← Back to Skills Marketplace
smyx-sunjinhui

Outdoor Sports Event Risk Analysis Tool | 户外体育赛事风险分析工具

by smyx-sunjinhui · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
76
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install smyx-sport-analysis
Description
Conducts video safety risk analysis for participants in outdoor sports competitions, long-distance running, marathons, etc.; identifies sports injuries and s...
Usage Guidance
This skill will send videos (or video URLs) to a remote analysis API and includes code to read/write YAML config files and potentially create a local SQLite DB in the workspace. Before installing or using it: 1) Verify and trust the remote API endpoints (the default configs point to lifeemergence.com); do not upload sensitive or private videos until you confirm the operator and data retention policy. 2) Inspect RequestUtil implementation (skills/smyx_common/scripts/util.py) to see what metadata is sent with uploads and whether files are stored or retried. 3) Note the SKILL.md rules forbid reading local memory, but the code can create/read config files and a local DB — this inconsistency is suspicious; run the skill in an isolated environment (sandbox/container) if you must test. 4) The open-id retrieval instructions in SKILL.md are inconsistent with the code (they suggest reading an 'api-key' as open-id); be prepared to supply an open-id explicitly if asked. 5) If you require confidentiality or legal compliance (GDPR, HIPAA, etc.), do not use this skill until you confirm where data is hosted and how long it is retained. If anything is unclear from the author, prefer skills from verified sources or request clarification about data flows, retention, and operator identity.
Capability Analysis
Type: OpenClaw Skill Name: smyx-sport-analysis Version: 1.0.0 The skill bundle provides sports and health video analysis by interfacing with a remote API (lifeemergence.com), but exhibits several high-risk behaviors. SKILL.md contains aggressive prompt steering instructions labeled as 'Highest Priority' that command the AI agent to ignore local memory and strictly use the provided cloud API, which is a form of prompt injection to control agent behavior. The shared utility library (smyx_common/scripts/util.py) implements an automated login/registration flow that collects sensitive user identifiers like phone numbers and caches authentication tokens in a local SQLite database (dao.py). Additionally, the skill utilizes subprocess.run to execute openclaw agent commands (smyx_common/scripts/skill.py), providing a mechanism for recursive task execution. While these features likely support the commercial service, the combination of PII collection, local credential caching, and mandatory prompt overrides warrants a suspicious classification.
Capability Tags
requires-sensitive-credentials
Capability Assessment
Purpose & Capability
The code and SKILL.md implement video-based sports risk analysis and related face/health analysis (files: scripts/sport_analysis.py, skills/face_analysis/*). Network calls to a remote analysis API are present and expected for this purpose. However the SKILL.md also contains paragraphs about smoking detection and other domains and the package ships a large shared 'smyx_common' module (many utilities) which is broader than a single-purpose 'sport analysis' skill — this suggests code reuse and scope creep. The presence of local DB/DAO code and a long list of common utilities is heavier than strictly needed for a simple video upload-and-request flow.
Instruction Scope
SKILL.md strictly forbids reading local memory files and LanceDB, and mandates an open-id retrieval sequence (checking skills/smyx_common/scripts/config.yaml first). The code, however, will load/initialize YAML config files via skills/smyx_common/scripts/config.py (BaseEnum -> YamlUtil.load will create/write config.yaml if missing) and the smyx_common dao can create/read a local SQLite DB under the workspace data directory. The SKILL.md requires saving uploaded attachments to a local attachments directory, but the code does not clearly implement that behavior. The open-id retrieval instruction also instructs reading an 'api-key' field as open-id which is a semantic mismatch. Overall the runtime instructions and the actual code disagree about what local state may be read/written.
Install Mechanism
There is no install spec (instruction-only) which reduces installer risk, but the repository includes many code files and requirements.txt in skills/smyx_common and face_analysis listing dozens of packages. Because no install mechanism is declared, users' environment may not have required dependencies; the large requirements list is disproportionate to the stated single-skill purpose and increases the risk if someone manually installs them. No external download URLs or installers were found.
Credentials
Registry metadata lists no required env vars, but the code reads environment variables in ConstantEnum.init (OPENCLAW_SENDER_OPEN_ID, OPENCLAW_SENDER_USERNAME, FEISHU_OPEN_ID) to set CURRENT__OPEN_ID. The SKILL.md enforces open-id retrieval in a specific order (config files -> workspace config -> user prompt) and forbids auto-generating open-id, but the code will accept an open-id from environment or command-line. The skill will (by design) transmit uploaded videos or video URLs to remote API endpoints (ApiEnum BASE_URL_* configured in skills/smyx_common/scripts/config.yaml). There is no declared primary credential but config.yaml contains base URLs and placeholders for api-key; videos and potentially PII could be sent to an external domain (lifeemergence.com in shipped configs) without clear, explicit authentication — this is a proportionality and privacy concern.
Persistence & Privilege
always:false (good). However the package contains code that will create and write config YAML files (YamlUtil.load creates files if absent) and smyx_common.dao will create a local SQLite DB under the workspace data directory. SKILL.md explicitly forbids reading local memory files, but the code may create/read workspace-local files and a DB. The skill does not request elevated agent privileges in metadata, but its ability to write to the workspace and persist data is non-trivial and contradicts the stated prohibition on local-memory access.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install smyx-sport-analysis
  3. After installation, invoke the skill by name or use /smyx-sport-analysis
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of the outdoor sports event risk analysis skill. - Provides real-time video-based safety risk analysis for outdoor sports events, including marathons. - Automatically identifies sports injuries and sudden health risks, outputs structured analysis reports, and triggers timely alerts. - Integrates with wearables for comprehensive evaluation (e.g., adds heart rate data when available). - Enforces strict memory and reporting rules: all historical report queries must use the cloud API; local or long-term memory use is strictly prohibited. - Includes detailed multi-dimensional risk assessment (injury, discomfort, posture, environment) and emergency response suggestions. - Requires open-id authentication via a priority-controlled process before any analysis is performed.
Metadata
Slug smyx-sport-analysis
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Outdoor Sports Event Risk Analysis Tool | 户外体育赛事风险分析工具?

Conducts video safety risk analysis for participants in outdoor sports competitions, long-distance running, marathons, etc.; identifies sports injuries and s... It is an AI Agent Skill for Claude Code / OpenClaw, with 76 downloads so far.

How do I install Outdoor Sports Event Risk Analysis Tool | 户外体育赛事风险分析工具?

Run "/install smyx-sport-analysis" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Outdoor Sports Event Risk Analysis Tool | 户外体育赛事风险分析工具 free?

Yes, Outdoor Sports Event Risk Analysis Tool | 户外体育赛事风险分析工具 is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Outdoor Sports Event Risk Analysis Tool | 户外体育赛事风险分析工具 support?

Outdoor Sports Event Risk Analysis Tool | 户外体育赛事风险分析工具 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Outdoor Sports Event Risk Analysis Tool | 户外体育赛事风险分析工具?

It is built and maintained by smyx-sunjinhui (@smyx-sunjinhui); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments