← Back to Skills Marketplace
Stranger Recognition Skill | 陌生人识别技能
by
smyx-skills
· GitHub ↗
· v1.0.0
· MIT-0
60
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install smyx-stranger-recognition-analysis
Description
Identifies strangers appearing in surveillance areas through facial comparison; supports video stream and image detection, suitable for stranger warnings in...
Usage Guidance
Key points to consider before installing or running this skill:
- Data exfiltration risk: The skill uploads images/videos to remote APIs (RequestUtil.http_post). Confirm the actual API endpoints (skills/smyx_common/scripts/config.yaml and ApiEnum base URLs) and the operator/owner of those endpoints before sending sensitive media or people-identifying data.
- Undeclared config/env access: Although the skill declares no required credentials, it reads environment variables and looks up API keys in skills/smyx_common/scripts/config.yaml (first in the skill, then workspace). Review that file and any workspace-level config to ensure no sensitive credentials would be used or leaked.
- Contradictory instructions: SKILL.md forbids reading local memory, yet the code will read/write config.yaml files and read environment variables. Expect these behaviors despite the prohibition in the docs.
- File I/O behavior: The skill will read local media files you point it at (expected) and will save attachments into an attachments directory. It may also create config.yaml files if missing. If you are running in a shared environment, be cautious about which directories it can access.
- Privacy & legal: Facial recognition involves personal data. Ensure you have lawful basis to process faces and that storage/retention settings meet privacy/regulatory requirements.
- Verify implementation details before use: Inspect skills/smyx_common/scripts/util.py (RequestUtil) to see where HTTP posts go and how authentication is handled. Confirm MAX_FILE_SIZE and supported formats — SKILL.md claims 100MB but code/config default is 10MB (inconsistency).
- Operational suggestion: Run the skill in a controlled environment (isolated workspace or sandbox) first, review network destinations, and avoid using real-world surveillance footage or real personal identifiers until you confirm endpoints and retention policies.
Capability Analysis
Type: OpenClaw Skill
Name: smyx-stranger-recognition-analysis
Version: 1.0.0
The skill bundle implements a complex identity and token management system that automatically registers users (using phone numbers or Open-IDs) to a remote backend (lifeemergence.com) and stores access tokens in a local SQLite database (smyx-common-claw.db). A significant security concern is found in 'skills/smyx_common/scripts/skill.py', which contains logic to execute the 'openclaw' CLI tool via subprocess.run, providing a mechanism for the script to trigger arbitrary agent actions. Furthermore, 'SKILL.md' includes 'Mandatory Memory Rules' that override standard AI behavior to strictly prohibit the use of local memory or LanceDB, forcing the agent to rely exclusively on the external API for historical data, which could be used to bypass local session logs or safety constraints.
Capability Tags
Capability Assessment
Purpose & Capability
The skill's purpose (facial stranger recognition) matches the included code that sends media to a remote analysis API. However there are mismatches: SKILL.md declares no required env vars/credentials yet the code reads environment variables (OPENCLAW_SENDER_OPEN_ID, FEISHU_OPEN_ID) and expects api-key/configs in skills/smyx_common/scripts/config.yaml. The repository also contains unrelated docs and endpoints (pet health, TCM face analysis), indicating copy-paste reuse rather than a minimal, purpose-specific implementation.
Instruction Scope
Runtime instructions require obtaining an open-id by reading configuration files in the skill and workspace (skills/smyx_common/scripts/config.yaml) and mandate that historical reports be fetched from cloud APIs. The code will read local files (media inputs) and potentially any config files under the indicated paths. SKILL.md explicitly forbids reading local memory files, but the codebase will read/create config.yaml files and environment variables — a direct contradiction between instructions and actual code behavior.
Install Mechanism
There is no install spec (instruction-only from the platform perspective) but the bundle includes many Python modules and a large requirements.txt under skills/smyx_common. That means installing/using the skill likely requires installing many dependencies manually; absence of an install step is a deployment/usability concern but not an immediate delivery-risk indicator by itself.
Credentials
The metadata declares no required environment variables or primary credential, yet the code reads environment variables (OPENCLAW_SENDER_OPEN_ID, OPENCLAW_SENDER_USERNAME, FEISHU_OPEN_ID) and loads API keys from YAML config files. The skill will access workspace-level config (potentially exposing other skills' API settings). Asking the user for open-id (username/phone) is reasonable for multi-tenant APIs, but the path-based config lookup and implicit env usage are not declared and broaden the data the skill can access.
Persistence & Privilege
The skill does not set always:true and is user-invocable only. However BaseEnum.YamlUtil.load will create config.yaml files if they don't exist and the skill saves uploaded attachments into its attachments directory — both are persistent filesystem actions. This behavior is not plainly documented as a side-effect and could create or modify files in skill directories.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install smyx-stranger-recognition-analysis - After installation, invoke the skill by name or use
/smyx-stranger-recognition-analysis - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
stranger-recognition-analysis 1.0.0
- Initial release of the Stranger Recognition Skill for surveillance scenarios.
- Supports high-precision face detection, comparison, and stranger identification from both video streams and images.
- Provides automatic warnings and structured alert reports upon detection of unknown individuals.
- Includes strict open-id validation workflow for API security; user interaction required if not preset.
- Querying of historical reports strictly fetches data from the cloud API, prohibiting use of local memory or fallback.
- Markdown table output for report listings with direct report links.
- Suitable for access control, community, and enterprise security applications.
Metadata
Frequently Asked Questions
What is Stranger Recognition Skill | 陌生人识别技能?
Identifies strangers appearing in surveillance areas through facial comparison; supports video stream and image detection, suitable for stranger warnings in... It is an AI Agent Skill for Claude Code / OpenClaw, with 60 downloads so far.
How do I install Stranger Recognition Skill | 陌生人识别技能?
Run "/install smyx-stranger-recognition-analysis" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Stranger Recognition Skill | 陌生人识别技能 free?
Yes, Stranger Recognition Skill | 陌生人识别技能 is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Stranger Recognition Skill | 陌生人识别技能 support?
Stranger Recognition Skill | 陌生人识别技能 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Stranger Recognition Skill | 陌生人识别技能?
It is built and maintained by smyx-skills (@18072937735); the current version is v1.0.0.
More Skills