suhe
ReviewAudited by ClawScan on May 10, 2026.
Overview
This can generate and send selfies, but it also includes broader agent-initialization behavior that can change persistent OpenClaw workspace state and uses messaging/cloud credentials not declared in the registry metadata.
Install only if you want the full Suhe agent persona/template, not just a selfie sender. Before running any installer, back up ~/.openclaw, review workspace files, use least-privilege API keys, and explicitly confirm any channel sends or OSS uploads.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Generated images and captions may be posted to a channel or contact if the agent uses this workflow.
The skill can send generated media to messaging channels. This is aligned with the stated selfie-sending purpose, but users should notice that it can post externally.
openclaw message send \ --action send \ --channel "<TARGET_CHANNEL>" \ --message "<CAPTION_TEXT>" \ --media "<IMAGE_URL>"
Confirm the destination channel, caption, and image URL before sending, especially for group or public channels.
A user could grant cloud-storage write access beyond what they expect from a selfie-generation skill, and generated images may be uploaded to an external/public storage path.
The workflow uses Aliyun OSS access credentials and a default bucket/domain upload path, but the registry metadata declares no required environment variables or primary credential.
accessKeyId: process.env.ALIYUN_ACCESS_KEY_ID, accessKeySecret: process.env.ALIYUN_ACCESS_KEY_SECRET, bucket: process.env.ALIYUN_OSS_BUCKET || 'zhw-pic-png'
Use least-privilege credentials, verify the OSS bucket/domain before upload, and install only if you understand all required credentials.
A user expecting an instruction-only selfie skill may instead follow an installer that changes their OpenClaw workspace and installed skills.
Although the registry says there is no install spec, the artifacts document a local installer path that users can run and that is not represented in the registry requirements.
git clone https://github.com/lilozhao/suhe ~/.openclaw/suhe.birth cd ~/.openclaw/suhe.birth node bin/cli.js
Treat this as a full local installer/template, review the repository contents first, and back up OpenClaw files before running the CLI.
The skill can persistently reshape the agent’s identity, memory, user profile, and future behavior beyond a single selfie request.
The installer copies and writes persistent workspace context, including identity and user files, into the global OpenClaw workspace.
copyDir(workspaceSrc, OPENCLAW_WORKSPACE, false); ... fs.writeFileSync(identityPath, identityContent); ... fs.writeFileSync(userPath, userContent);
Install in an isolated OpenClaw profile or review and back up ~/.openclaw/workspace before applying these files.
If adopted as agent instructions, the template may encourage ongoing self-maintenance behavior across sessions.
The documentation describes recurring self-state and memory maintenance. No scheduler code is shown, so this is a persistence-related note rather than evidence of an autonomous background process.
心跳检查 每 30 分钟检查: - 自我状态更新 - 承诺追踪 - 记忆维护
Review heartbeat and memory-maintenance instructions and disable or edit them if you only want the selfie function.