ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Live Replay Analyzer

v1.0.0

(已验证) 根据客户和场次,自动生成详细的《直播复盘与成长规划报告》。

0· 88·0 current·0 all-time
byan@ahsbnb

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for ahsbnb/live-replay-analyzer.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Live Replay Analyzer" (ahsbnb/live-replay-analyzer) from ClawHub.
Skill page: https://clawhub.ai/ahsbnb/live-replay-analyzer
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install live-replay-analyzer

ClawHub CLI

Package manager switcher

npx clawhub@latest install live-replay-analyzer
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Functionality matches the stated purpose: analyzer.py reads input files, assembles a prompt and (optionally) calls a model to generate a report. Requiring an API key for a model call is reasonable. However, the registry metadata declared no required env vars/config, while SKILL.md and analyzer.py require a 'review_api_key' stored in ~/.openclaw/config.json — this is an inconsistency that should be explained by the author.
!
Instruction Scope
SKILL.md instructs the user to add an API key and (optionally) override the API URL in ~/.openclaw/config.json; analyzer.py reads exactly that file. The script sends the assembled prompt and user-provided input files (data.txt/profile.txt/script.txt) to the configured remote endpoint. That network transmission of potentially sensitive client data to an external third party is within the skill's runtime scope but may be unexpected to users. Additional mismatch: SKILL.md mentions profile.png as an alternative source, but analyzer.py only reads profile.txt (no image handling).
Install Mechanism
There is no external install/download; the skill is instruction + local Python script. It requires aiohttp/requests at runtime (SKILL.md lists them). No archive downloads or remote installers are used, so install risk is low.
!
Credentials
The skill requests a single API credential (review_api_key) and an optional review_api_url — which is proportionate to making model calls. But the credential is stored in a shared path (~/.openclaw/config.json) that may hold other secrets used by other skills; the registry metadata did not declare this config requirement or any required env vars, creating a transparency gap. Also the default review_api_url (https://api2.aigcbest.top) is a third‑party endpoint that may not be the provider the user expects.
Persistence & Privilege
The skill does not request 'always: true', does not modify other skills, and does not claim to persist or elevate privileges. Autonomous invocation is allowed by platform default but not in itself an additional red flag here.
What to consider before installing
Before installing/using this skill: 1) Be aware the script will read ~/.openclaw/config.json for a 'review_api_key' and will send your input files (data/profile/script) to the configured review_api_url — the default endpoint is api2.aigcbest.top (not an obvious mainstream provider). If you don't trust that endpoint, do not put secrets there. 2) Prefer creating a dedicated API key for this skill (not reuse high‑privilege keys) and limit its scope if possible. 3) Verify the skill source (the SKILL.md lists a placeholder GitHub URL). 4) If you must test, run it in an isolated environment or container and monitor outbound network calls. 5) Ask the author to: (a) declare the config requirement in registry metadata, (b) explain why the default endpoint was chosen and provide instructions for using a trusted LLM provider, and (c) fix the documentation mismatch (profile.png vs profile.txt).

Like a lobster shell, security has layers — review code before you run it.

latestvk9772nzekhdxwbp667d2v968m183mda5
88downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
an@ahsbnb
latest
Download

SKILL.md for live-replay-analyzer

Description

这是一个专业的直播复盘工具,它根据指定的客户名称和直播场次,自动读取相关的直播数据、用户画像和直播话术,生成一份详尽的《直播复盘与成长规划报告》。

该技能采用"AI 代理作为总调度 (Agent as Orchestrator)"的模式,由 AI 代理负责数据验证、脚本执行和最终报告交付。

Configuration

1. API 配置 (必需)

本技能需要配置一个用于生成报告的 API 密钥。请在 ~/.openclaw/config.json 中添加以下配置:

{
  "review_api_key": "YOUR_API_KEY",
  "review_api_url": "https://api2.aigcbest.top/v1/chat/completions"
}

review_api_url 是可选的,默认值为 https://api2.aigcbest.top/v1/chat/completions

2. 数据目录结构

本技能期望数据文件按照以下结构存放在 input/ 目录中:

input/
└── {客户名称}/
    └── {场次名称}/
        ├── data.txt          # 直播数据 (必需)
        ├── profile.txt       # 用户画像 (必需,或由 AI 从 profile.png 生成)
        └── script.txt        # 直播话术 (必需)

How to Use

Parameters

  • --client (必填): 客户名称,对应 input/{client}/ 目录。
  • --session (必填): 直播场次名称,对应 input/{client}/{session}/ 目录。
  • --call-model (可选): 添加此参数后,脚本会直接调用模型生成报告并保存到 output/ 目录;否则只输出提示词。

Example Invocation

模式 A:仅生成提示词 (由 AI 代理进行分析和交付)

# AI 应动态查找 python 路径
python path/to/analyzer.py --client "客户 A" --session "2026-03-26"

模式 B:直接生成报告文件

# AI 应动态查找 python 路径
python path/to/analyzer.py --client "客户 A" --session "2026-03-26" --call-model

Output

报告文件将保存在 output/{客户名称}/{场次名称}/ 目录下,文件名格式为:{客户名称}-{场次名称}_report_{时间戳}.md

Comments

Loading comments...