Skillv1.0.0

ClawScan security

Baby Sleep State Monitoring Skill | 婴儿睡眠状态监测技能 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 16, 2026, 12:42 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill generally matches its stated purpose (analyzing baby sleep from video) but contains surprising/incoherent behaviors — local disk persistence, broad shared/common code, and mandatory cloud API calls without clear provenance — that warrant caution before installing.
Guidance: What to consider before installing or running this skill: - Data flow and privacy: The skill uploads video files (local or URL) to a cloud API controlled by the package configuration (skills/smyx_common/scripts/config.yaml). Verify and trust the remote service (base URLs and API owner) before sending sensitive baby-monitoring footage. - open-id and credentials: The runtime enforces obtaining an 'open-id' (from config or user input). Do not supply personal credentials, usernames, or phone numbers unless you trust the service; question why the skill needs persistent identifiers. - Local persistence: The skill will save uploaded attachments to a local attachments folder and may create a SQLite DB under the workspace/data directory. If that is unacceptable, run the skill in a sandbox or inspect/clean those directories after use. - Incoherence to resolve: SKILL.md forbids reading local memory, yet the code reads config files and uses a local DAO — ask the maintainer to explain this contradiction and provide the authoritative privacy policy and endpoint documentation. - Code provenance: There is no homepage and the source owner is unknown. Request the source or a trusted repo and confirm the API endpoints and their privacy/security controls. Review the implementation of RequestUtil (skills/smyx_common/scripts/util.py) to see exactly how and where data is transmitted. - Operational mitigations: If you decide to run it, do so in an isolated environment (container/VM), review and edit skills/smyx_common/scripts/config.yaml to point to a trusted API or blank out endpoints, and avoid providing real personal identifiers until you confirm the backend. Because the package bundles shared/common modules and unrelated analysis code and performs both local persistence and network uploads without clear provenance, treat it cautiously — verify the backend, inspect RequestUtil, and prefer sandboxed execution.
Findings: [no_regex_findings] expected: The pre-scan reported no injection signals. This does not mean the skill is safe — static scanner didn't flag patterns, but the code includes network requests, file I/O, and local DB usage which are expected for a video->cloud analysis skill.

Review Dimensions

Purpose & Capability: noteThe code and docs implement infant sleep analysis by uploading/processing video via a cloud API, which aligns with the skill description. However the bundle also includes an unrelated 'face_analysis' skill and a large shared module (smyx_common) reused across many analyses. Inclusion of unrelated analysis code increases complexity and raises questions about why many utilities and DB layers are bundled with a narrowly described sleep monitor.
Instruction Scope: concernSKILL.md explicitly forbids reading local memory files, but the runtime scripts read multiple local configuration files (skills/smyx_common/scripts/config.yaml), environment variables, and they direct saving uploaded attachments to a local attachments directory. The code also includes a local SQLite DAO that will create files under a workspace data directory. That contradicts the stated absolute prohibition on local memory access and expands the skill's scope to persistent local storage and config file access.
Install Mechanism: noteNo external install spec (no downloads) — code is bundled with the skill (19+ files). That avoids remote install-time code fetches, but it does mean the skill runs the included Python code when invoked. There are no direct archive/download URLs flagged; risk is from executing bundled code rather than from a remote installer.
Credentials: concernThe skill declares no required env vars, yet the common config layer reads environment variables (OPENCLAW_SENDER_OPEN_ID, OPENCLAW_WORKSPACE, FEISHU_OPEN_ID) and the SKILL.md enforces a multi-step 'open-id' retrieval from local config files. The skill will send user video data to cloud endpoints configured in skills/smyx_common/scripts/config.yaml (defaults point to lifeemergence domains in the bundle). Asking for or deriving open-id and uploading sensitive video to an external API without a clear, trusted service provenance is a privacy/credentiality concern.
Persistence & Privilege: notealways:false (no forced persistent inclusion) which is appropriate. However the skill writes uploaded attachments into its own attachments directory and the shared DAO creates/uses a local SQLite DB under a workspace data path. That gives the skill durable local storage of potentially sensitive videos and derived records; this is not inherently malicious but should be considered before running on systems with sensitive data.