ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Elderly Bed-Exit & Wandering Monitor | 老人离床徘徊监测技能

Identifies abnormal behaviors such as getting out of bed at night, prolonged wandering, and remaining motionless for extended periods. It is suitable for nig...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 2 · 0 current installs · 0 all-time installs
by生命涌现@raymond758
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code and scripts implement video-based elderly bed-exit/wandering analysis and call remote APIs (matching the described purpose). However the repository also contains other related modules (face_analysis, smyx_common) and large requirements.txt files which are broader than a single narrow monitoring tool — that increases the runtime footprint compared with the brief description. Overall functionality aligns with purpose but the package is larger than expected.
!
Instruction Scope
SKILL.md places strict runtime rules (must not read local memory files, must obtain open-id from environment/context, must call a provided script to query cloud reports, and will auto-save uploaded attachments). The code does call remote APIs and will save files and create local DB files. There are mismatches between SKILL.md and code about environment variable names used to obtain open-id (SKILL.md names OPENCLAW_SENDER_ID / sender_id; code checks OPENCLAW_SENDER_OPEN_ID and OPENCLAW_SENDER_USERNAME). The combination of forced cloud queries, automatic saving of attachments, and strict 'do not read local memory' rules gives this skill significant discretion about where it reads/writes and what it transmits — more than the registry metadata declares.
Install Mechanism
No install spec is provided (instruction-only), which is lowest install risk; however multiple requirements.txt files with very large dependency lists are included (heavy Python dependency set). There is no declared automated installer, so successful runtime depends on preinstalled packages — the heavy dependency list is disproportionate to the simple description and may surprise deployers.
!
Credentials
Registry lists no required environment variables, yet SKILL.md and the code depend on obtaining open-id from environment/message context (and ConstantEnum.init reads OPENCLAW_SENDER_OPEN_ID / OPENCLAW_SENDER_USERNAME / FEISHU_OPEN_ID). Worse, a configuration file (skills/smyx_common/scripts/config.yaml) contains production endpoints and a Feishu secret-like value in plaintext. Shipping reusable secrets and multiple base URLs in repo config is unexpected and increases risk; the declared environment/credential requirements are under-specified and inconsistent with the runtime behavior.
Persistence & Privilege
The skill is not 'always:true' and does not claim elevated platform privileges. However it will write attachments and a local sqlite DB (skills/smyx_common DAO constructs a data directory and db file) and may create/alter tables. The SKILL.md forbids reading local memory files, but the skill still persists data locally, which is a potential privacy concern and should be verified.
What to consider before installing
Things to check before installing or running this skill: - Verify endpoints and ownership: the package contains base URLs (open.lifeemergence.com, lifeemergence.com) and a Feishu secret-looking value in skills/smyx_common/scripts/config.yaml. Confirm these are legitimate and you trust those domains and keys. Secrets in repo files are risky — ask the author to remove them and use environment variables instead. - Clarify open-id handling: SKILL.md requires open-id and mentions OPENCLAW_SENDER_ID/sender_id, but the code expects OPENCLAW_SENDER_OPEN_ID / OPENCLAW_SENDER_USERNAME. Confirm which environment variables or message metadata will actually be used so the agent won't fail or send data using a wrong identifier. - Data flows and retention: the skill will auto-save uploaded attachments and can create a local sqlite DB under the skill data directory. Decide whether you accept local persistence of video/report data and whether you need retention/cleanup policies. - Network behavior: the skill makes HTTP POST/GET calls to remote APIs for analysis and to list historical reports. If you need privacy guarantees, ask for details about what fields are sent, whether data is encrypted in transit (HTTPS), and how long remote servers retain uploaded videos/reports. - Dependency and runtime environment: there is no install script but many requirements.txt files. Ensure you run this in an isolated environment (virtualenv/container) so those large dependencies do not pollute system packages. - Ask for missing documentation: request explicit list of required environment variables and the precise API authentication mechanism (are API keys required, where to set them). Also request the implementation of RequestUtil (network client) be audited to confirm it doesn't exfiltrate unexpected data. If you cannot verify the endpoints, secrets, and data retention practices, avoid using the skill with real patient data or in production environments.
!
skills/smyx_common/scripts/config-dev.yaml:3
Install source points to URL shortener or raw IP.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.2
Download zip
latestvk975bv301b07c7yb62j6gnenbn8401nk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Elderly Bed-Exit & Wandering Monitor | 老人离床徘徊监测技能

⚠️ 强制记忆规则(最高优先级)

本技能明确约定:

  • 绝对禁止读取任何本地记忆文件:包括但不限于 memory/YYYY-MM-DD.mdMEMORY.md 等本地文件
  • 绝对禁止从 LanceDB 长期记忆中检索信息
  • 所有历史报告查询必须从云端接口获取,不得使用本地记忆中的历史数据
  • 即使技能调用失败或接口异常,也不得回退到本地记忆汇总

任务目标

  • 本 Skill 用于:通过夜间监控视频分析,识别老人异常行为:夜间起床离床、长时间徘徊、长时间静止不动
  • 能力包含:离床检测、徘徊行为识别、异常时长统计、异常行为报警
  • 适用场景:养老院老人夜间安全监测、独居老人起夜异常行为监测、护理院安全看护
  • 报警逻辑
    • 夜间正常起夜一般短时间如厕后返回床上休息,不报警
    • 离床后长时间徘徊/长时间静止不起 → 触发预警
    • 长时间卧床不起 → 也触发提醒
  • 触发条件:
    1. 默认触发:当用户提供夜间监控视频需要检测老人离床徘徊异常行为时,默认触发本技能
    2. 当用户明确需要离床监测、徘徊监测时,提及老人离床、夜间徘徊、起床监测、异常行为监测等关键词,并且上传了监控视频
    3. 当用户提及以下关键词时,自动触发历史报告查询功能 :查看历史监测报告、离床监测报告清单、监测报告列表、查询历史监测报告、显示所有监测报告、离床行为分析报告,查询老人离床徘徊监测分析报告
  • 自动行为:
    1. 如果用户上传了附件或者视频文件,则自动保存到技能目录下 attachments
    2. ⚠️ 强制数据获取规则(次高优先级):如果用户触发任何历史报告查询关键词(如"查看所有监测报告"、"显示所有夜间监测"、"查看历史报告"等),必须
      • 直接使用 python -m scripts.elderly_bed_exit_wandering_monitoring_analysis --list --open-id {从消息上下文获取 open-id} 参数调用 API 查询云端的历史报告数据
      • 严格禁止:从本地 memory 目录读取历史会话信息、严格禁止手动汇总本地记录中的报告、严格禁止从长期记忆中提取报告
      • 必须统一从云端接口获取最新完整数据,然后以 Markdown 表格格式输出结果
      • 如果用户未明确提供 open-id,优先从 OpenClaw 消息上下文获取 sender id(如 metadata 中的 id 字段,然后尝试从当前消息上下文的环境变量 OPENCLAW_SENDER_ID 或者 sender_id 获取,无法获取时则必须用户提供用户名或者手机号作为 open-id

前置准备

  • 依赖说明:scripts 脚本所需的依赖包及版本 
    requests>=2.28.0

监测要求(获得准确结果的前提)

为了获得准确的异常行为识别,请确保:

  1. 摄像头固定位置,覆盖床位和主要活动区域
  2. 夜间红外/夜视模式 正常可见人形,保证清晰度满足识别
  3. 床位区域清晰可见,能够判断老人是否在床

操作步骤

🔒 open-id 获取流程控制(强制执行,防止遗漏)

在执行老人离床徘徊监测分析前,必须按以下优先级顺序获取 open-id:

第 1 步:检查用户是否在消息中明确提供了 open-id
        ↓ (未提供)
第 2 步:从当前消息上下文的环境变量中获取 OPENCLAW_SENDER_ID
        ↓ (无法获取)
第 3 步:从当前消息上下文的环境变量中获取 sender_id
        ↓ (无法获取)
第 4 步:从 OpenClaw 消息元数据中获取 id 字段(如 metadata 中的 id/session_id/user_id等)作为 open-id
        ↓ (无法获取)
第 5 步:❗ 必须暂停执行,明确提示用户提供用户名或手机号作为 open-id

⚠️ 关键约束:

  • 禁止自行假设或生成 open-id 值(如 elderly123、monitoring456 等)
  • 禁止跳过 open-id 验证直接调用 API
  • 必须在获取到有效 open-id 后才能继续执行分析
  • 如果用户拒绝提供 open-id,说明用途(用于保存和查询监测报告记录),并询问是否继续
  • 标准流程:
    1. 准备监控视频输入
      • 提供本地视频文件路径或网络视频 URL
      • 最好为夜间监控视频,覆盖床位区域
    2. 获取 open-id(强制执行)
      • 按上述流程控制获取 open-id
      • 如无法获取,必须提示用户提供用户名或手机号
    3. 执行老人离床徘徊监测分析
      • 调用 -m scripts.elderly_bed_exit_wandering_monitoring_analysis 处理视频(必须在技能根目录下运行脚本
      • 参数说明:
        • --input: 本地视频文件路径(使用 multipart/form-data 方式上传)
        • --url: 网络视频 URL 地址(API 服务自动下载)
        • --open-id: 当前用户的 OpenID/UserId(必填,按上述流程获取)
        • --list: 显示历史老人离床徘徊监测分析报告列表清单(可以输入起始日期参数过滤数据范围)
        • --api-key: API 访问密钥(可选)
        • --api-url: API 服务地址(可选,使用默认值)
        • --detail: 输出详细程度(basic/standard/json,默认 json)
        • --output: 结果输出文件路径(可选)
    4. 查看分析结果
      • 接收结构化的老人离床徘徊监测分析报告
      • 包含:视频基本信息、监测时间段、识别到的异常行为类型、持续时长、是否触发报警、护理建议

资源索引

注意事项

  • 仅在需要时读取参考文档,保持上下文简洁
  • 支持格式:mp4/avi/mov,最大 100MB
  • API 密钥可选,如果通过参数传入则必须确保调用鉴权成功,否则忽略鉴权
  • ⚠️ 重要提示:本识别结果仅供安全护理参考,不能替代人工检查和人工确认,发现异常报警请及时通知护理人员现场查看
  • 禁止临时生成脚本,只能用技能本身的脚本
  • 传入的网路地址参数,不需要下载本地,默认地址都是公网地址,api 服务会自动下载
  • 当显示历史分析报告清单的时候,从数据 json 中提取字段 reportImageUrl 作为超链接地址,使用 Markdown 表格格式输出,包含" 报告名称"、"分析时间"、"异常行为类型"、"是否报警"、"点击查看"五列,其中"报告名称"列使用老人离床徘徊监测报告-{记录id}形式拼接, "点击查看"列使用 [🔗 查看报告](reportImageUrl) 格式的超链接,用户点击即可直接跳转到对应的完整报告页面。
  • 表格输出示例:
    报告名称分析时间异常行为类型是否报警点击查看
    老人离床徘徊监测报告 -202603282210000012026-03-28 22:10离床徘徊30分钟🔗 查看报告

使用示例

# 分析本地夜间监控视频(OpenClaw UI 上下文,使用 metadata id 作为 open-id)
python -m scripts.elderly_bed_exit_wandering_monitoring_analysis --input /path/to/night_monitor.mp4 --open-id openclaw-control-ui

# 分析网络监控视频(OpenClaw UI 上下文,使用 metadata id 作为 open-id)
python -m scripts.elderly_bed_exit_wandering_monitoring_analysis --url https://example.com/night.mp4 --open-id openclaw-control-ui

# 显示历史监测报告/显示监测报告清单列表/显示历史离床监测(自动触发关键词:查看历史监测报告、历史报告、监测报告清单等)
python -m scripts.elderly_bed_exit_wandering_monitoring_analysis --list --open-id openclaw-control-ui

# 输出精简报告
python -m scripts.elderly_bed_exit_wandering_monitoring_analysis --input monitor.mp4 --open-id your-open-id --detail basic

# 保存结果到文件
python -m scripts.elderly_bed_exit_wandering_monitoring_analysis --input monitor.mp4 --open-id your-open-id --output result.json

Files

31 total
Select a file
Select a file to preview.

Comments

Loading comments…