家庭消费意图识别
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: family-intent-recognition Version: 1.0.0 The skill bundle is a legitimate rule-based NLP tool designed to identify family consumption intents from Chinese text. The core logic in `intent_classifier.py` uses keyword matching to categorize intents, while `api.py` and `cli.py` provide standard interfaces for the service. There is no evidence of data exfiltration, malicious execution, or prompt injection attempts in the code or documentation.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
API usage may fail until extra packages are installed, and users should make sure they install trusted versions of Flask and Flask-CORS.
The API mode depends on third-party Python packages, while the registry requirements only declare python3 and there is no install spec. This is not suspicious by itself, but dependency requirements are under-specified.
from flask import Flask, request, jsonify from flask_cors import CORS
Declare and pin the Python package dependencies for API mode, or document that only the CLI classifier works with the stated python3 requirement.
Other devices or browser origins that can reach the machine may be able to call the classifier service while it is running.
If the API server is run, it listens on all network interfaces and allows cross-origin browser access. The endpoint only classifies submitted text and does not store or exfiltrate data, but family chat text can be sensitive.
CORS(app) # 启用跨域支持 ... app.run(host='0.0.0.0', port=5000, debug=False)
For private use, bind the API to 127.0.0.1, restrict CORS to trusted origins, and avoid sending sensitive family chat text to an exposed service.