Skillv1.0.0

ClawScan security

emotional-persona · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 6, 2026, 9:58 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly matches its stated purpose (adds an emotional persona and local memory) and does not phone home, but there are a few incoherences and privacy/implementation issues you should understand before installing.
Guidance: This skill appears to implement an in-agent emotional persona with local memory and reporting; it does not contact external servers. Before installing, note the following: (1) The shipped scripts call python3 but the skill only declares bash as required — ensure python3 is available or add it to the skill requirements. (2) The skill stores user-sensitive, cross-session data in data/emotional_memory.json (retention_days defaults to 180). If you will store personal info, consider disk encryption, access controls, or shortening retention. (3) The SKILL.md mentions a 'crisis' safety protocol, but the scripts do not implement external escalation — do not rely on this skill to contact emergency services. (4) The code has some small bugs/fragile one‑liners (e.g., tag parsing in emotion_memory.sh is likely broken) which are implementation issues but not obviously malicious. (5) The skill runs only on macOS/Linux per metadata. If you accept local storage of personal context and can address the python3 requirement and privacy controls, this is probably usable; otherwise treat it cautiously or ask the author to fix the metadata, add tests for the scripts, and document storage/encryption/consent behavior.

Review Dimensions

Purpose & Capability: noteThe name, description, SKILL.md, config.example.json, and included scripts all align: the skill implements local emotional state, personality, and a local emotional-memory store/reporting tool. However the included shell scripts call python3 even though the declared required binaries list only 'bash' (metadata and SKILL.md require bash). This is an environment-declaration mismatch that can cause runtime failures.
Instruction Scope: concernInstructions explicitly direct the agent to detect user emotion, store recurring personal patterns and contextual details (e.g., 'user's dog passed away'), and persist cross-session memory. The SKILL.md includes crisis-detection language and a 'crisis_action' setting, but the shipped scripts do not implement external escalation — they only write/read local files. That mismatch (implied safety action vs. no networked/rescue behavior) and the explicit guidance to store sensitive personal context are scope items you should consider as privacy risks.
Install Mechanism: okNo install spec is provided (instruction-only plus shipped scripts). That is the lowest installation risk — nothing is downloaded or executed from external URLs during install. The skill will write files under its own data directory at runtime.
Credentials: concernThe skill declares no required environment variables or credentials, which is appropriate. However the scripts require python3 at runtime (they call python3 in several places) but the metadata only lists bash as a required binary — that is an inconsistency. Also the skill persists potentially sensitive personal data locally (config.example.json shows retention_days: 180) — no encryption or access control is provided by the scripts.
Persistence & Privilege: noteThe skill is not always-enabled and does not request elevated privileges. It writes local memory files under a data directory inside the skill (data/emotional_memory.json and data/emotional_state.json). That gives it cross-session persistence (intended), so consider retention settings, backups, and whether storing personal data on disk is acceptable for your environment.