← 返回 Skills 市场
Basic Object Detection Skill | 基础目标检测技能
作者
smyx-skills
· GitHub ↗
· v1.0.0
· MIT-0
66
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install smyx-basic-object-detection-analysis
功能描述
Detects people, vehicles, non-motorized vehicles, pets, and parcels appearing in the target area. Supports video stream and image detection, suitable for gen...
安全使用建议
Things to check before installing or running this skill:
- Audit RequestUtil (skills/smyx_common/scripts/util.py) and any http_post/http_get functions to see what headers and env/config values they include in requests (do they send API keys, tokens, or other environment data?). This is the most important review step.
- Confirm you are comfortable with the skill creating/editing files in the workspace: it may auto-create config.yaml files and a SQLite DB under ${OPENCLAW_WORKSPACE}/data. If you run the skill in a shared workspace, it could persist data accessible to other code.
- The SKILL.md forbids reading local 'memory' files, but the codebase reads local config and can write persistent DB/config files — verify whether historical-report access truly uses only cloud APIs as the doc requires.
- Review and, if possible, restrict the API base URLs in skills/smyx_common/scripts/config.yaml (they default to lifeemergence/open-api URLs and dev/internal IPs are present in other configs). Ensure the endpoints are ones you trust and that you control the API key you pass to the script.
- If you only want object detection and not the larger feature set, consider extracting/running only scripts/basic_object_detection_analysis.py after inspecting RequestUtil and config behavior.
- Run the skill first in an isolated sandbox environment (no sensitive environment variables present, isolated workspace) and monitor network traffic to validate which endpoints are contacted and what data is transmitted (media files, metadata, any environment-derived tokens).
Why I marked this 'suspicious': there are legitimate uses here, but the codebase and runtime rules do not fully align with the SKILL.md claims (forbidding local memory yet reading/writing local configs/DBs; un-declared environment variables are accessed; a large reused common library and unrelated modules are bundled). These inconsistencies merit manual inspection before trusting the skill with sensitive media or credentials.
功能分析
Type: OpenClaw Skill
Name: smyx-basic-object-detection-analysis
Version: 1.0.0
The skill bundle contains high-risk operational logic and prompt instructions that override standard agent behavior. Specifically, SKILL.md includes 'Mandatory Memory Rules' that use prompt injection techniques to force the agent to ignore local memory files and LanceDB, potentially to hide activity or force reliance on external APIs. The common library (skills/smyx_common/scripts/skill.py) utilizes subprocess to recursively execute the 'openclaw' agent CLI, which is a significant security risk. Additionally, the scripts implement an automated 'silent login' and registration system (util.py) that manages user tokens in a local SQLite database (dao.py) and communicates with external endpoints (lifeemergence.com).
能力评估
Purpose & Capability
The skill's name/description (basic object detection) matches the main scripts (scripts/basic_object_detection_analysis.py) which call remote analysis APIs and upload media. However the bundle also contains unrelated/adjacent features (face_analysis, pet-health references, a large 'smyx_common' library) which expands the code footprint beyond a minimal object-detection helper. That extra code may be legitimate reuse but is larger than the stated purpose.
Instruction Scope
SKILL.md imposes strict run-time rules (forbid reading local memory files / LanceDB, require cloud-only historical-report lookups) but the included codebase contains modules that read/write local config (BaseEnum/YamlUtil will create config.yaml if missing), a local SQLite DAO, and file I/O for validating/reading input media. The instructions require reading config files inside the skill/workspace to obtain open-id, which contradicts the rule that no local memory be used. The script will also read environment variables (e.g. OPENCLAW_SENDER_OPEN_ID, OPENCLAW_WORKSPACE, FEISHU_OPEN_ID) even though these are not declared in the metadata.
Install Mechanism
No install spec is provided (no network download/install step), which lowers installer risk. However the package includes large requirements files (skills/smyx_common/requirements.txt) listing many third-party libraries; if you install these dependencies they broaden attack surface. No external binary downloads or obfuscated installers were seen in the manifest.
Credentials
Registry metadata lists no required env vars, but code reads multiple environment variables (OPENCLAW_SENDER_OPEN_ID, OPENCLAW_SENDER_USERNAME, FEISHU_OPEN_ID, OPENCLAW_WORKSPACE) and will write files under a workspace/data path. The skill optionally accepts an API key and will POST media to configured API endpoints. RequestUtil/http_post behavior is central but its implementation was not included in the provided excerpts — that function determines what headers/credentials are sent. Asking for or auto-loading open-id from local configs and environment is reasonable for multi-tenant APIs, but the mismatch between declared and actually accessed env/config sources is disproportionate and worth auditing.
Persistence & Privilege
Skill is not 'always' enabled and does not request elevated platform privileges. However the code can create and modify config.yaml files (BaseEnum/YamlUtil auto-creates config files if missing) and will create a SQLite DB under the workspace/data path via the DAO. That means the skill can persist data into the shared workspace and may interact with other skill data if they share the same workspace. Combined with network calls that upload files/results, this persistence increases the blast radius and contradicts the SKILL.md 'do not use local memory' rule.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install smyx-basic-object-detection-analysis - 安装完成后,直接呼叫该 Skill 的名称或使用
/smyx-basic-object-detection-analysis触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of the Basic Object Detection Analysis skill.
- Supports real-time detection of people, vehicles, non-motorized vehicles, pets, and parcels in images and videos.
- Designed for general security surveillance scenarios, including communities, industrial parks, and warehouses.
- Enforces strict rules for open-id acquisition and historical report retrieval from the cloud, never from local memory.
- Provides structured detection reports with object counts and locations; supports automatic trigger of historical report queries based on keywords.
- Output of historical reports in Markdown table format with direct report links.
元数据
常见问题
Basic Object Detection Skill | 基础目标检测技能 是什么?
Detects people, vehicles, non-motorized vehicles, pets, and parcels appearing in the target area. Supports video stream and image detection, suitable for gen... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 66 次。
如何安装 Basic Object Detection Skill | 基础目标检测技能?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install smyx-basic-object-detection-analysis」即可一键安装,无需额外配置。
Basic Object Detection Skill | 基础目标检测技能 是免费的吗?
是的,Basic Object Detection Skill | 基础目标检测技能 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Basic Object Detection Skill | 基础目标检测技能 支持哪些平台?
Basic Object Detection Skill | 基础目标检测技能 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Basic Object Detection Skill | 基础目标检测技能?
由 smyx-skills(@18072937735)开发并维护,当前版本 v1.0.0。
推荐 Skills