Skillv1.0.0

ClawScan security

Intelligent Video Search & Retrieval Analysis Skill | 视频搜索检索智能分析技能 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewApr 18, 2026, 5:57 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to implement cloud-based video analysis (which matches its description) but contains multiple internal inconsistencies and unexpected local persistence/network behaviors that the developer did not declare.
Guidance: Key points to consider before installing or running this skill: - Data exfiltration risk: The scripts upload video files (multipart/form-data) to remote AI endpoints (default base URLs in smyx_common point at lifeemergence.com). If your videos contain sensitive personal or confidential content, do NOT run the skill until you confirm the target API and privacy policy. - Undeclared environment/config requirements: The skill metadata says no env vars or credentials are required, but the code reads OPENCLAW_WORKSPACE, open-id settings and config YAMLs that can contain API keys/base URLs. Expect to provide an open-id and possibly API keys via config or CLI. - Local persistence mismatch: SKILL.md forbids reading local memory files, but the code includes a local DAO (SQLite) and will create/read config and data files under the workspace. That contradicts the documentation and may leave artifacts on disk. - Larger-than-expected footprint: The bundle contains extra modules (face_analysis, many common libraries and a long requirements list). This increases attack surface and may import many packages when executed. - Ask the author / verify before use: Request clarification about (1) exact API endpoints used, (2) where uploaded video data is stored/retained, (3) whether the included face_analysis modules are needed, and (4) why the SKILL.md prohibits local memory reads while the code accesses local config/DB. - If you must try it: run in an isolated environment (sandbox/container) with non-sensitive test videos, inspect the RequestUtil and ApiEnum config values to confirm remote hosts, and ensure OPENCLAW_WORKSPACE points to a location you control. Do not run it on production machines or with private footage until you confirm behavior. If you want, I can: (a) extract the exact default API base-URLs and endpoints used in code, (b) summarize the RequestUtil implementation to show where HTTP requests are sent, or (c) point out all places where files are written/read so you can audit local persistence.

Review Dimensions

Purpose & Capability: noteThe stated purpose (video search/analysis) matches the code that calls remote AI-analysis APIs and uploads videos. However the bundle also includes unrelated modules (face_analysis, TCM/health analysis) and a large common library (smyx_common) — more functionality and dependencies than the skill description implies.
Instruction Scope: concernSKILL.md strictly forbids reading local memory files, yet the codebase includes local DB/DAO logic and config file handling. The runtime instructions mandate reading config files for open-id and using python -m scripts.video_search_analysis, which will perform HTTP uploads of video files to external APIs. The strong ‘no local memory’ rule in the doc is therefore inconsistent with the code that can read/write workspace config/data files.
Install Mechanism: noteThere is no install spec (instruction-only metadata) but the package contains requirements files and many modules with heavy third‑party dependencies (smyx_common requirements lists dozens of packages). This is disproportionate to a small video-search script and means running it may attempt to import many packages not declared in the skill metadata.
Credentials: concernMetadata declares no required env vars/credentials, but code reads environment variables (OPENCLAW_WORKSPACE, OPENCLAW_SENDER_OPEN_ID, OPENCLAW_SENDER_USERNAME, FEISHU_OPEN_ID) and relies on config YAMLs that may contain API keys/base URLs. The SKILL.md enforces obtaining an open-id from local config files or user input, and the API endpoint defaults point to external domains (lifeemergence.com). Secret/credential access is therefore required in practice but not declared.
Persistence & Privilege: concernSkill will write/read local files: it expects/creates config.yaml, may save uploaded attachments under a skill attachments directory, and the common dao code creates/uses a SQLite DB under a workspace data directory. Although always:false, the skill thus gains local persistence and can create files under the OPENCLAW_WORKSPACE-derived data path.