Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Unattended Monitoring Skill | 无人陪伴监测技能
v1.0.0Determines when elderly people living alone have no interaction or visitors for extended periods, and actively pushes care reminders to family members, suita...
⭐ 0· 15·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
The code, helper modules, and SKILL.md consistently implement video/image-based monitoring and history listing, which matches the skill description. However the skill expects/shared code from a common package (skills/smyx_common) and uses remote API endpoints (lifeemergence/open-api style URLs) that are not described in the top-level metadata. The SKILL.md omits declaring config paths and env vars the code actually relies on, so capability is broadly coherent but operational requirements are under-specified.
Instruction Scope
SKILL.md enforces a strict open-id acquisition order that requires reading config files under skills/smyx_common/scripts/config.yaml (and workspace-level config). The runtime code also will save uploaded attachments to a local attachments directory and create/use a local SQLite DB under the workspace data path. SKILL.md forbids reading local memory files and long-term LanceDB memory, but the package contains a local DAO and persistent DB behavior — this is a contradiction. The skill will also send uploaded media to remote API endpoints for analysis (expected for this service), so instructions both read and write local files outside the skill root and perform network transfers.
Install Mechanism
No install spec is provided (instruction-only install), which minimizes automatic install risk. But the repository contains many Python modules and a large requirements.txt in skills/smyx_common; in practice the operator would need to install those dependencies (requests is explicitly referenced). The absence of an install spec combined with non-trivial package requirements is an operational mismatch (user must manually satisfy dependencies).
Credentials
Top-level metadata lists no required env vars or config paths, yet the code reads environment variables and config files: OPENCLAW_SENDER_OPEN_ID, OPENCLAW_SENDER_USERNAME, FEISHU_OPEN_ID, OPENCLAW_WORKSPACE (used to build DB and config paths) and ApiEnum/Api keys from skills/smyx_common scripts/config.yaml. The skill also sends potentially sensitive video/media to remote service endpoints (production defaults point to lifeemergence.com). These accesses are not declared in the skill metadata and may expose sensitive data if users are unaware.
Persistence & Privilege
The skill will persist uploaded media and create a local SQLite DB under the workspace/data path (dao.get_db_path), and it references shared/common config files in another skill directory. Although always:false, the skill gains persistent presence on disk and cross-skill/read access to workspace-level config — privileges that are not called out in the registry metadata and deserve explicit user consent.
What to consider before installing
What to know before installing:
- Network behavior: The skill uploads user-supplied images/videos to a remote API for analysis. Default production config references lifeemergence.com endpoints. If you cannot trust that remote service, do not use the skill with real camera streams or identifiable footage.
- Undeclared local accesses: Despite metadata claiming no required config/envs, the code reads environment variables (e.g., OPENCLAW_SENDER_OPEN_ID, OPENCLAW_WORKSPACE, FEISHU_OPEN_ID) and looks for config files under skills/smyx_common/scripts/config.yaml (also in a workspace-level path). It will also write attachments and an SQLite DB under the workspace data directory. Expect files to be stored locally.
- Privacy: This skill handles sensitive camera footage of people (elderly). Confirm you have consent from those recorded and verify where data is uploaded/stored and retention policies.
- Contradiction in SKILL.md: The docs forbid reading local memory files but the code includes a local DAO and will create/use local storage — ask the author to clarify.
- Dependency/installation: There's no install spec; the skill requires Python dependencies (requests and many packages under smyx_common). Installing the full requirements may be required for correct operation.
- Actionable checks before use:
1) Request the developer to enumerate exact config paths and environment variables the skill will read/write and list the production API endpoints and data retention policy.
2) If you plan to test, run the skill in an isolated sandbox/workspace, avoid using real camera feeds, and inspect the created files (attachments, sqlite DB).
3) If you need to keep data local only, ask for a mode that performs on-device inference or explicit opt-out of remote uploads.
What would reduce concern: explicit declared required env vars and config paths in metadata, clear opt-in/out for remote uploads, and confirmation that workspace/config access is strictly limited to the skill's own directory (no cross-skill config reads).skills/smyx_common/scripts/config-dev.yaml:2
Install source points to URL shortener or raw IP.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.Like a lobster shell, security has layers — review code before you run it.
latestvk979xa7xdemtbht4ftneq65xrs853fkk
License
MIT-0
Free to use, modify, and redistribute. No attribution required.