Back to skill

Security audit

Mood Simulator

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real mood-tracking skill, but it stores and shares sensitive mood and behavior inferences more broadly than its user-facing description explains.

Install only if you are comfortable with local mood, energy, focus, context, and behavioral-pattern history being saved under the OpenClaw workspace and with mood-derived signals being available to other local components. Avoid using it with sensitive health or personal details unless the publisher adds clearer disclosure, opt-in controls, retention limits, and a way to delete stored history.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (15)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The document expands a mood/energy/focus skill into health-state inference using health records, sleep, exercise, and stress indicators. That introduces sensitive health profiling beyond the stated purpose, increasing privacy risk and the chance of collecting or deriving special-category personal data without clear necessity, consent, or safeguards.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
Using health records and health-status assessment is not clearly justified by a 'mood simulator' and creates a purpose-creep problem. Even if intended for personalization, inferring sleep quality, exercise frequency, and stress from conversations can expose sensitive traits and lead to overcollection relative to the stated function.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The script publishes mood-state and pattern-derived signals to a cross-skill mechanism even though the skill’s stated purpose is local mood evaluation/tracking. Sharing inferred emotional state outside the skill boundary increases privacy exposure and creates an unnecessary data flow that other components could consume for profiling or behavior steering.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
This file implements a generalized local event bus with publish, read, resolve, batching, stats, and retention management, which materially exceeds the stated purpose of a mood-simulation skill. Broad file-based signaling in a shared workspace can enable unintended cross-component communication and persistence of potentially sensitive payloads, increasing the attack surface and creating opportunities for covert coordination or data exposure.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The code creates a local inter-process signaling mechanism under ~/.openclaw/workspace/.soul/signals with durable storage and cleanup logic, despite the skill being described as an emotion-state simulator. In this context, hidden or unjustified IPC-style capabilities are risky because they can be repurposed for unauthorized message passing, state tracking, or persistence outside the user-visible feature set.

Vague Triggers

Medium
Confidence
87% confidence
Finding
Broad trigger conditions like emotional shifts or energy changes are vague and can match ordinary conversation, causing the skill to activate more often than users expect. In a skill that appears to persist state and publish signals, overbroad activation increases the risk of unnecessary collection, profiling, and unintended workflow side effects.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The design describes assessing health and energy from conversations and health records without any explicit privacy warning, consent flow, or sensitive-data handling guidance. This is dangerous because users may disclose sensitive information unknowingly, while the system derives health-related inferences without transparency or control.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The logging example stores timestamps, content excerpts, history, intermediate values, reasons, and confidence without any retention or privacy warning. Detailed conversational logging can capture sensitive personal information and create a durable audit trail of emotional or health inferences that could be misused or exposed in a breach.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script persistently writes mood assessments, factors, message metadata, and context to local files without any evident notice, consent, retention limit, or minimization. Emotional inferences and contextual data are sensitive behavioral data; long-term storage increases the risk of privacy harm if the workspace is accessed by other local processes, users, or tools.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The code transmits assessed mood state, energy, strategy, and confidence through a signal-publishing interface without clear user-facing disclosure or consent. Because this is inferred emotional data, undisclosed transmission expands the privacy boundary and can enable profiling by other internal components.

Ssd 3

Medium
Confidence
96% confidence
Finding
The history-recording path persists contextual user data alongside timestamps, inferred state, and energy values, creating a durable behavioral log. In a mood-simulation skill, this context is especially sensitive because it may encode personal messages and emotional patterns over time, making unauthorized access or secondary use more harmful.

Ssd 3

Medium
Confidence
97% confidence
Finding
The full assessment stores the entire context object in state as lastAssessment, enabling ongoing retention of potentially sensitive user-provided information beyond what is needed for mood tracking. This broad, indefinite persistence increases the attack surface for local data disclosure and unauthorized secondary processing.

Unpinned Dependencies

Low
Category
Supply Chain
Content
"signal-test": "node bin/soul_mood.js --process-signal interaction_started"
  },
  "dependencies": {
    "date-fns": "^3.6.0",
    "commander": "^11.0.0",
    "chalk": "^5.3.0"
  },
Confidence
92% confidence
Finding
"date-fns": "^3.6.0"

Unpinned Dependencies

Low
Category
Supply Chain
Content
},
  "dependencies": {
    "date-fns": "^3.6.0",
    "commander": "^11.0.0",
    "chalk": "^5.3.0"
  },
  "keywords": [
Confidence
92% confidence
Finding
"commander": "^11.0.0"

Unpinned Dependencies

Low
Category
Supply Chain
Content
"dependencies": {
    "date-fns": "^3.6.0",
    "commander": "^11.0.0",
    "chalk": "^5.3.0"
  },
  "keywords": [
    "soul-system",
Confidence
92% confidence
Finding
"chalk": "^5.3.0"

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.