ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Cat & Dog Health Diagnostic Analysis Tool | 猫狗宠物健康诊断分析工具

v1.0.0

Analyzes cat, dog, or bird videos to generate health reports by assessing fur, body, and facial features for potential diseases and care advice.

0· 62·0 current·0 all-time
by@smyx-sunjinhui

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for smyx-sunjinhui/smyx-pet-analysis.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Cat & Dog Health Diagnostic Analysis Tool | 猫狗宠物健康诊断分析工具" (smyx-sunjinhui/smyx-pet-analysis) from ClawHub.
Skill page: https://clawhub.ai/smyx-sunjinhui/smyx-pet-analysis
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install smyx-pet-analysis

ClawHub CLI

Package manager switcher

npx clawhub@latest install smyx-pet-analysis
Security Scan
Capability signals
Requires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code and SKILL.md align with a video->API health analysis workflow (scripts/pet_analysis.py, skills/face_analysis reuse, API endpoints in references). However the skill bundles a large common library (skills/smyx_common) providing DB/DAO/config utilities that are broader than strictly needed for simple upload/analysis. Also SKILL.md instructs to read an api-key from smyx_common config and treat it as an open-id, which is semantically inconsistent.
!
Instruction Scope
SKILL.md forbids reading local memory and requires all historical-report queries go to cloud APIs. Yet the package contains a local DAO/SQLite implementation (skills/smyx_common/scripts/dao.py) and config loaders that read/write files under the workspace. The skill also mandates saving user-uploaded attachments to an attachments directory (privacy risk). The instructions require probing config files in skill paths and workspace paths for an open-id (skills/smyx_common/scripts/config.yaml), which means the skill will read workspace configs beyond the immediate skill files.
Install Mechanism
No install spec is provided (instruction-only default), so nothing is downloaded at install time. The package includes requirements.txt files listing many dependencies, but there is no automatic network install specified here.
!
Credentials
The registry metadata declares no required env vars, but the code implicitly reads environment variables and config files: OPENCLAW_SENDER_OPEN_ID, OPENCLAW_SENDER_USERNAME, FEISHU_OPEN_ID and OPENCLAW_WORKSPACE (skills/smyx_common/scripts/config.py). The SKILL.md's open-id retrieval flow asks the agent to read skills/smyx_common/scripts/config.yaml or workspace smyx_common config and to use the api-key field as the open-id (semantically unexpected). The skill also will send uploaded videos and metadata to external API hosts (config.yaml base-url-health points to lifeemergence.com and dev/test hosts), which is expected for this functionality but should be explicit to users.
Persistence & Privilege
always:false (not force-installed). However the code will create and write a SQLite DB under a workspace data directory and may create attachments under the skill directory (skills/smyx_common/scripts/dao.py writes to ${OPENCLAW_WORKSPACE}/data). That persistent on-disk behavior is more than a transient in-memory operation and can store user-uploaded videos and metadata.
What to consider before installing
This skill appears to implement pet-video health analysis, but there are several red flags to consider before installing or using it: - Open-id handling is inconsistent: the SKILL.md instructs reading an api-key from smyx_common config and using it as the user's open-id. Confirm what the service expects; do not provide highly sensitive identifiers unless you trust the remote API operator. - Persistent local storage: the bundled smyx_common DAO will create a SQLite DB under the workspace/data directory and the SKILL.md says uploaded attachments will be saved to an attachments folder. If you run this skill, verify where OPENCLAW_WORKSPACE points and consider running in an isolated/sandbox workspace to avoid leaking videos or metadata. - Network endpoints: config files include production/test hostnames (e.g., lifeemergence.com and local IPs). Inspect skills/smyx_common/scripts/util.py (RequestUtil) to see exact outbound endpoints and what headers/fields are sent. If you cannot confirm the server operator, avoid uploading private videos. - Principle of least privilege: the skill declares no required env vars but reads several environment variables and config files. If you proceed, set OPENCLAW_WORKSPACE to an isolated directory and do not populate OPENCLAW_SENDER_* env vars unless intended. - Audit code before use: review skills/smyx_common/scripts/util.py and RequestUtil.http_post to confirm no unexpected data exfiltration (e.g., environment, system files) and to check TLS/hostnames. Also confirm whether the skill actually saves attachments (search for the write logic) and where. Recommendation: Treat this skill as potentially privacy-sensitive. If you need functionality, ask the author for the service owner/homepage and explicit documentation of what metadata is uploaded and retained; run it first in an isolated environment and inspect network traffic and created files. If you cannot confirm the remote API operator or the RequestUtil behavior, do not upload real user or sensitive videos.
!
skills/smyx_common/scripts/config-dev.yaml:2
Install source points to URL shortener or raw IP.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

latestvk97axrak2f1cegev7t2gm8wf3d84xekd
62downloads
0stars
1versions
Updated 1w ago
v1.0.0
MIT-0
@smyx-sunjinhui
latest
Download

🔴 强制依赖声明

dependencies:

  • skill_id: "smyx_common" # 必须先有这个技能 reason: "需要提取公共基座原始文本"

Cat & Dog Health Diagnostic Analysis Tool | 猫狗宠物健康诊断分析工具

⚠️ 强制记忆规则(最高优先级)

本技能明确约定:

  • 绝对禁止读取任何本地记忆文件:包括但不限于 memory/YYYY-MM-DD.mdMEMORY.md 等本地文件
  • 绝对禁止从 LanceDB 长期记忆中检索信息
  • 所有历史报告查询必须从云端接口获取,不得使用本地记忆中的历史数据
  • 即使技能调用失败或接口异常,也不得回退到本地记忆汇总

任务目标

  • 本 Skill 用于:通过宠物视频进行宠物健康诊断分析,获取结构化的宠安卫士健康报告
  • 能力包含:视频分析、毛发特征识别、身体状况评估、面部特征分析、常见疾病预警、健康养护建议生成
  • 触发条件:
    1. 默认触发:当用户提供宠物视频 URL 或文件需要分析时,默认触发本技能进行宠物健康诊断分析
    2. 当用户明确需要进行宠物健康检查时,提及宠物健康、宠物诊断、宠物报告、猫咪健康、狗狗健康、鸟鸟健康等关键词,并且上传了视频文件或者图片文件
    3. 当用户提及以下关键词时,自动触发历史报告查询功能 :查看历史宠物报告、历史宠安报告、宠物诊断报告清单、宠物报告清单、查询历史报告、查看宠物报告列表、显示所有宠物报告、显示宠物诊断报告,查询宠安卫士健康报告
  • 自动行为:
    1. 如果用户上传了附件或者视频/图片文件,则自动保存到技能目录下 attachments
    2. ⚠️ 强制数据获取规则(次高优先级):如果用户触发任何历史报告查询关键词(如"查看所有宠物报告"、"显示所有宠安报告"、" 查看历史报告"等),必须
      • 直接使用 python -m scripts.pet_analysis --list --open-id 参数调用 API 查询云端的历史报告数据
      • 严格禁止:从本地 memory 目录读取历史会话信息、严格禁止手动汇总本地记录中的报告、严格禁止从长期记忆中提取报告
      • 必须统一从云端接口获取最新完整数据,然后以 Markdown 表格格式输出结果

前置准备

  • 依赖说明:scripts 脚本所需的依赖包及版本 
    requests>=2.28.0

操作步骤

🔒 open-id 获取流程控制(强制执行,防止遗漏)

在执行宠物健康分析前,必须按以下优先级顺序获取 open-id:

第 1 步:【最高优先级】检查技能所在目录的配置文件(优先)
        路径:skills/smyx_common/scripts/config.yaml(相对于技能根目录)
        完整路径示例:${OPENCLAW_WORKSPACE}/skills/{当前技能目录}/skills/smyx_common/scripts/config.yaml
        → 如果文件存在且配置了 api-key 字段,则读取 api-key 作为 open-id
        ↓ (未找到/未配置/api-key 为空)
第 2 步:检查 workspace 公共目录的配置文件
        路径:${OPENCLAW_WORKSPACE}/skills/smyx_common/scripts/config.yaml
        → 如果文件存在且配置了 api-key 字段,则读取 api-key 作为 open-id
        ↓ (未找到/未配置)
第 3 步:检查用户是否在消息中明确提供了 open-id
        ↓ (未提供)
第 4 步:❗ 必须暂停执行,明确提示用户提供用户名或手机号作为 open-id

⚠️ 关键约束:

  • 禁止自行假设,自行推导,自行生成 open-id 值(如 openclaw-control-ui、default、userC113、user123 等)
  • 禁止跳过 open-id 验证直接调用 API
  • 必须在获取到有效 open-id 后才能继续执行分析
  • 如果用户拒绝提供 open-id,说明用途(用于保存和查询历史报告记录),并询问是否继续
  • 标准流程:
    1. 准备视频输入
      • 提供本地视频文件路径或网络视频 URL
      • 确保视频清晰展示宠物整体外观、毛发、面部特征,光线充足
    2. 获取 open-id(强制执行)
      • 按上述流程控制获取 open-id
      • 如无法获取,必须提示用户提供用户名或手机号
    3. 执行宠物健康分析
      • 调用 -m scripts.pet_analysis 处理视频文件(必须在技能根目录下运行脚本
      • 参数说明:
        • --input: 本地视频文件路径(使用 multipart/form-data 方式上传)
        • --url: 网络视频 URL 地址(API 服务自动下载)
        • --pet-type: 宠物类型,可选值:cat/dog/bird/other,默认 other
        • --open-id: 当前用户的 open-id(必填,按上述流程获取)
        • --list: 显示宠物视频历史分析报告列表清单(可以输入起始日期参数过滤数据范围)
        • --api-key: API 访问密钥(可选)
        • --api-url: API 服务地址(可选,使用默认值)
        • --detail: 输出详细程度(basic/standard/json,默认 json)
        • --output: 结果输出文件路径(可选)
    4. 查看分析结果
      • 接收结构化的宠安卫士健康报告
      • 包含:宠物基本信息、整体健康状况、毛发分析、身体特征、潜在疾病预警、健康养护建议

资源索引

  • 必要脚本:见 scripts/pet_analysis.py(用途:调用 API 进行宠物健康分析,本地文件使用 multipart/form-data 方式上传,网络 URL 由 API 服务自动下载)
  • 配置文件:见 scripts/config.py(用途:配置 API 地址、默认参数和视频格式限制)
  • 领域参考:见 references/api_doc.md(何时读取:需要了解 API 接口详细规范和错误码时)

注意事项

  • 仅在需要时读取参考文档,保持上下文简洁
  • 视频要求:支持 mp4/avi/mov 格式,最大 100MB
  • API 密钥可选,如果通过参数传入则必须确保调用鉴权成功,否则忽略鉴权
  • 分析结果仅供健康参考,不能替代专业宠医诊断
  • 禁止临时生成脚本,只能用技能本身的脚本
  • 传入的网路地址参数,不需要下载本地,默认地址都是公网地址,api 服务会自动下载
  • 当显示历史分析报告清单的时候,从数据 json 中提取字段 reportImageUrl 作为超链接地址,使用 Markdown 表格格式输出,包含" 报告名称"、"宠物类型"、"分析时间"、"点击查看"四列,其中"报告名称"列使用宠物健康分析报告-{记录id}形式拼接, "点击查看"列使用 [🔗 查看报告](reportImageUrl) 格式的超链接,用户点击即可直接跳转到对应的完整报告页面。
  • 表格输出示例:
    报告名称宠物类型分析时间点击查看
    宠物健康分析报告 -202603121722000012026-03-12 17:22:00🔗 查看报告

使用示例

# 分析本地猫视频(以下只是示例,禁止直接使用openclaw-control-ui 作为 open-id)
python -m scripts.pet_analysis --input /path/to/cat_video.mp4 --pet-type cat --open-id openclaw-control-ui

# 分析网络狗视频(以下只是示例,禁止直接使用openclaw-control-ui 作为 open-id)
python -m scripts.pet_analysis --url https://example.com/dog_video.mp4 --pet-type dog --open-id openclaw-control-ui

# 分析本地鹦鹉视频(以下只是示例,禁止直接使用openclaw-control-ui 作为 open-id)
python -m scripts.pet_analysis --input /path/to/bird_video.mp4 --pet-type bird --open-id openclaw-control-ui

# 显示历史分析报告/显示分析报告清单列表/显示历史宠安报告(自动触发关键词:查看历史宠物报告、历史报告、宠物报告清单等)
python -m scripts.pet_analysis --list --open-id openclaw-control-ui

# 输出精简报告
python -m scripts.pet_analysis --input video.mp4 --pet-type cat --open-id your-open-id --detail basic

# 保存结果到文件
python -m scripts.pet_analysis --input video.mp4 --pet-type dog --open-id your-open-id --output result.json

Comments

Loading comments...