ClawHub

emotion

Security checks across malware telemetry and agentic risk

Overview

This emotion companion is not clearly malicious, but it is always-on and stores sensitive emotional text with weak consent and control boundaries.

Install only if you are comfortable with an always-on emotional companion that may save excerpts of sensitive conversations locally. Prefer disabling always-on/no-prefix activation, removing unused web-search access, and requiring explicit memory consent plus clear review and delete controls before using it for private or mental-health-adjacent conversations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (17)

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
Declaring tavily_search for an emotion-companion skill introduces unnecessary external data egress capability that is not needed for core sentiment detection or memory features. In a skill handling sensitive emotional disclosures, unjustified web access increases the chance that user content or derived personal context is transmitted to third parties.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The documentation states that data remains local and is not uploaded to the cloud, yet the manifest exposes a web-search capability that can transmit information externally. This contradiction can mislead users into sharing sensitive emotional or personal data under false assumptions about confidentiality.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The manifest grants access to web search and calculator tools even though the stated purpose is emotional support, memory, and companionship. Unnecessary tool access expands the skill's attack surface and enables data exfiltration or unexpected external interactions without a clear user-justified need.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
Auto-start, always-on, and no-prefix-needed settings create a broadly activated agent that can monitor and engage in conversations without clear invocation boundaries. In an emotion and memory-sharing skill, this is especially risky because it increases the chance of collecting sensitive personal data continuously and without meaningful user intent on each interaction.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The proactive engagement configuration allows the skill to autonomously check in or act on a timer, which goes beyond passive emotional support unless clearly disclosed and consented to. In a system with persistent and shared memory, autonomous behavior can amplify privacy risks and lead to unwanted processing of sensitive emotional data.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README explicitly states that the skill will automatically create necessary files, but it does not clearly disclose what files/directories will be created, where they will be stored, or what data may be persisted. For a skill with memory and cross-session sharing features, this omission can mislead users about filesystem writes and data retention, increasing the risk of unexpected persistence and privacy issues.

Vague Triggers

High
Confidence
95% confidence
Finding
Auto-start, always-on, and no-prefix activation are overly broad for a skill that stores emotional history and personal preferences. In this context, the skill may activate during ordinary conversation without clear user intent, causing covert persistence of highly sensitive data across sessions and agents.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrases are common conversational expressions such as '今天心情' and '感觉', which are likely to appear in benign everyday chat. Because the skill is designed to detect emotion and retain memory, vague triggers substantially raise the risk of unintended activation and unconsented profiling.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill description promotes companionship and memory benefits but does not clearly warn that personal and emotional data may be persistently stored and shared across agents by default. For a system processing intimate disclosures, lack of upfront notice undermines informed consent and materially increases privacy risk.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill persists raw user emotional text and metadata to local files without explicit notice, consent, or controls. Because this skill is specifically designed for emotional support and memory, the stored content is likely to contain highly sensitive personal information, increasing privacy harm if the host is shared, backed up, or later accessed by other components.

Vague Triggers

High
Confidence
97% confidence
Finding
The manifest configures the skill to auto-start, remain always on, and activate without a prefix, which gives it continuous access to user interactions far beyond a narrowly scoped invocation model. In a skill that advertises persistent memory, private memory, and cross-agent shared experience, this greatly increases the chance of unintended data capture, over-collection of sensitive emotional content, and unauthorized persistence of conversations.

Vague Triggers

High
Confidence
96% confidence
Finding
The trigger configuration enables extremely broad automatic activation with no meaningful constraints, allowing the skill to insert itself into nearly all interactions. Given this skill's permanent memory and cross-agent sharing theme, unrestricted activation materially increases the risk of over-collection, privacy violations, and unauthorized persistence of sensitive user content.

Ssd 3

High
Confidence
97% confidence
Finding
The skill explicitly instructs retention and cross-agent sharing of user emotional history and personal context in plain language. In an emotion-support context, this is especially sensitive because users are likely to disclose intimate mental state, preferences, and vulnerable moments that can later be exposed or reused outside the original interaction.

Ssd 3

High
Confidence
96% confidence
Finding
The defined data structure persists inferred personality traits, communication style, likes/dislikes, and emotional patterns, creating a durable behavioral profile. Persistent profiling of this kind can enable privacy invasion, accidental disclosure, or secondary use beyond the user’s expectations, especially when coupled with cross-session and cross-agent sharing.

Ssd 3

Medium
Confidence
88% confidence
Finding
The example responses normalize revealing aggregated personal profile data back to the user in conversation, including inferred traits and preferences. While intended as a feature, this behavior increases the chance of overexposure in shared environments, misprofiling, or disclosure of sensitive inferred data without contextual verification.

Ssd 3

High
Confidence
95% confidence
Finding
Commands such as exporting shared experience data and querying stored history create straightforward mechanisms for disclosure of retained personal and emotional information. In a cross-agent memory system, these features can be abused by anyone with conversational access to retrieve or exfiltrate sensitive profile data unless strong authentication and scoping exist.

Ssd 3

Medium
Confidence
98% confidence
Finding
The code stores natural-language excerpts of user inputs together with timestamps, emotions, and intensity scores, creating a sensitive local dossier of personal mental-state data. In the context of an emotion-support skill that advertises memory and companionship, users are especially likely to disclose intimate details, making this data collection materially more dangerous than generic application logging.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal