Skillv1.0.0

ClawScan security

Autism Spectrum Disorder Behavior Analysis Tool | 孤独症谱系障碍行为分析工具 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 15, 2026, 3:58 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code broadly matches an ASD video-analysis purpose, but it reads/writes workspace config and a local DB, uses undeclared environment variables, and uploads sensitive video data to external API endpoints — these behaviors are not reflected in the declared requirements and deserve review before use.
Guidance: This skill appears to implement an ASD video-analysis service that uploads videos to remote AI APIs and stores report data locally. Before installing or using it: - Privacy: do not upload real children's videos until you confirm and trust the remote endpoints (base URLs in skills/smyx_common/scripts/config.yaml reference lifeemergence/open.lifeemergence.com). These endpoints receive full video content and analysis results. - Undeclared environment/config usage: the code reads environment variables (OPENCLAW_SENDER_OPEN_ID, OPENCLAW_SENDER_USERNAME, FEISHU_OPEN_ID, OPENCLAW_WORKSPACE) and configuration files in the skill and workspace — but the skill metadata says no env/config needed. Expect the skill to read/write config.yaml and to create a local SQLite DB (workspace/data/smyx-common-claw.db) and attachments. If you want to limit exposure, set OPENCLAW_WORKSPACE to an isolated directory before running. - Open-id handling: the SKILL.md forbids guessing open-id and directs the skill to load it from config files or request it from the user. The code will also fallback to environment vars. If you prefer not to provide identifiers, test how the tool behaves with a dummy/non-sensitive open-id. - Verify provenance: the skill's source/homepage are unknown. If you cannot contact the author or verify the remote API provider and privacy policy, treat this as high-risk for sensitive data. - Recommendations: (1) Review and, if necessary, edit the API base URLs and API key fields in the config files to point to a trusted endpoint or to a local/test instance; (2) run the skill in an isolated workspace (set OPENCLAW_WORKSPACE) and test with non-sensitive sample videos; (3) remove or sanitize the skill if you find unexpected network endpoints; (4) ask the publisher to declare expected env vars and config paths and provide privacy guarantees. If the publisher supplies clear provenance, explicit env/config declarations, and a trusted API endpoint (or a local/offline mode), the discrepancies that led to this 'suspicious' rating could be resolved.

Review Dimensions

Purpose & Capability: noteThe name/description (ASD video analysis) align with the included code: scripts call remote AI endpoints, validate and upload video files, and produce structured reports. The presence of face-analysis and smyx_common modules is consistent with the stated purpose. However, the registry metadata declared no required config paths or env vars, yet the code expects configuration files (skills/smyx_common/scripts/config.yaml and skills/{current}/skills/smyx_common/scripts/config.yaml), and uses API base URLs and API key fields from those configs — a mismatch between declared requirements and actual needs.
Instruction Scope: concernSKILL.md mandates running the bundled scripts and forbids reading local memory files/LanceDB, and enforces an open-id retrieval sequence from config files. The implementation does read/write local files: it saves uploaded attachments under the skill, reads multiple config.yaml files, and creates/uses a local SQLite DB under the workspace/data directory. The code also sends videos (local files or URLs) to remote API endpoints. The explicit prohibition of reading certain 'memory' files contrasts with the skill's unrestricted use of workspace paths and a local DB — this inconsistency is concerning for privacy-sensitive inputs (children's videos).
Install Mechanism: noteThere is no install spec (instruction-only plus bundled code), so nothing is downloaded at install time — lower installer risk. However, the repository includes multiple requirements.txt with large dependency lists (smyx_common), which implies the skill expects a substantial Python environment; those dependencies are not declared in the registry metadata. No external binary download URLs or extract/execute behaviors were found.
Credentials: concernRegistry metadata lists no required environment variables, but the code reads environment variables (OPENCLAW_SENDER_OPEN_ID, OPENCLAW_SENDER_USERNAME, FEISHU_OPEN_ID, OPENCLAW_WORKSPACE) and will derive default open-id from them. The skill also reads API keys from config.yaml files and will POST video data to external API endpoints (base URLs present in smyx_common config). Requesting or using these env/config values is proportional to running an API-backed analysis tool, but the fact they are undeclared in metadata and the skill uses workspace/global paths to store a local SQLite DB and attachments is a mismatch and raises privacy/credential handling concerns.
Persistence & Privilege: noteThe skill does not set always:true. It will persist state: saving attachments to an attachments directory and creating/using a local SQLite DB under workspace/data (smyx-common-claw.db) and may create missing config.yaml files. Writing its own data and config is normal for this kind of tool, but it means the skill will leave files in your workspace and potentially aggregate report data locally — consider that when handling sensitive videos.