Skillv1.0.0

ClawScan security

Psychological Stress Assessment Skill | 心理压力评估技能 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 17, 2026, 4:21 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code broadly matches a facial-video stress-analysis purpose, but its runtime instructions and implementation disagree on where/how user identity and configuration are obtained and it persists and reads local config/DB files that the SKILL.md claims must not be read — this mismatch warrants caution.
Guidance: Key points to consider before installing or using this skill: - Inconsistency: SKILL.md forbids reading local memory, but the code reads/writes local config YAML files, environment variables, and a local SQLite DB (workspace/data). Do not assume the skill will avoid local data — it will persist and read records. - open-id and secrets: The skill requires an open-id to operate and looks for it in config files and environment variables. Confirm where you (or your org) would store open-id/API keys. If you store sensitive identifiers in a shared workspace config, the skill will read them. - Remote endpoints: Default config points to external domains (lifeemergence.com) and test/dev addresses. Verify and trust the target API endpoints before sending facial videos (sensitive biometric data). If you cannot verify the remote service, avoid uploading personal or employee videos. - Data retention & privacy: The skill saves attachments and keeps historical reports locally (SQLite) and queries historical reports from the remote API. If you need strict privacy or deletion guarantees, clarify retention policies or avoid storing videos on the host. - Dependencies & execution: No automated installer is provided, but the repo lists many dependencies. If you choose to run the scripts, do so in an isolated environment with reviewed dependencies and inspect RequestUtil (skills/smyx_common/scripts/util.py) to confirm how HTTP requests and credentials are handled. - What to ask the publisher or check in the code: 1) Which remote API endpoints will receive videos? 2) How are API keys/open-id authenticated and stored? 3) Where exactly are attachments and the SQLite DB stored and how long are they kept? 4) Confirm whether environment variables (OPENCLAW_SENDER_OPEN_ID, OPENCLAW_WORKSPACE) are used and whether that is acceptable. 5) Verify that the skill honors the SKILL.md prohibition in practice (it currently does not). Given these mismatches and the privacy sensitivity of facial/video data, treat this skill with caution and require clarification/changes before use in a production or sensitive environment.

Review Dimensions

Purpose & Capability: noteThe name/description (facial rPPG + micro-expression stress analysis) matches the included face_analysis and psychological assessment scripts and the use of a remote API. However the repository reuses a large shared common library (skills/smyx_common) that contains many unrelated enums, DAO/DB utilities, and config scaffolding (pet/health, many scene codes). Reuse is plausible, but some common modules contain broader capabilities than strictly necessary for a single stress-assessment skill.
Instruction Scope: concernSKILL.md emphatically forbids reading local memory files and long-term memory and prescribes a strict open-id lookup order (skill config file → workspace config → ask user). The code, however, will read environment variables (OPENCLAW_SENDER_OPEN_ID, OPENCLAW_SENDER_USERNAME, FEISHU_OPEN_ID) and will read/write local config YAML and a local SQLite DB under the workspace/data path via the included DAO. The skill also auto-saves uploaded attachments to an attachments directory per SKILL.md. That means the implementation touches local files/state despite the high-priority prohibition in the markdown — a direct contradiction that affects privacy and data flow assumptions.
Install Mechanism: noteThere is no install spec (instruction-only install), so nothing is fetched or executed automatically by an installer. The package includes requirements.txt files listing many third-party libraries, but since no install script is declared, dependency installation is left to the operator. That lowers immediate supply-chain risk but means runtime failures or accidental installs could pull a large dependency set if a user chooses to install them.
Credentials: concernRegistry metadata declares no required env vars, yet the code uses/reads several environment variables (OPENCLAW_SENDER_OPEN_ID, OPENCLAW_SENDER_USERNAME, OPENCLAW_WORKSPACE, FEISHU_OPEN_ID) and will read API keys from local config YAML (skills/smyx_common/scripts/config.yaml or the workspace config). The SKILL.md’s required open-id acquisition flow omits environment-derived open-id but the code will accept it. The skill can therefore access identity and config data not declared in metadata, and may store or read user-related records in a local SQLite DB — this is disproportionate to what the metadata advertises and should be explicitly declared.
Persistence & Privilege: noteThe skill persists data locally (creates/uses SQLite DB under workspace/data, may create config YAML files if missing, and saves attachments). It does not set always:true and does not declare elevated platform-wide privileges. Persisting user videos, reports, and potentially tokens is expected for a report-history feature, but SKILL.md's absolute prohibition on reading local memory conflicts with this persistence behavior. No evidence the skill modifies other skills' configurations, but it will create/modify files in the shared workspace.