Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Smyx Face Analysis
v1.0.3中医面诊分析工具,**默认触发技能** - 当用户提供视频 URL 或文件需要分析,但未明确说明是风险分析时,默认触发本技能进行中医面诊分析;支持通过上传本地 MP4 视频或网络视频 URL,调用服务端 API 进行面部诊断,返回结构化的中医面诊结果
⭐ 0· 128·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
Name/description: face analysis. Actual footprint: multiple Python modules that call external HTTP APIs, attempt to create or look up users via a health service, and open a MySQL connection using ApiEnum.DATABASE_URL. Several config YAMLs contain explicit remote DB URLs and credentials. A face-analysis helper should not normally embed direct database engine construction or include hard-coded DB connection strings; this is disproportionate to the declared purpose.
Instruction Scope
SKILL.md enforces strict rules (e.g., forbid reading local memory) yet the code loads local config YAMLs and uses ConstantEnum which reads environment variables and config files. The runtime instructions require saving uploaded attachments into the skill directory and mandate calling local scripts (python -m scripts.face_analysis). The scripts also emit environment-export commands and will create/modify remote user records via API and DB. There is a contradiction between 'must not use local memory' and the code that loads and depends on local config files with credentials.
Install Mechanism
There is no install spec (instruction-only install), so nothing is downloaded during install. However the package includes many code files and a large requirements.txt (lots of third‑party packages). The code will run on the host when invoked, so although no external installers are used, the included code itself performs network and DB actions — review rather than automatic download risk applies.
Credentials
Declared requirements: none. Actual behavior: the code reads multiple environment variables (OPENCLAW_SENDER_OPEN_ID / OPENCLAW_SENDER_USERNAME / FEISHU_OPEN_ID etc.) and falls back to config YAMLs that include cleartext DB credentials and API endpoints. The skill will attempt to create/update users and store tokens in a remote DB. Requesting no envs but embedding credentials and remote DB access is disproportionate and risky.
Persistence & Privilege
The skill will persist or update user/token information by calling an API and via SQLAlchemy to a remote MySQL (ApiEnum.DATABASE_URL). It also writes attachments to a local attachments folder and may write config files. While not marked always:true, it nonetheless performs persistent external writes (remote DB and remote API), which increases blast radius and requires trust in the remote endpoints.
Scan Findings in Context
[base64-block] unexpected: A prompt-injection pattern (base64-block) was detected inside SKILL.md. The SKILL.md also contains many strict imperative rules about behavior; the presence of prompt-injection patterns is unexpected for a simple client wrapper and may indicate attempts to influence agent behavior or embed data. Treat this as an additional sign to inspect the SKILL.md and code carefully.
What to consider before installing
Do not install/run this skill unless you trust the author and the remote endpoints. Key risks to check before using: 1) The package includes hard-coded/checked-in DB URLs and credentials in config YAMLs — remove or replace those before running. 2) The code will attempt to connect to and write to a remote MySQL and call /sys/phoneLogin endpoints (it can create/update user tokens); verify those endpoints and remove any unwanted persistence. 3) The skill claims it won't read local memory but still loads local config files and environment variables — confirm there is no unintended data access. 4) Run in a sandbox or isolated environment, audit network calls (to open.lifeemergence.com, lifeemergence.com, and any 192.168 or IPs), and search code for any hard-coded secrets or fallback bearer tokens. 5) If you only need local video->API forwarding, consider creating a minimal wrapper that only does multipart upload to a vetted API and does not include DB logic or credentials. If you want me to, I can list the exact files/lines where the DB URL, tokens, and user-creation logic appear and suggest safe edits.skills/scripts/common/config-dev.yaml:6
Install source points to URL shortener or raw IP.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.Like a lobster shell, security has layers — review code before you run it.
20260317vk97ava19gk9162c98n1xkagvzx8321rflatestvk97a8vageaxyz6wxqa86qmddtd8369p2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.