← Back to Skills Marketplace
Basic Object Detection Skill | 基础目标检测技能
by
smyx-skills
· GitHub ↗
· v1.0.0
· MIT-0
66
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install smyx-basic-object-detection-analysis
Description
Detects people, vehicles, non-motorized vehicles, pets, and parcels appearing in the target area. Supports video stream and image detection, suitable for gen...
Usage Guidance
Things to check before installing or running this skill:
- Audit RequestUtil (skills/smyx_common/scripts/util.py) and any http_post/http_get functions to see what headers and env/config values they include in requests (do they send API keys, tokens, or other environment data?). This is the most important review step.
- Confirm you are comfortable with the skill creating/editing files in the workspace: it may auto-create config.yaml files and a SQLite DB under ${OPENCLAW_WORKSPACE}/data. If you run the skill in a shared workspace, it could persist data accessible to other code.
- The SKILL.md forbids reading local 'memory' files, but the codebase reads local config and can write persistent DB/config files — verify whether historical-report access truly uses only cloud APIs as the doc requires.
- Review and, if possible, restrict the API base URLs in skills/smyx_common/scripts/config.yaml (they default to lifeemergence/open-api URLs and dev/internal IPs are present in other configs). Ensure the endpoints are ones you trust and that you control the API key you pass to the script.
- If you only want object detection and not the larger feature set, consider extracting/running only scripts/basic_object_detection_analysis.py after inspecting RequestUtil and config behavior.
- Run the skill first in an isolated sandbox environment (no sensitive environment variables present, isolated workspace) and monitor network traffic to validate which endpoints are contacted and what data is transmitted (media files, metadata, any environment-derived tokens).
Why I marked this 'suspicious': there are legitimate uses here, but the codebase and runtime rules do not fully align with the SKILL.md claims (forbidding local memory yet reading/writing local configs/DBs; un-declared environment variables are accessed; a large reused common library and unrelated modules are bundled). These inconsistencies merit manual inspection before trusting the skill with sensitive media or credentials.
Capability Analysis
Type: OpenClaw Skill
Name: smyx-basic-object-detection-analysis
Version: 1.0.0
The skill bundle contains high-risk operational logic and prompt instructions that override standard agent behavior. Specifically, SKILL.md includes 'Mandatory Memory Rules' that use prompt injection techniques to force the agent to ignore local memory files and LanceDB, potentially to hide activity or force reliance on external APIs. The common library (skills/smyx_common/scripts/skill.py) utilizes subprocess to recursively execute the 'openclaw' agent CLI, which is a significant security risk. Additionally, the scripts implement an automated 'silent login' and registration system (util.py) that manages user tokens in a local SQLite database (dao.py) and communicates with external endpoints (lifeemergence.com).
Capability Assessment
Purpose & Capability
The skill's name/description (basic object detection) matches the main scripts (scripts/basic_object_detection_analysis.py) which call remote analysis APIs and upload media. However the bundle also contains unrelated/adjacent features (face_analysis, pet-health references, a large 'smyx_common' library) which expands the code footprint beyond a minimal object-detection helper. That extra code may be legitimate reuse but is larger than the stated purpose.
Instruction Scope
SKILL.md imposes strict run-time rules (forbid reading local memory files / LanceDB, require cloud-only historical-report lookups) but the included codebase contains modules that read/write local config (BaseEnum/YamlUtil will create config.yaml if missing), a local SQLite DAO, and file I/O for validating/reading input media. The instructions require reading config files inside the skill/workspace to obtain open-id, which contradicts the rule that no local memory be used. The script will also read environment variables (e.g. OPENCLAW_SENDER_OPEN_ID, OPENCLAW_WORKSPACE, FEISHU_OPEN_ID) even though these are not declared in the metadata.
Install Mechanism
No install spec is provided (no network download/install step), which lowers installer risk. However the package includes large requirements files (skills/smyx_common/requirements.txt) listing many third-party libraries; if you install these dependencies they broaden attack surface. No external binary downloads or obfuscated installers were seen in the manifest.
Credentials
Registry metadata lists no required env vars, but code reads multiple environment variables (OPENCLAW_SENDER_OPEN_ID, OPENCLAW_SENDER_USERNAME, FEISHU_OPEN_ID, OPENCLAW_WORKSPACE) and will write files under a workspace/data path. The skill optionally accepts an API key and will POST media to configured API endpoints. RequestUtil/http_post behavior is central but its implementation was not included in the provided excerpts — that function determines what headers/credentials are sent. Asking for or auto-loading open-id from local configs and environment is reasonable for multi-tenant APIs, but the mismatch between declared and actually accessed env/config sources is disproportionate and worth auditing.
Persistence & Privilege
Skill is not 'always' enabled and does not request elevated platform privileges. However the code can create and modify config.yaml files (BaseEnum/YamlUtil auto-creates config files if missing) and will create a SQLite DB under the workspace/data path via the DAO. That means the skill can persist data into the shared workspace and may interact with other skill data if they share the same workspace. Combined with network calls that upload files/results, this persistence increases the blast radius and contradicts the SKILL.md 'do not use local memory' rule.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install smyx-basic-object-detection-analysis - After installation, invoke the skill by name or use
/smyx-basic-object-detection-analysis - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of the Basic Object Detection Analysis skill.
- Supports real-time detection of people, vehicles, non-motorized vehicles, pets, and parcels in images and videos.
- Designed for general security surveillance scenarios, including communities, industrial parks, and warehouses.
- Enforces strict rules for open-id acquisition and historical report retrieval from the cloud, never from local memory.
- Provides structured detection reports with object counts and locations; supports automatic trigger of historical report queries based on keywords.
- Output of historical reports in Markdown table format with direct report links.
Metadata
Frequently Asked Questions
What is Basic Object Detection Skill | 基础目标检测技能?
Detects people, vehicles, non-motorized vehicles, pets, and parcels appearing in the target area. Supports video stream and image detection, suitable for gen... It is an AI Agent Skill for Claude Code / OpenClaw, with 66 downloads so far.
How do I install Basic Object Detection Skill | 基础目标检测技能?
Run "/install smyx-basic-object-detection-analysis" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Basic Object Detection Skill | 基础目标检测技能 free?
Yes, Basic Object Detection Skill | 基础目标检测技能 is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Basic Object Detection Skill | 基础目标检测技能 support?
Basic Object Detection Skill | 基础目标检测技能 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Basic Object Detection Skill | 基础目标检测技能?
It is built and maintained by smyx-skills (@18072937735); the current version is v1.0.0.
More Skills