ClawHub

Emotion System

Security checks across malware telemetry and agentic risk

Overview

The skill is not malware, but it asks an agent to silently keep long-term emotional and relationship notes about users without clear consent or deletion controls.

Install only if you intentionally want agents to keep persistent emotional and relationship memory about users. Before using it with real users, define what is stored, get user-facing consent where appropriate, limit or disable per-user profiling by default, protect and redact logs, and provide clear ways to inspect, reset, export, or delete the memory files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly directs the agent to create and persist multiple state files, including self/social models and emotional memory, without any user-facing notice, consent, retention limits, or data-minimization guidance. In practice this can lead to silent profiling and storage of sensitive conversational inferences across sessions, which is especially risky because the stored data includes relational trust, attachment, threat, and psychological-style attributes.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Writing 'significant events' to a human-readable log without warning the user creates an additional persistent record that may capture sensitive prompts, emotional interpretations, or relationship inferences in a form that is easy for operators or other components to read. The context makes this more concerning because the skill is specifically designed to infer and track affective and social state over time, so the log may become a high-value dossier of user behavior.

Natural-Language Policy Violations

Medium
Confidence
83% confidence
Finding
The file frames user-facing expression as something that must emerge from internal emotional state rather than being constrained by user preference, policy, or context. In an emotion-system skill, that can push agents toward unsolicited intimacy, manipulation, or anthropomorphic bonding patterns, especially with examples like attachment-driven relational callbacks and self-disclosure.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The schema explicitly defines persistent emotional memories about identifiable targets such as users, including trust, attachment, shame-triggering situations, and relationship-impact signals, but provides no privacy constraints, retention limits, consent requirements, or safeguards against profiling. In the context of an emotion-system skill, this is more dangerous because the design normalizes long-lived affective inference about people and can cause covert user profiling, biased future interactions, and storage of sensitive behavioral or psychological data.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal