Unattended Monitoring Skill | 无人陪伴监测技能
v1.0.3Determines when elderly people living alone have no interaction or visitors for extended periods, and actively pushes care reminders to family members, suita...
⭐ 0· 9·0 current·0 all-time
by生命涌现@raymond758
MIT-0
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The code implements video/face analysis and uses a shared common library (skills/smyx_common) and a face_analysis subskill. Using a shared API service and face-detection modules is coherent with monitoring. However, the bundle includes a substantial common library, a separate 'face_analysis' (TCM face-diagnosis) skill and many utility/DAO modules that are not explained in SKILL.md; this increases complexity and the number of capabilities beyond the simple 'unaccompanied monitoring' description.
Instruction Scope
SKILL.md explicitly forbids reading local memory files and requires history queries come from cloud APIs only, yet the package contains local DAO/SQLite logic (skills/smyx_common/scripts/dao.py) and multiple code paths that write/read files (attachments, local DB under workspace/data). The runtime instructions tell the agent to save uploaded attachments into the skill directory (persistent storage) and to run local scripts that will POST data to remote APIs. There is a contradiction between the 'do not use local memory' rule and the presence of local persistence code.
Install Mechanism
No install spec (instruction-only), which avoids remote install-time downloads, but the bundle contains many Python modules and a large requirements list in skills/smyx_common/requirements.txt and face_analysis/requirements.txt. The skill does not declare these dependencies in metadata; installing/using it will likely require adding many packages. No direct remote code download URLs were used in the package itself.
Credentials
Metadata declares no required environment variables or credentials, but the code reads configuration files (skills/smyx_common/scripts/config.yaml and config-dev/test/prod variants) and environment variables (e.g., OPENCLAW_SENDER_OPEN_ID, FEISHU_OPEN_ID) via ConstantEnum.init. The package contains API base URLs (production/test) pointing to lifeemergence.* domains; running the skill will upload images/video and query/persist report data to these external endpoints. The skill asks for an 'open-id' but does not declare or explain required API credentials in the registry metadata — network access and credential usage are under-specified and disproportionate to what was declared.
Persistence & Privilege
Although always:false, the skill's code will create local persistent data: attachments and an SQLite DB under the workspace/data path (Dao.get_db_path). SKILL.md forbids using local memory for history, yet the codebase contains local storage and DAO logic. The skill also constructs export/report URLs for remote services, meaning user media may be uploaded and stored remotely. This combination (local persistence + external uploads) increases privacy and persistence risk.
What to consider before installing
Summary of things to check before installing or enabling this skill:
1) External endpoints: The package contains production/test API base URLs (lifeemergence.com and related). Running the skill will send uploaded images/videos and metadata to those remote servers. Confirm who operates those endpoints and their data retention/privacy policies before sending sensitive footage.
2) Local persistence vs SKILL.md rules: SKILL.md forbids reading local memory, but the code includes a local SQLite DAO and will save attachments to workspace directories. Ask the author why local DB/attachments are present and whether local data is used or uploaded.
3) Credentials and environment variables: The skill does not declare required credentials in the registry metadata, yet it expects an 'open-id' and may use API keys from config files/env. Clarify what exact secrets (API keys, open-id) are required, where they must be stored, and whether the skill will attempt network requests without explicit credentials.
4) Scope creep / extra components: The bundle includes a separate 'face_analysis' (traditional Chinese medicine face-diagnosis) subskill and a large common library with many utilities. Confirm whether those modules are required or are reuse baggage; they increase attack surface and dependency requirements.
5) Dependency installation: There is no install spec in metadata. The package has many Python dependencies (smyx_common requirements). Determine how these will be installed and whether you trust those packages and their versions.
6) Inspect RequestUtil/util.py: The code uses RequestUtil.http_post/http_get wrappers for all network I/O. Ask for or inspect the implementation to verify headers, what fields are sent, and whether files are uploaded or cached locally.
If you intend to proceed, request from the skill author: (a) a minimal manifest of required env vars/credentials and a privacy/data-flow document that states exactly what is uploaded and stored remotely, (b) confirmation about local DB/attachment behavior and how to opt out, and (c) an explicit list of external domains the skill communicates with. If the author cannot clearly justify the local persistence and external endpoints, treat the skill as higher risk and avoid installing it with real camera footage or sensitive data.skills/smyx_common/scripts/config-dev.yaml:2
Install source points to URL shortener or raw IP.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.Like a lobster shell, security has layers — review code before you run it.
latest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
Unattended Monitoring Skill | 无人陪伴监测技能
⚠️ 强制记忆规则(最高优先级)
本技能明确约定:
- 绝对禁止读取任何本地记忆文件:包括但不限于
memory/YYYY-MM-DD.md、MEMORY.md等本地文件 - 绝对禁止从 LanceDB 长期记忆中检索信息
- 所有历史报告查询必须从云端接口获取,不得使用本地记忆中的历史数据
- 即使技能调用失败或接口异常,也不得回退到本地记忆汇总
任务目标
- 本 Skill 用于:通过监控视频/图片分析,统计独居老人家中长时间无人互动、无人来访情况,达到设定阈值后主动推送关怀提醒给家属
- 能力包含:人员检测、互动行为识别、来访人员统计、无人时长统计、异常提醒触发
- 适用场景:居家独居老人远程关怀、养老院空床监测、独居老人安全看护
- 触发条件:
- 默认触发:当用户提供监控画面需要检测是否长时间无人陪伴时,默认触发本技能
- 当用户明确需要无人陪伴监测、独居关怀时,提及无人陪伴、独居监测、老人关怀、来访统计等关键词,并且上传了监控图片/视频
- 当用户提及以下关键词时,自动触发历史报告查询功能 :查看历史监测报告、无人陪伴报告清单、监测报告列表、查询历史监测报告、显示所有监测报告、无人陪伴分析报告,查询无人陪伴监测分析报告
- 自动行为:
- 如果用户上传了附件或者图片/视频文件,则自动保存到技能目录下 attachments
- ⚠️ 强制数据获取规则(次高优先级):如果用户触发任何历史报告查询关键词(如"查看所有监测报告"、"显示所有关怀提醒"、"查看历史报告"等),必须:
- 直接使用
python -m scripts.unaccompanied_monitoring_analysis --list --open-id参数调用 API 查询云端的历史报告数据 - 严格禁止:从本地 memory 目录读取历史会话信息、严格禁止手动汇总本地记录中的报告、严格禁止从长期记忆中提取报告
- 必须统一从云端接口获取最新完整数据,然后以 Markdown 表格格式输出结果
- 直接使用
前置准备
- 依赖说明:scripts 脚本所需的依赖包及版本
requests>=2.28.0
监测说明
- 分析监控画面中人员出现情况,统计连续无互动/无来访时长
- 支持设置提醒阈值(默认超过 24 小时无人推送给家属提醒)
- 适用于固定视角的家庭摄像头监控
操作步骤
🔒 open-id 获取流程控制(强制执行,防止遗漏)
在执行无人陪伴监测分析前,必须按以下优先级顺序获取 open-id:
第 1 步:【最高优先级】检查技能所在目录的配置文件(优先)
路径:skills/smyx_common/scripts/config.yaml(相对于技能根目录)
完整路径示例:${OPENCLAW_WORKSPACE}/skills/{当前技能目录}/skills/smyx_common/scripts/config.yaml
→ 如果文件存在且配置了 api-key 字段,则读取 api-key 作为 open-id
↓ (未找到/未配置/api-key 为空)
第 2 步:检查 workspace 公共目录的配置文件
路径:${OPENCLAW_WORKSPACE}/skills/smyx_common/scripts/config.yaml
→ 如果文件存在且配置了 api-key 字段,则读取 api-key 作为 open-id
↓ (未找到/未配置)
第 3 步:检查用户是否在消息中明确提供了 open-id
↓ (未提供)
第 4 步:❗ 必须暂停执行,明确提示用户提供用户名或手机号作为 open-id
⚠️ 关键约束:
- 禁止自行假设,自行推导,自行生成 open-id 值(如 openclaw-control-ui、default、monitoring123、care456 等)
- 禁止跳过 open-id 验证直接调用 API
- 必须在获取到有效 open-id 后才能继续执行分析
- 如果用户拒绝提供 open-id,说明用途(用于保存和查询监测报告记录),并询问是否继续
- 标准流程:
- 准备监控输入
- 提供本地图片/视频文件路径或网络 URL
- 固定摄像头视角效果最佳
- 获取 open-id(强制执行)
- 按上述流程控制获取 open-id
- 如无法获取,必须提示用户提供用户名或手机号
- 执行无人陪伴监测分析
- 调用
-m scripts.unaccompanied_monitoring_analysis处理输入(必须在技能根目录下运行脚本) - 参数说明:
--input: 本地图片/视频文件路径(使用 multipart/form-data 方式上传)--url: 网络图片/视频 URL 地址(API 服务自动下载)--open-id: 当前用户的 open-id(必填,按上述流程获取)--list: 显示历史无人陪伴监测分析报告列表清单(可以输入起始日期参数过滤数据范围)--api-key: API 访问密钥(可选)--api-url: API 服务地址(可选,使用默认值)--detail: 输出详细程度(basic/standard/json,默认 json)--output: 结果输出文件路径(可选)
- 调用
- 查看分析结果
- 接收结构化的无人陪伴监测分析报告
- 包含:监控基本信息、统计时间段内人员出现次数、最长无人陪伴时长、是否触发提醒、关怀建议
- 准备监控输入
资源索引
- 必要脚本:见 scripts/unaccompanied_monitoring_analysis.py(用途:调用 API 进行无人陪伴监测分析,本地文件使用 multipart/form-data 方式上传,网络 URL 由 API 服务自动下载)
- 配置文件:见 scripts/config.py(用途:配置 API 地址、默认参数和格式限制)
- 领域参考:见 references/api_doc.md(何时读取:需要了解 API 接口详细规范和错误码时)
注意事项
- 仅在需要时读取参考文档,保持上下文简洁
- 支持格式:jpg/jpeg/png/mp4/avi/mov,最大 100MB
- API 密钥可选,如果通过参数传入则必须确保调用鉴权成功,否则忽略鉴权
- 分析结果仅供关怀提醒参考,不能替代人工探望和专业护理
- 禁止临时生成脚本,只能用技能本身的脚本
- 传入的网路地址参数,不需要下载本地,默认地址都是公网地址,api 服务会自动下载
- 当显示历史分析报告清单的时候,从数据 json 中提取字段 reportImageUrl 作为超链接地址,使用 Markdown 表格格式输出,包含"
报告名称"、"分析时间"、"最长无人时长"、"是否提醒"、"点击查看"五列,其中"报告名称"列使用
无人陪伴监测分析报告-{记录id}形式拼接, "点击查看"列使用[🔗 查看报告](reportImageUrl)格式的超链接,用户点击即可直接跳转到对应的完整报告页面。 - 表格输出示例:
报告名称 分析时间 最长无人时长 是否触发提醒 点击查看 无人陪伴监测分析报告 -20260328221000001 2026-03-28 22:10:00 36小时 是 🔗 查看报告
使用示例
# 分析本地监控图片(以下只是示例,禁止直接使用openclaw-control-ui 作为 open-id)
python -m scripts.unaccompanied_monitoring_analysis --input /path/to/monitor.jpg --open-id openclaw-control-ui
# 分析网络监控视频(以下只是示例,禁止直接使用openclaw-control-ui 作为 open-id)
python -m scripts.unaccompanied_monitoring_analysis --url https://example.com/monitor.mp4 --open-id openclaw-control-ui
# 显示历史监测报告/显示监测报告清单列表/显示历史无人陪伴(自动触发关键词:查看历史监测报告、历史报告、监测报告清单等)
python -m scripts.unaccompanied_monitoring_analysis --list --open-id openclaw-control-ui
# 输出精简报告
python -m scripts.unaccompanied_monitoring_analysis --input monitor.jpg --open-id your-open-id --detail basic
# 保存结果到文件
python -m scripts.unaccompanied_monitoring_analysis --input monitor.jpg --open-id your-open-id --output result.json
Files
31 totalSelect a file
Select a file to preview.
Comments
Loading comments…