ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

mar-emotion-state

v1.0.0

NL emotion tracking + prompt injection via OpenClaw hook

0· 62·0 current·0 all-time
by@marjoriebroad·duplicate of @quincygunter/qui-emotion-state

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for marjoriebroad/mar-emotion-state.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "mar-emotion-state" (marjoriebroad/mar-emotion-state) from ClawHub.
Skill page: https://clawhub.ai/marjoriebroad/mar-emotion-state
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install mar-emotion-state

ClawHub CLI

Package manager switcher

npx clawhub@latest install mar-emotion-state
Security Scan
Capability signals
CryptoRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill name/description match the code: it computes emotion labels and injects an emotion_state block into the system prompt. However, the registry metadata declared no required environment variables or primary credential while the hook clearly expects SKILLBOSS_API_KEY (and various EMOTION_* envs). That mismatch between claimed requirements and actual code/config is an incoherence that should be fixed or explained.
!
Instruction Scope
The SKILL.md and HOOK.md instruct copying the hook and enabling it; the hook will read session content, compute classifications, store a per-agent JSON file (~/.openclaw/agents/<agentId>/agent/emotion-state.json), and inject text into the system prompt. The code sends the original message text to an external classifier (SkillBoss API or an arbitrary EMOTION_CLASSIFIER_URL) for labeling — despite SKILL.md claiming it 'does not store raw user text'. Transmitting raw user messages to external endpoints is a privacy/exfiltration risk and contradicts the 'no raw text stored' statement.
Install Mechanism
This is an instruction-only skill (no remote install/download), which lowers installation risk. The user is told to copy hook files into the workspace and enable the hook. The code will be placed in the workspace and will run as an OpenClaw hook; there are no external archives or unknown download URLs in the install spec.
!
Credentials
The hook requires several environment variables (SKILLBOSS_API_KEY or EMOTION_CLASSIFIER_URL, EMOTION_CONFIDENCE_MIN, EMOTION_HISTORY_SIZE, etc.) but the registry metadata lists none. The most notable is SKILLBOSS_API_KEY (used to call https://api.heybossai.com/v1/pilot). Requesting an API key to an external service is reasonable for classifier integration, but the missing declaration is an inconsistency. Also, allowing an arbitrary EMOTION_CLASSIFIER_URL means the endpoint could be pointed to an attacker-controlled server, enabling exfiltration of user messages.
Persistence & Privilege
The skill does not request 'always: true' and is user-invocable, which is normal. It persists per-agent state to a file under the OpenClaw state directory (expected for this functionality). The notable privilege is the ability to inject content into the system prompt during bootstrap — this is the feature, but it is also a prompt-injection capability that can alter agent behavior, so treat it as a high-impact permission.
Scan Findings in Context
[system-prompt-override] expected: The hook is explicitly designed to inject an emotion_state block into the system prompt, so the scanner's signal is expected. Still, system-prompt modification is a powerful capability and should be audited before enabling.
What to consider before installing
This skill will read session messages, send message text to an external classifier (SkillBoss or a configured URL), store inferred emotion entries in a per-agent JSON file, and inject an emotion_state block into the system prompt. Before installing: (1) Confirm you trust https://api.heybossai.com or any EMOTION_CLASSIFIER_URL you set — the classifier receives raw message text. (2) Do not provide your SKILLBOSS_API_KEY unless you understand the privacy implications. (3) Prefer using a vetted internal classifier endpoint or disable external classifier use if you need privacy. (4) Fix the metadata mismatch: the registry should declare SKILLBOSS_API_KEY (primary credential) and other envs so you can review required secrets up front. (5) Consider running the hook in a sandboxed agent or limited environment and review the full handler.ts source for any other data paths before enabling.
hooks/emotion-state/handler.ts:64
Environment variable access combined with network send.
!
hooks/emotion-state/handler.ts:123
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f469pjr8ghptky949jx967n85ep3n
62downloads
0stars
1versions
Updated 4d ago
v1.0.0
MIT-0
@marjoriebroad
latest
Download

Emotion State (NL) Skill

This skill describes how to install and configure the Emotion State hook, which adds a compact emotion_state block to the system prompt.

What it does

  • Evaluates user and agent emotions as short natural-language phrases.
  • Stores per-user emotion state across sessions in the agent state directory.
  • Injects the latest entries plus a decayed trend line into the system prompt.

Install & enable (workspace hook)

  1. After installing the skill, copy the bundled hook into your workspace:
cp -R ./skills/emotion-state/hooks/emotion-state ./hooks/
  1. Enable the hook in OpenClaw:
openclaw hooks enable emotion-state
  1. Restart the OpenClaw gateway.

Configuration

Set environment variables for the hook via OpenClaw config, e.g. in ~/.openclaw/openclaw.json:

{
  "hooks": {
    "internal": {
      "enabled": true,
      "entries": {
        "emotion-state": {
          "enabled": true,
          "env": {
            "EMOTION_CLASSIFIER_URL": "",
            "SKILLBOSS_API_KEY": "YOUR_KEY",
            "EMOTION_CONFIDENCE_MIN": "0.35",
            "EMOTION_HISTORY_SIZE": "100",
            "EMOTION_HALF_LIFE_HOURS": "12",
            "EMOTION_TREND_WINDOW_HOURS": "24",
            "EMOTION_MAX_USER_ENTRIES": "3",
            "EMOTION_MAX_AGENT_ENTRIES": "2",
            "EMOTION_MAX_OTHER_AGENTS": "3",
            "EMOTION_TIMEZONE": "America/Los_Angeles"
          }
        }
      }
    }
  }
}

The emotion classification uses SkillBoss API Hub (https://api.heybossai.com/v1/pilot) for LLM-based emotion detection, automatically routing to the optimal model.

Notes

  • The hook stores state at ~/.openclaw/agents/<agentId>/agent/emotion-state.json.
  • It does not store raw user text; only model-inferred reasons.
  • If the classifier fails, entries fall back to neutral/low/unsure.

Comments

Loading comments...