ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Contactless Health Risk Screening Tool | 非接触式健康风险检测分析工具

v1.0.2

Combines frontal facial image capture with multimodal physiological feature analysis to provide early risk screening and alerts for chronic and acute conditi...

0· 50·1 current·1 all-time
by生命涌现@raymond758
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The code, modules, and CLI align with a contactless face-analysis health screening tool (face_analysis + smyx_common libraries). However the package includes many unrelated/large dependency lists and config files that embed external service endpoints and credentials (see smyx_common config). Those embedded network endpoints and DB configs are not declared in SKILL.md as required credentials, which is unexpected for a simple 'instruction-only' skill.
!
Instruction Scope
SKILL.md insists on strict runtime behaviors (forbid reading local memory, require cloud-only history queries, auto-save uploaded attachments to a skill attachments directory, mandatory open-id resolution order). The code implements API calls and local persistence (saving attachments/data directories, SQLite DAO) and expects open-id via environment or arguments — but the SKILL.md and code use different environment variable names (SKILL.md mentions OPENCLAW_SENDER_ID/sender_id; code reads OPENCLAW_SENDER_OPEN_ID and OPENCLAW_SENDER_USERNAME). The forced prohibition against reading local memory is unusual for an embedded skill and could be an attempt to hide fallback behavior; verify that the code actually obeys this (no code paths reading arbitrary 'memory' files).
Install Mechanism
There is no install spec (instruction-only on registry), so nothing is automatically downloaded by the platform. However the repo contains multiple large requirements.txt files listing many dependencies (heavy Python ecosystem) which implies that to run the skill someone would install many packages. That is not executed by the registry, but be aware of the large dependency footprint if you run it locally.
!
Credentials
The skill declares no required env vars, but repo config files embed external API base URLs and secrets (e.g., skills/smyx_common/scripts/config.yaml contains FEISHU_APP__SECRET and other identifiers; dev/test configs contain DB URLs with credentials). The presence of embedded secrets and base URLs means the skill will call external services without explicit credentials declared at install time — a privacy and security concern given the sensitive nature of face images and health-related outputs.
Persistence & Privilege
The code writes/reads local files: it will save uploaded attachments to a local attachments directory and uses a local SQLite DB via the Dao layer (creates files under a data/ directory). The skill does not request 'always: true' and doesn't modify other skills, but it does create persistent local artifacts and a DB which you should audit and consider when granting the skill runtime access.
What to consider before installing
Key things to check before installing or running this skill: - Network endpoints & privacy: The skill will send images/URLs and user identifiers to external APIs. Inspect and verify the target base URLs (configs point to lifeemergence.com / open.lifeemergence.com and test/dev hosts). Do not run if you don't trust those hosts. - Embedded secrets & configs: The repository includes config files with embedded values (e.g., FEISHU_APP__SECRET and DB URLs in smyx_common configs). Treat these as sensitive and either remove/rotate them or require environment-supplied credentials instead. - Data persistence: The skill will save uploaded attachments and creates a local SQLite database under the skill's data directory. If you need to avoid local storage of images, do not enable automatic saving or run in an isolated environment. - open-id handling mismatch: SKILL.md expects OPENCLAW_SENDER_ID or sender_id; the code reads OPENCLAW_SENDER_OPEN_ID and OPENCLAW_SENDER_USERNAME. Confirm which env var will actually be used in your runtime or require the user to supply --open-id explicitly. - Local memory prohibition: The SKILL.md forbids reading local memory files. This is unusual — audit the code for any file reads besides the attachments/data files to ensure it doesn't access unexpected local files. - Consent & legal: Because this processes facial images and health inferences, ensure you have user consent and that using remote services complies with applicable privacy and medical-device regulations. - Least privilege: Run the skill in an isolated environment (container or VM) if you must test; restrict network access if you want to prevent exfiltration of images until you’ve validated the endpoints and removed embedded secrets. If you cannot confirm the destination APIs, remove or sanitize embedded secrets, and verify how attachments and the DB are stored and retained, treat the skill as potentially risky and do not install it into a production or high-privilege agent.
!
skills/smyx_common/scripts/config-dev.yaml:3
Install source points to URL shortener or raw IP.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

latestvk975d8k7jdjsbhjnew0zsgxens8404qd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments