Skillv1.0.0

ClawScan security

Fall Detection & Analysis Skill | 跌倒检测分析技能 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewApr 15, 2026, 12:32 PM

Verdict: Review
Confidence: high
Model: gpt-5-mini
Summary: The skill claims simple image/video fall detection but its codebase reads/writes local files, creates a local DB, reads environment variables and calls external APIs (configured to third‑party domains), which is not fully reflected or justified in the SKILL.md — the pieces are inconsistent and deserve review before use.
Guidance: This skill is 'suspicious' because its runtime instructions and the actual code disagree about local data and configuration. Before installing or running it: - Do not provide sensitive credentials or personal identifiers (open-id) until you confirm who runs the remote API. The code will read OPENCLAW_SENDER_OPEN_ID, OPENCLAW_WORKSPACE and possibly other env vars even though 'required env vars' is empty. - Expect images/videos to be uploaded to remote APIs (base URLs are present in skills/smyx_common config pointing to lifeemergence domains). If you cannot trust those endpoints or need to keep media local, do not use it. - Inspect RequestUtil (skills/smyx_common/scripts/util.py) to see exact HTTP endpoints, headers and auth behavior. Confirm whether uploads are encrypted and where data is stored/retained server‑side. - The skill will create files and a local SQLite DB under the workspace data directory and save attachments; run it first in an isolated sandbox or container if you want to test safely. - Ask the skill author for: the canonical API host(s), data retention policy (how long reports/media are stored), whether any telemetry or analytics are sent, and a clear explanation why local DB/DAO code exists while SKILL.md forbids reading local memory. If you cannot get clear answers or do not want media sent externally or stored locally, avoid installing or run only in an isolated environment after code review.

Review Dimensions

Purpose & Capability: noteName/description: fall-detection image/video analysis. The repository includes the fall detection code but also a large shared 'smyx_common' library and a separate 'face_analysis' skill. Reusing shared code can be normal, but including unrelated face-analysis logic and a heavy common library (with DAO/SQLite and many utilities) is broader than the stated single-purpose skill. The presence of API base URLs in smyx_common config points to an external service (lifeemergence domains) required to actually run analysis — that is coherent with a cloud-backed analysis model but SKILL.md does not explicitly list or document those remote endpoints or permissions.
Instruction Scope: concernSKILL.md contains strict runtime rules (forbids reading local 'memory' files and LanceDB retrieval, mandates obtaining an 'open-id' in a specific order, and requires saving uploaded attachments under attachments/). The code, however, contains a local DAO/SQLite implementation, config loading that will create/read YAML config files under skills/smyx_common/scripts/, and routines that will save attachments and create a data DB under the workspace. The skill both forbids certain local memory reads yet includes code that creates/reads local config and DB files — this mismatch is concerning. The runtime instructions require calling python -m scripts.fall_detection_image which will perform network calls (RequestUtil/http_post) and may upload user-supplied images/videos to configured remote APIs.
Install Mechanism: noteNo install spec (instruction-only), so nothing is auto-downloaded at install time. However the repository contains requirements.txt for subcomponents and a large common requirements list; if the operator installs dependencies manually they are heavy and include many unrelated packages. No external archive or unknown URL installs were found.
Credentials: concernRegistry metadata says 'required env vars: none', but the code reads several environment variables (e.g., OPENCLAW_SENDER_OPEN_ID, OPENCLAW_SENDER_USERNAME, OPENCLAW_WORKSPACE, FEISHU_OPEN_ID) and also uses config YAML values (ApiEnum base URLs and API keys in skills/smyx_common/scripts/config.yaml). The SKILL.md mandates an 'open-id' but also instructs to read config files under skills/smyx_common/scripts/config.yaml or workspace config. This mismatch (no declared env vars yet code uses env/config) is disproportionate and ambiguous. The skill will send images/videos to remote API endpoints — that requires trust in those endpoints and in how API keys/open-id are handled.
Persistence & Privilege: concernThe code will create/read YAML config files and a local SQLite DB under a workspace 'data' directory and will save uploaded attachments into an attachments directory. Although the skill is not marked 'always: true', it has persistent local storage behavior (DB, config files, attachments) and will persist user-provided media and possibly metadata. The SKILL.md forbids using local memory for historical reports, yet the codebase contains DAO/database code and local storage behavior — this inconsistency raises a persistence/privacy concern.