xbot-camera-qc
v1.0.0Professional visual inspection for xbot.coffee Lite, detecting drink volume, screen, table, robotic arm, dirt, environment and pests. Output structured Engli...
⭐ 0· 101·0 current·0 all-time
by@mszren
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name, description, README and SKILL.md all describe the same visual QC use case (camera image inspection for xbot.coffee Lite) and the required outputs. The skill does not request unrelated credentials, binaries, or config paths.
Instruction Scope
The SKILL.md specifies detection categories and the exact JSON output schema, but it is high-level and does not instruct how to perform inference (no model, no thresholds, no preprocessing), nor does it state whether images should be processed locally or sent to an external service. That vagueness gives the executing agent broad discretion about where and how to process images, which has privacy and exfiltration implications.
Install Mechanism
Instruction-only skill with no install steps and no code files. Nothing is written to disk by an installer, which lowers installation risk.
Credentials
No environment variables, credentials, or config paths are requested — proportional to the stated purpose. Note: in practice, image processing often requires a model or external API and credentials (not declared here). If the agent uses external vision APIs, additional secrets would be required and should be explicitly declared.
Persistence & Privilege
Skill is not always-enabled and does not request persistent system-wide privileges. It is user-invocable and can be run autonomously per platform defaults, which is normal for skills. There is no indication it modifies other skills or global config.
Assessment
This skill appears coherent for camera-based QC and outputs a clear JSON schema, but it omits operational details you should confirm before installing: (1) Where will images be processed — locally in the agent runtime or sent to an external API? If external, request the endpoint and any required credentials and verify they are declared. (2) Ask the author for the actual model/code used (repo link or container). Without code, you cannot audit inference behavior or data handling. (3) Consider privacy: camera images may include people or sensitive scenes — ensure storage, retention, and transmission policies are acceptable. (4) If you allow autonomous runs, be aware the agent could choose to call external services; restrict network access or require explicit approval for external calls if that is a concern. (5) Test on non-sensitive sample images first and request a technical readme describing model, latency, expected error rates, and failure modes. If you need stronger assurance, ask the publisher to provide the implementation (code or container) so you can perform a security review.Like a lobster shell, security has layers — review code before you run it.
latestvk970cqw508v6edap3rn3794cy183p8nq
License
MIT-0
Free to use, modify, and redistribute. No attribution required.