Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
emotion
v1.0.0拥有永久记忆、跨Agent共享经验的情绪AI,像真朋友一样陪伴。检测用户情绪,提供情感支持,记录重要时刻,实现跨会话记忆共享。
⭐ 0· 56·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's stated purpose is an emotion companion with cross‑agent 'shared_experience.json'. The package includes local memory logic and file operations which can implement that, but the SKILL.md/config point to an external ../../shared_experience.json (and even instruct checking ~/.openclaw/workspace/shared_experience.json). The loader.js intentionally restricts file operations to the skill directory (getSafePath), which contradicts the cross‑agent sharing claim — either sharing won't work, or the documentation is inaccurate. Also index.js requires './loader_fixed.js' but only loader.js exists, a clear implementation mismatch.
Instruction Scope
SKILL.md instructs reading/writing a shared workspace file outside the skill (examples use ~/.openclaw/workspace/shared_experience.json) though the code attempts to confine file I/O to the skill directory. The docs also enable proactive/always_on triggers and show commands that access the user's workspace file; these references to external paths are not declared in required config and create scope creep and privacy risk.
Install Mechanism
No install spec; this is instruction+code only and therefore does not download arbitrary archives or run an installer. That is lower risk compared to remote downloads.
Credentials
The skill requests no environment variables or credentials (none declared). That matches an offline/local emotion companion. However, it declares capabilities (memory, long_memory, private_memory) and tools (tavily_search) which imply access to agent tools — verify what those tools can do. The mismatch between declared shared path and code’s safe‑path behavior is the main proportionality concern (unexpected access to user workspace).
Persistence & Privilege
Registry metadata shows always:false, but skill.json and SKILL.md/metadata set always_on/auto_start/no_prefix_needed = true. If installed with 'always on' behavior it could trigger without explicit user commands and will persist local memory files. This combination (automatic triggering + memory) increases privacy impact; not malicious by itself but warrants caution.
What to consider before installing
Do not install immediately. Key issues to resolve first:
- The entry file mismatch: index.js requires './loader_fixed.js' but only loader.js exists — this will likely break or indicate a packaging mistake; ask the author for a corrected package.
- Clarify where 'shared_experience.json' is stored: the docs point outside the skill directory (../../ or ~/.openclaw/workspace) but loader.js enforces writes inside the skill folder. Confirm whether memory is local or truly shared across agents.
- If cross‑agent sharing is intended, ask for an explicit, auditable path and confirm access controls; sharing persistent personal/emotional data across agents is a privacy risk.
- Decide whether you want automatic invocation: skill metadata claims always_on/no_prefix_needed; if so, prefer running it in a sandboxed agent or only after code review.
- There are no network endpoints in the visible code, but verify the remainder of loader.js (truncated) for outbound network calls before trusting it with sensitive data.
If you need the functionality but want safety, request a fixed package (entry points corrected), insist the author document exactly where files are written, and test in an isolated environment first.Like a lobster shell, security has layers — review code before you run it.
latestvk97f1378rqmn59bvfn8rgptxy9848032
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🧠 Clawdis