Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Regional Humanoid Detection Skill | 区域人形检测技能
v1.0.0Automatically detects personnel in target areas based on computer vision. Supports real-time video stream detection and is suitable for monitoring personnel...
⭐ 0· 21·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to perform regional human-detection by calling a cloud API — the code implements API calls and video upload paths, which is consistent. However, the repository also contains large, generic modules for face/health/pet analysis and a heavy common library (smyx_common) reused across multiple domains. Those extra artifacts suggest code reuse rather than a minimal human-detection implementation and add surface area that is not explained in the description.
Instruction Scope
SKILL.md explicitly forbids reading local ‘memory’ and LanceDB and requires all historical queries come from the cloud, yet the codebase reads config files under skills/smyx_common/scripts/, reads/writes a local SQLite DB (skills/smyx_common/scripts/dao.py creates/uses a DB under the workspace/data path), and may save attachments locally. This is an internal contradiction: the runtime instructions prohibit local state access while the code clearly performs local file and DB I/O and reads config YAML files. The skill also transmits video files or URLs to external APIs (multipart upload or letting the API download the URL), which is expected for a cloud-based analysis but should be explicit to users.
Install Mechanism
There is no install spec (instruction-only installation), which lowers supply-chain risk from arbitrary downloads. However, the repository includes requirements.txt files and a large dependency list in smyx_common that suggest runtime expectations; the package may fail or behave unexpectedly without those dependencies. No external archives/URLs are downloaded by an installer, but runtime network calls to configured endpoints are present.
Credentials
Declared requirements list no environment variables or credentials, but the code reads environment variables and local config files: ConstantEnum.init checks OPENCLAW_SENDER_OPEN_ID, OPENCLAW_SENDER_USERNAME, FEISHU_OPEN_ID and the DAO uses OPENCLAW_WORKSPACE to locate data. The SKILL.md also enforces an 'open-id' retrieval flow from local config files under the skill or workspace. This mismatch (no declared required env, yet code depends on env/config and may use API keys in config.yaml) is incoherent and risks hidden dependence on sensitive values stored in environment or local config files.
Persistence & Privilege
The code creates/uses a local SQLite DB and writes data under the workspace/data directory (dao.py), and SKILL.md instructs auto-saving uploaded attachments to the skill directory (attachments). Although always:false (not force-installed), the skill nonetheless persists data locally and may modify workspace files. This contradicts the SKILL.md prohibition on using local memories and demonstrates the skill gains persistent local state and filesystem write privileges.
What to consider before installing
Key things to consider before installing:
- Contradictory behavior: SKILL.md forbids reading local memory, but the code reads/writes local config and a SQLite DB and may save uploaded attachments. Ask the author to explain why local persistence is needed and whether the 'no local memory' rule is enforced by runtime checks.
- Data exfiltration is expected but important: local video files are uploaded (multipart/form-data) to external APIs, or remote URLs are fetched by the API service. Check and approve the exact API endpoints in skills/smyx_common/scripts/config.yaml (the repo includes base URLs pointing to lifeemergence domains and dev/test hosts). If you need privacy, do not upload sensitive footage until you verify the service and agreements.
- Hidden env/config dependencies: the skill does not declare required env vars, yet it reads OPENCLAW_SENDER_OPEN_ID, OPENCLAW_WORKSPACE, and may rely on API keys in config YAML. Ensure no sensitive credentials are present on your environment or in workspace config.yaml before use.
- Broad codebase: the repo contains many unrelated components (pet/health/face-analysis artifacts and a large common library). This increases the attack surface and makes auditing harder. If you only need basic local human-detection, ask for a minimal implementation or sanitize the code.
- Practical steps: review skills/smyx_common/scripts/config.yaml and config-dev/test files to confirm endpoints; inspect skills/smyx_common/scripts/util.py (RequestUtil and CommonUtil) to see exactly how HTTP requests are made and what headers/credentials are sent; test in an isolated environment with no sensitive credentials and with dummy videos; and request source/homepage/maintainer info since the skill's source is 'unknown'.
If you cannot verify endpoints and the code paths that persist data, treat this skill as untrusted for sensitive video or credentials.skills/smyx_common/scripts/config-dev.yaml:2
Install source points to URL shortener or raw IP.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.Like a lobster shell, security has layers — review code before you run it.
latestvk972f1eman30skcaprkkgqgv7184zjxr
License
MIT-0
Free to use, modify, and redistribute. No attribution required.