Passive Vital Signs Monitoring Tool | 无感生命体征监测分析工具

Non-contact detection of heart rate, respiration, blood oxygen, and heart rate variability. No wearable devices are required; monitoring is achieved solely t...

Key points before installing or enabling this skill: - It contacts external APIs (configured via skills/smyx_common config) and will upload/process face videos — these are highly sensitive personal data (face + health metrics). Only use if you trust the remote service/domain (config yaml points to lifeemergence/open.lifeemergence URLs in this package). - The skill will read workspace-local config files and environment variables to obtain open-id / API keys, but the registry metadata does not declare those required credentials. Inspect skills/smyx_common/scripts/config.yaml and any workspace config before use to see where keys or endpoints are set. - Uploaded videos are saved to the skill's attachments directory and an SQLite DB under workspace/data may be created; if you want no local persistence, run the skill in an isolated/sandboxed workspace or ephemeral container. - The repository includes broad shared libraries and many dependencies. If you plan to run the included Python code, review the code (RequestUtil, dao, and api_service) and the endpoints they call; consider running in a controlled environment and restrict network access until you confirm behavior. - If you only want the concept (advice about how to use a camera for vital signs) and not the remote service, avoid handing over videos or workspace credentials. If you proceed, ask the skill author which endpoints will receive raw video and whether data is stored/retained server-side, and prefer explicit API keys that you control. If you want, I can (a) list the exact files that read/write configs or the DB, (b) extract the external base URLs found in the config YAMLs, or (c) suggest a minimal, safer runtime checklist for sandboxing this skill.

Type: OpenClaw Skill Name: smyx-contactless-vital-signs-monitoring-analysis Version: 1.0.0 The skill bundle exhibits high-risk behaviors including the use of 'Mandatory Memory Rules' in SKILL.md to override the AI agent's default memory access logic, forcing it to use specific cloud APIs. The code in smyx_common/scripts/skill.py includes an ai_chat method that executes the 'openclaw' CLI via subprocess.run, granting the skill significant control over the host environment. Additionally, RequestUtil in util.py implements an automated authentication flow that sends user identifiers to remote endpoints (lifeemergence.com) and manages sensitive tokens in a local SQLite database (smyx-common-claw.db).