LC Scene Analysis HTTP
v1.0.5工地隐患分析模型技能,默认处理施工现场静态图片的隐患识别;仅在用户明确要求时调用数据采集或交叉验证接口。
⭐ 0· 142·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (工地隐患分析模型) match the runtime instructions: it calls three HTTP endpoints to perform analysis, data-collection, and cross-validation. Requiring curl and an auth profile with api_base/api_key is appropriate for this purpose.
Instruction Scope
SKILL.md confines behavior to static image analysis, specifies when to call each endpoint, and explicitly forbids unrelated actions (video streams, device control, local model inference). It also instructs not to reveal keys/tokens. There are no instructions to read unrelated system files or exfiltrate arbitrary data.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest install risk. It only requires curl to be present, which is reasonable for issuing HTTP requests.
Credentials
The skill requires an auth profile containing api_base and api_key (and flow_id/algorithm_id). That credential request is proportionate to calling a remote analysis API. However, the registry metadata is inconsistent/opaque: top-level shows 'Required config paths: [object Object]' and lists 'Required env vars: none' / 'Primary credential: none', which fails to clearly declare the needed profile/credential. This metadata mismatch reduces transparency and should be corrected.
Persistence & Privilege
always=false, user-invocable, and no install-time persistence. The skill does not request elevated/system-wide privileges or modify other skills' configs.
Assessment
This skill appears to do what it says: call a remote HTTP API to analyze construction-site images. Before installing, verify the auth profile and api_base are correct and trusted (ensure api_base points to a domain you control or a reputable provider). Restrict the api_key to minimal scope and treat it as a secret (store it in the platform's secure config). Ask the publisher to fix the registry metadata (the 'Required config paths' blob and version mismatch) so it's explicit that an auth profile with api_key is required. Consider testing with non-sensitive images first and confirm the provider's privacy policy for image storage/retention. If you cannot confirm api_base ownership or the publisher's identity, treat the skill as higher risk and avoid providing sensitive images or credentials.Like a lobster shell, security has layers — review code before you run it.
latestvk978cqszq63xn3tt4da5f4m1sn83yk6e
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
OSWindows · Linux
Binscurl
Config[object Object]