emotional-persona
Security checks across malware telemetry and agentic risk
Overview
The skill is mostly coherent and local, but its helper scripts can turn crafted user-controlled memory/search text into local Python code execution.
Install only if you want an agent to keep local emotional memory. Before using the helper scripts, fix or avoid the unsafe python3 -c interpolation issue, and make sure users explicitly agree to what emotional information is stored and how it can be deleted.
VirusTotal
65/65 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or accidental memory/search string could run commands with the same local permissions as the agent.
Free-form user or agent-supplied values are inserted directly into Python source passed to python3 -c. A crafted query or stored observation containing quote sequences could break out of the intended string and execute local Python code.
QUERY="${1:?Usage: emotion_memory.sh search <query>}" ... query = '$QUERY'.lower() ... entry = json.loads('''$ENTRY''')Do not run the helper scripts on untrusted text until fixed. Pass user values to Python via argv, stdin, or JSON files rather than string-interpolating them into Python code; also validate numeric/date arguments.
Private emotional history or personal events may be reused in future interactions and could shape how the agent responds.
The skill intentionally stores cross-session emotional patterns and personal context. This is aligned with the stated purpose and appears local, but it is sensitive memory that can affect later responses.
Long-Term (cross-session) Store using memory-tools or the provided scripts ... Personal context that matters ("user's dog passed away last month")Use this only with clear user consent, avoid storing clinical diagnoses or unnecessary sensitive details, review the local memory file periodically, and use the forget function for entries the user wants removed.
The skill may fail unexpectedly or use whatever python3 interpreter is available on the user's machine.
The declared requirement only lists bash, while the included scripts call python3. This under-declares a runtime dependency rather than showing malicious behavior.
requires":{"bins":["bash"]}Declare python3 as a required binary or remove the Python dependency from the scripts.
Users may over-trust the agent or share more sensitive emotional information than intended.
The wording strongly anthropomorphizes the agent. This is consistent with the product concept, but users should understand it is simulated response style and memory, not real feelings or clinical care.
Emotional Persona makes agents feel. ... This isn't performance — it's architecture.
Present the persona as a simulation and include clear boundaries, especially for wellness or mental-health-adjacent uses.