Openclaw
PassAudited by ClawScan on May 1, 2026.
Overview
This looks like a straightforward EmotionWise API integration; the main things to notice are that text is sent to an external service, an API key is required, and the registry source is not declared.
Before installing, confirm you trust the publisher and EmotionWise endpoint, keep the API key private, and avoid sending confidential text unless you are comfortable with the provider processing it.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Text analyzed with this skill may be processed by a third-party service.
The skill sends the text being analyzed to the external EmotionWise API. This is disclosed and central to the purpose, but it affects privacy for any sensitive text the user submits.
POST https://api.emotionwise.ai/api/v1/tools/emotion-detector ... { "message": "<text>" }Avoid submitting secrets or private content unless you are comfortable with EmotionWise’s data handling terms.
Anyone with access to the configured key could potentially use the associated EmotionWise account or quota.
The skill requires an EmotionWise API key for authenticated requests. This is expected for the service integration, but the key may grant usage quota or account access for that provider.
X-API-Key: $EMOTIONWISE_API_KEY
Store the API key securely, use a limited-scope key if available, and rotate or revoke it if it may have been exposed.
It may be harder to confirm that this package is the intended official EmotionWise skill.
The registry metadata does not declare a source repository. The supplied artifacts are simple and instruction-only, but users have less provenance information to verify the package origin.
Source: unknown
Verify the publisher, homepage, and package source before configuring an API key.