← Back to Skills Marketplace
Fraud Call Identification Analysis Tool | 诈骗电话识别分析工具
by
smyx-sunjinhui
· GitHub ↗
· v1.0.0
· MIT-0
73
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install smyx-fraud-call-identification-analysis
Description
Analyzes incoming call content for multi-dimensional risk, intelligently identifies scam scripts, determines if a call is fraudulent, assesses risk levels, a...
Usage Guidance
Before installing or running this skill:
- Expect the skill to send audio/text you provide to external API endpoints defined in skills/smyx_common config (e.g., open.lifeemergence.com). Only upload recordings you are allowed to send to third parties.
- The SKILL.md forbids reading local memory, but the code can and will create/read YAML config files and may create a local SQLite DB under a workspace/data directory (Dao.get_db_path uses OPENCLAW_WORKSPACE or cwd). If you need guarantees that nothing is persisted, do not run this without auditing/altering the code.
- The repository includes a large dependency list in skills/smyx_common/requirements.txt that is not declared in SKILL.md; if you attempt to run the scripts, ensure you install required packages in an isolated environment.
- Inspect the RequestUtil and util.py code (skills/smyx_common/scripts/util.py and any RequestUtil.http_post implementation) to confirm which hosts and headers are used and whether any secrets are automatically read/sent. The risk is mainly that recordings and identifiers could be exfiltrated to external services.
- If you want to proceed: run the skill in a sandboxed environment, set OPENCLAW_WORKSPACE to an isolated path you control, and review/clean the config YAML files to ensure only trusted API endpoints and API keys are present.
- If you can share the contents of skills/smyx_common/scripts/util.py (RequestUtil) and the top of skills/smyx_common/scripts/config.yaml (runtime values), I can give a higher-confidence assessment and point out any suspicious network targets or headers to watch for.
Capability Analysis
Type: OpenClaw Skill
Name: smyx-fraud-call-identification-analysis
Version: 1.0.0
The skill bundle contains high-risk capabilities and complex infrastructure that exceed the stated purpose of fraud analysis. Key indicators include the collection of PII (phone numbers/usernames) and authentication tokens, which are managed via a local SQLite database (`dao.py`) and transmitted to remote endpoints (e.g., lifeemergence.com). The `SKILL.md` utilizes aggressive 'Mandatory Memory Rules' to override the agent's default behavior, specifically prohibiting access to local logs/memory. Furthermore, the `smyx_common` utility includes an `AgentSkill` class capable of programmatically executing the `openclaw` CLI, which could be leveraged for unauthorized task chaining or lateral movement within the agent's environment.
Capability Tags
Capability Assessment
Purpose & Capability
The code implements a remote-analysis flow (HTTP API calls, uploading audio/text) consistent with the skill description. However the repository also includes large, generic 'smyx_common' utilities and a separate face-analysis skill, plus a big requirements list — broader than the single 'requests' dependency called out in SKILL.md. Having these extra modules is explainable (shared libraries) but disproportionate to the minimal description and the SKILL.md dependency list.
Instruction Scope
SKILL.md imposes a strict rule: 'absolutely forbid reading any local memory files / not use LanceDB / always fetch history from cloud API.' The code, however, reads/writes local YAML config files (skills/smyx_common/scripts/config.yaml via BaseEnum.YamlUtil.load which will create files if missing) and there is a local SQLite DAO that will create a DB under a workspace data directory (Dao.get_db_path uses OPENCLAW_WORKSPACE or derivation of cwd). Also SKILL.md claims uploaded attachments will be 'automatically saved to the skill directory attachments' but the shown fraud_call_identification.py CLI implementation does not implement an automatic attachments-save flow. These contradictions mean the instructions do not fully match actual file I/O behavior.
Install Mechanism
No install spec is provided (instruction-only), which limits automatic installation risk. However the included skills/smyx_common/requirements.txt and other requirements (SQLAlchemy, many networking libs, etc.) are extensive and not reflected in SKILL.md. That mismatch is operationally important (the code may fail or behave unexpectedly if dependencies are missing) but not an immediate install-time code-execution risk since nothing auto-downloads or executes on install.
Credentials
SKILL.md declares no required env vars, but the code reads environment variables (e.g., OPENCLAW_SENDER_OPEN_ID, OPENCLAW_WORKSPACE) and will look for api-key fields in local YAML config files (skills/smyx_common/scripts/config.yaml or workspace-level config). The skill demands an 'open-id' value (CLI flag) before operations, which is reasonable, but there is no clear, declared credential requirement for the remote API (api-key is optional in CLI), while the common config contains production API base URLs. The code will send uploaded audio/text and (if configured) identifiers to external APIs — this is proportionate to the purpose but the lack of explicit declared required credentials and the presence of writable local DB/config is a concern.
Persistence & Privilege
The skill is not 'always:true', but it does create/read configuration files and (via smyx_common dao) can create a local SQLite DB under a workspace 'data' directory. BaseEnum.YamlUtil.load will create config files if missing. The SKILL.md forbids using local memory, yet code can and will persist config/DB data on disk. This mismatch increases persistence and data-at-rest concerns (sensitive inputs could be stored locally).
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install smyx-fraud-call-identification-analysis - After installation, invoke the skill by name or use
/smyx-fraud-call-identification-analysis - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Fraud Call Identification Analysis Tool — Initial Release
- Provides real-time, multi-dimensional risk analysis of incoming call content to identify fraud and assess risk level.
- Supports analysis of audio files, audio URLs, or call transcripts, with automatic report generation.
- Enforces strict rules for open-id acquisition and mandates cloud-based report queries (local memory strictly forbidden).
- Includes clear instructions for use, open-id handling, and output formatting for both report and report list views (with Markdown table examples).
- Multi-language description and detailed process control for secure and compliant fraud call analysis workflows.
Metadata
Frequently Asked Questions
What is Fraud Call Identification Analysis Tool | 诈骗电话识别分析工具?
Analyzes incoming call content for multi-dimensional risk, intelligently identifies scam scripts, determines if a call is fraudulent, assesses risk levels, a... It is an AI Agent Skill for Claude Code / OpenClaw, with 73 downloads so far.
How do I install Fraud Call Identification Analysis Tool | 诈骗电话识别分析工具?
Run "/install smyx-fraud-call-identification-analysis" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Fraud Call Identification Analysis Tool | 诈骗电话识别分析工具 free?
Yes, Fraud Call Identification Analysis Tool | 诈骗电话识别分析工具 is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Fraud Call Identification Analysis Tool | 诈骗电话识别分析工具 support?
Fraud Call Identification Analysis Tool | 诈骗电话识别分析工具 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Fraud Call Identification Analysis Tool | 诈骗电话识别分析工具?
It is built and maintained by smyx-sunjinhui (@smyx-sunjinhui); the current version is v1.0.0.
More Skills