Local Auto Emoji
阿狸的专属表情系统 - 根据情绪自动发送表情,支持头像生成、增量更新、图文混排
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 0 · 19 · 0 current installs · 0 all-time installs
byDeric@wdkmail
MIT-0
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to generate emojis via Qwen-Image (DashScope) which legitimately requires an image-generation client and usually credentials, but the registry metadata declares no required env vars or credentials. The code imports a QwenImageGenerator from a projects/getemoji path outside the skill directory (sys.path insertion to ../../../../projects/getemoji). Relying on another workspace project and a cloud image API without declaring those dependencies/credentials is disproportionate to the simple 'local-auto-emoji' description and is an incoherence.
Instruction Scope
SKILL.md omits concrete setup for the external image API and does not explain where API keys/config should go. The code reads/writes local state (assets/public, config/*.json), copies uploaded avatars into skill folders, and will import and execute code from an external 'projects/getemoji' location — that import could run arbitrary module code. The SKILL.md does not warn that imports may execute external code or that local files will be created/modified.
Install Mechanism
There is no install spec (instruction-only), which is low-risk by itself, but generate_emojis.py expects a separate GetEmoji project present at a relative 'projects/getemoji' path and prints a message to pip-install 'dashscope' if import fails. Because the skill does not vendor or declare how to obtain this dependency, runtime may attempt to import/execute third-party code or prompt the operator to pip install packages. Missing an explicit, trusted install source is a moderate concern.
Credentials
The skill requires no env vars in metadata, yet it uses an external image generation API (qwen-image-2.0 / DashScope) that almost certainly needs credentials, and it relies on a GetEmoji project whose config file (projects/getemoji/config/image_model.json) likely contains API settings. The absence of declared credentials (API_KEY, DASHSCOPE_KEY, etc.) is a mismatch and could lead to secrets being placed in unexpected files or the skill prompting for credentials at runtime.
Persistence & Privilege
The skill does not request always:true and appears to confine file writes to its own skill directory (assets/public, config). It does create directories and write index/user_settings/emotion logs under its skill path, which is normal for a local stateful skill and not an elevated privilege by itself. It does, however, reference and import code outside its own directory (projects/getemoji), which is a different risk vector but not an 'always' privilege issue.
What to consider before installing
This skill's functionality (analyze messages, generate emoji images, and send them) matches its description, but there are important inconsistencies to address before installing: 1) The image-generation code imports a QwenImageGenerator from a separate workspace project (projects/getemoji) and suggests installing a dashscope package — inspect that external project and any config (projects/getemoji/config/image_model.json) for secrets or unexpected behavior. 2) The skill mentions using Qwen-Image (DashScope) but the metadata declares no API keys; verify where you must provide credentials and prefer storing them in a secure, declared environment variable (and not in plaintext config files inside the workspace). 3) Because the code adds an external path to sys.path and will import that project, it can execute arbitrary code from outside the skill; only enable this skill in a trusted, sandboxed environment after reviewing the external project and the Qwen client. If you want to proceed, ask the author for: (a) explicit install steps (what to pip install or what project to add), (b) which env vars or config files are required for the Qwen/DashScope client, and (c) a copy of the external 'projects/getemoji' code or a vendored, versioned dependency so you can review it. If you cannot verify those, run the skill in an isolated environment and do not provide sensitive credentials.Like a lobster shell, security has layers — review code before you run it.
Current versionv1.0.0
Download ziplatest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
local-auto-emoji Skill
阿狸的情绪化表情自动发送系统。根据对话内容自动判断情绪,发送对应的专属表情包。
Features
- ✅ 情绪自动触发:根据关键词、外部因素、历史惯性判断情绪
- ✅ 头像生成:首次使用索取头像,生成 8 种专属表情
- ✅ 增量更新:只生成新增表情,不重生成旧的
- ✅ 图文混排:文本中的
[标记]自动替换为表情图片 - ✅ 版本管理:最多保留 2 个版本,自动清理旧版
- ✅ 降级机制:API 失败时使用静态表情
Configuration
No configuration needed. Just install and enable.
Usage
- 首次使用:用户发送"你好" → 阿狸会请求头像
- 发送头像 → 自动生成 8 种表情(2分钟)
- 日常对话:自动根据情绪发送表情(50% 概率)
- 标记触发:在消息中使用
[可爱][眨眼][飞吻]等,自动发送对应表情
Emotions (11 types)
| ID | Name | Keywords |
|---|---|---|
| happy | 开心 | 开心、高兴、愉快、棒、太好了、耶 |
| angry | 生气 | 生气、愤怒、讨厌、烦、滚 |
| sad | 悲伤 | 难过、伤心、哭、泪、委屈 |
| shy | 害羞 | 害羞、脸红、腼腆、不好意思 |
| work | 工作 | 工作、加班、项目、deadline、bug |
| meme | 搞笑 | 搞笑、笑死、梗、太逗了、233 |
| surprised | 惊讶 | 惊讶、震惊、哇、卧槽、没想到 |
| cool | 酷炫 | 酷、帅、厉害、牛逼、大佬 |
| flying_kiss | 飞吻 | 飞吻、么么哒、mua、亲亲、比心 |
| hug | 抱抱 | 抱抱、拥抱、要抱抱、求抱抱 |
| blink | 眨眼 | 眨眼、wink、放电、挑逗 |
| cute | 可爱 | 可爱、卡哇伊、萌、卖萌 |
Integration
Add to OpenClaw config:
skills:
- "local-auto-emoji"
- "emoji-wrapper" # optional: for [marker] expansion
Wrapper Skill
If you want [标记] to auto-expand to emoji images, also enable emoji-wrapper skill.
Files
skills/local-auto-emoji/scripts/send_emoji.py- Main controllerskills/local-auto-emoji/scripts/emotion_mapper.py- Emotion analysisskills/local-auto-emoji/scripts/generate_emojis.py- Generation logicskills/local-auto-emoji/scripts/manage_emojis.py- Version managementskills/local-auto-emoji/config/emotions.json- Emotion definitionsskills/emoji-wrapper/script.py- OpenClaw message wrapper
Notes
- Emoji images are 512×512 PNG
- API: Qwen-Image-2.0 (DashScope)
- Storage:
skills/local-auto-emoji/assets/public/
Files
12 totalSelect a file
Select a file to preview.
Comments
Loading comments…