← Back to Skills Marketplace
80
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install sysu-duck
Description
中山大学校园AI陪伴鸭鸭,支持本地SQLite档案管理、多种人格设定、校园问答记忆及指令操作。
Usage Guidance
Do not run this skill blindly. Key concerns: 1) The SKILL.md references src/duck.py as the actual implementation but that file is not included in the manifest — you must review src/duck.py before executing anything. 2) SKILL.md expects DUCK_USER_ID and may contact an external DUCK_YAYAID_URL (defaulting to a cloud function). Confirm what data is sent to that URL and whether it is trustworthy. 3) The skill autonomously persists user messages to a local SQLite DB (data/duck.db); decide whether you are comfortable with that storage and review retention/format. Recommended steps before installing: request the complete source (including src/duck.py and any scripts under scripts/ and assets/), inspect network calls and what is written to the DB, consider running it in a sandbox/container, and verify or override DUCK_YAYAID_URL to a controlled endpoint (or disable remote calls). If you cannot obtain and audit the referenced src/duck.py, treat the package as untrusted.
Capability Analysis
Type: OpenClaw Skill
Name: sysu-duck
Version: 1.0.0
The 'sysu-duck' skill implements a campus AI companion that utilizes a local Python script (duck.py) to manage a SQLite database and interact with a remote cloud function (DUCK_YAYAID_URL) for ID generation. The instructions in SKILL.md direct the agent to perform web searches and store/recall data, which involves network and file system access. While these capabilities are plausibly needed for the stated purpose, the use of an external cloud endpoint for IDs and the explicit instruction to bypass platform-level environment checks (metadata.openclaw.requires) in favor of internal script handling represent risky behaviors that warrant a suspicious classification despite the lack of clear malicious intent.
Capability Assessment
Purpose & Capability
The skill claims a local SQLite-backed campus companion (personality, memory, recall, minor web search). That purpose would legitimately need local DB access and occasional outbound search/network calls. However the registry metadata lists no required environment variables while the SKILL.md documents several (DUCK_USER_ID, DUCK_DB_PATH, DUCK_YAYAID_URL, etc.), which is an inconsistency between claimed requirements and the package metadata.
Instruction Scope
SKILL.md instructs the agent to run duck.py commands that read/write a local DB (data/duck.db), perform web searches, and call a cloud '编号服务' via DUCK_YAYAID_URL. It also permits the AI to autonomously decide to 'remember' user content (persisting user-submitted text). Those are plausible for the stated feature set, but SKILL.md says the real implementation is in src/duck.py — that file is referenced at runtime but is NOT present in the provided manifest. The provided top-level duck.py loads and immediately executes src/duck.py from disk, so the runtime behavior depends on that missing file; without it you cannot verify what network calls, data exfiltration, or filesystem operations would occur.
Install Mechanism
There is no install spec (instruction-only with a small loader script). That minimizes direct install-time risk because nothing is automatically downloaded or extracted, but runtime execution still executes a Python module from the package (src/duck.py) which must be present and audited before running.
Credentials
SKILL.md requires DUCK_USER_ID and optionally DUCK_DB_PATH and DUCK_YAYAID_URL (cloud function URL) for normal operation. The registry metadata listed no required env vars, creating a mismatch. The presence of a configurable remote endpoint (DUCK_YAYAID_URL) means the skill may call an external service by default (the doc references Tencent Cloud functions). While that can be legitimate (for obtaining a '编号'), it raises proportionality/privacy questions because the skill can autonomously persist user messages to a local DB and may send requests to an external URL — you should verify what is sent and whether that external endpoint is trustworthy.
Persistence & Privilege
The skill does not request 'always: true' and uses autonomous invocation by default (platform standard). It is expected to create and update a local SQLite DB (data/duck.db) to implement memory; this is consistent with its purpose. The main risk is that the agent is allowed to autonomously decide to write user-provided content into persistent storage and to call external endpoints to refresh IDs — this is not inherently malicious but warrants review of the missing implementation to ensure stored data and outbound traffic are handled appropriately.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install sysu-duck - After installation, invoke the skill by name or use
/sysu-duck - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release
Metadata
Frequently Asked Questions
What is SYSU Duck?
中山大学校园AI陪伴鸭鸭,支持本地SQLite档案管理、多种人格设定、校园问答记忆及指令操作。 It is an AI Agent Skill for Claude Code / OpenClaw, with 80 downloads so far.
How do I install SYSU Duck?
Run "/install sysu-duck" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is SYSU Duck free?
Yes, SYSU Duck is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does SYSU Duck support?
SYSU Duck is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created SYSU Duck?
It is built and maintained by Mars YANG (@mars2003); the current version is v1.0.0.
More Skills