that requires the agent to grant the skill broad read access to user messages and possibly other personal data. That level of contextual access is not expressed as a declared permission and should be explicitly consented to. Also storage of sensitive mental health data is unencrypted SQLite on disk by default; there is no mention of optional encryption, permission controls, or retention policy.
Persistence & Privilege
The skill is not forced-always (always:false) and is user-invocable, which is appropriate. However the design documents assert an 'always active' crisis layer in the prompt assembly; if implemented to monitor all agent messages globally, that would be a persistence/privilege concern. As-is, there is no install-time mechanism requesting global persistent inclusion, but you should confirm whether the deployment will cause the crisis-monitoring prompt to be injected into all agent interactions or only therapy sessions.
What to consider before installing
What to check before installing:
1) Dependency and runtime checks
- Confirm sqlite3 is available on the host (the script uses sqlite3) and that the agent environment provides sed, tr, date, and other standard shell tools.
- The skill.json only listed bash and jq; ask the author to update requires to include sqlite3 (and jq if actually used).
2) Data storage and privacy
- The SKILL.md/README promise 'all therapy data stays LOCAL' but the code stores data in a SQLite DB at ${OPENCLAW_WORKSPACE:-${HOME}/clawd}/data/therapy.db. This differs from the listed JSON/MD filenames โ clarify the canonical storage location and file formats.
- Confirm whether the database is encrypted, whether backups are created, and who else on the machine (other users, automated backups, cloud sync) could access ~/clawd.
- Decide whether you are comfortable storing sensitive mental-health data unencrypted on disk; if not, request an encrypted-storage option or filesystem-level protections.
3) Scope of monitoring and consent
- The crisis layer language indicates it 'monitors ALL messages.' Ask whether that monitoring is restricted to therapy sessions and assembled prompts, or whether it will be scanning every message the agent processes globally. If it's the latter, that is scope creep and a privacy risk โ do not install until the author clarifies and documents required permissions and consent flows.
4) Crisis behavior and escalation
- The crisis protocol is explicit and appropriate (it stops therapy and gives resources). Confirm whether any automatic outbound communication (e.g., contacting emergency services or external parties) could be triggered โ the package currently does not show any network calls, which is safer. Still, ensure the agent will not post data externally without explicit permission.
5) Source and provenance
- The 'Source' is unknown and the homepage points to a ClawHub URL while skill.json lists a GitHub homepage. Prefer installing skills from authors/repositories you trust. Ask for a canonical source repository, commit history, and a signed release.
6) Operational testing
- Test in a sandboxed account first. Verify where files are written, that the crisis prompts behave as documented, and that nothing is exfiltrated.
If the author can clarify and fix the dependency declarations, document exact monitoring scope and consent, and provide clear storage/encryption/retention options, the skill would be coherent. Until then, treat it with caution and do not grant it broader messaging access or install it on systems with other users' sensitive data.Like a lobster shell, security has layers โ review code before you run it.
latestvk975ze2v9z6pwt1k38s1n6nq4h80hcn4
License
MIT-0
Free to use, modify, and redistribute. No attribution required.