← 返回 Skills 市场
Child Hazardous Behavior Recognition Tool | 儿童危险行为识别分析工具
作者
smyx-skills
· GitHub ↗
· v1.0.0
· MIT-0
73
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install smyx-child-dangerous-behavior-recognition-analysis
功能描述
Detects climbing, playing with fire, touching power sources, and dangerous actions near windows, providing real-time alerts. It is suitable for child safety...
安全使用建议
This skill is not obviously malicious but has several red flags you should consider before enabling it:
- Code reuse and scope creep: The package contains unrelated modules (face_analysis, pet-health docs) and a large shared library (skills/smyx_common). That may be benign reuse but increases the amount of code executed and any surprises.
- File I/O and persistence: The skill will read/write config files and create a local SQLite DB under the workspace/data path and will save uploaded attachments to the skill directory. If you need to avoid local persistence, do not install or run it.
- Network endpoints and API keys: The skill calls remote APIs (base URLs in skills/smyx_common/scripts/config.yaml point to lifeemergence domains). It will ask for an open-id (and optionally an API key). Do not provide real user identifiers, credentials, or sensitive data until you verify the backend endpoints and privacy policy.
- Environment leakage: The code implicitly reads environment variables (OPENCLAW_SENDER_OPEN_ID, OPENCLAW_SENDER_USERNAME, FEISHU_OPEN_ID, OPENCLAW_WORKSPACE). If those exist in your environment they may be used automatically.
- Minimal test recommendations: run the tool in an isolated sandbox workspace, with network egress blocked or pointed to a mock endpoint, and with empty/controlled OPENCLAW_WORKSPACE. Inspect (or prevent) the created config.yaml and sqlite DB. Review the actual API host addresses and confirm they are trusted before supplying real open-id or API keys.
If you proceed, audit the code paths that perform HTTP requests (skills/smyx_common/scripts/api_service.py and scripts/api_service.py), decide where uploaded videos and generated reports will be stored, and confirm the remote service's data retention and privacy practices.
功能分析
Type: OpenClaw Skill
Name: smyx-child-dangerous-behavior-recognition-analysis
Version: 1.0.0
The skill bundle implements a child safety monitoring system that analyzes video streams for hazardous behaviors via a remote API (lifeemergence.com). It utilizes a shared library (smyx_common) for managing authentication, local token storage in a SQLite database (smyx-common-claw.db), and cloud-based history retrieval. While SKILL.md contains high-priority instructions for the AI agent to ignore local memory files in favor of cloud data, and the code includes capabilities to recursively call the OpenClaw agent via subprocess (AgentSkill.ai_chat), these features appear to be legitimate architectural choices for maintaining data consistency and processing complex queries within the developer's ecosystem rather than indicators of malicious intent.
能力评估
Purpose & Capability
The declared purpose is child hazardous behavior recognition and the scripts implement a wrapper that calls a remote analysis API, which is coherent. However the repository includes unrelated artifacts (face_analysis and pet-health references, README about TCM face diagnosis, references/api_doc.md about pet health) suggesting code reuse or copy-paste from other domains. That mismatch increases risk because the skill will pull in a general-purpose common library (skills/smyx_common) and may call generic AI endpoints rather than a narrowly scoped child-safety API.
Instruction Scope
SKILL.md forbids reading local memory files, but the runtime instructions and code explicitly require reading configuration files (skills/smyx_common/scripts/config.yaml in-skill and in-workspace) to obtain open-id and may auto-save uploaded attachments under the skill directory. The skill instructs running python -m scripts.child_dangerous_behavior_recognition_analysis from the skill root which will execute the included codebase (not a minimal single-script). The code also includes a local DAO and SQLite usage (skills/smyx_common/scripts/dao.py) and utilities that may access workspace paths. This conflicts with the 'absolute prohibition' on local memory access and widens scope to file I/O and local persistence.
Install Mechanism
There is no install spec (instruction-only), so nothing will be automatically downloaded at install time. However the bundle contains a large requirements list (skills/smyx_common/requirements.txt and face_analysis requirements) and many Python modules; the SKILL.md mentions requests>=2.28.0. Because no installer is declared, users/operators must manually satisfy dependencies — the lack of an install step is inconsistent with the embedded requirements but not itself malicious.
Credentials
The skill declares no required environment variables but the code reads several environment values implicitly: OPENCLAW_SENDER_OPEN_ID, OPENCLAW_SENDER_USERNAME, FEISHU_OPEN_ID and OPENCLAW_WORKSPACE are referenced in skills/smyx_common/scripts/config.py and dao.py. The SKILL.md enforces retrieving an 'open-id' via local config files or from the user message; it also encourages passing optional api-key/api-url. Requesting/pulling these values at runtime (and creating config files if missing) is broader than the declared 'none' and may access workspace-wide config and create files/databases under workspace/data.
Persistence & Privilege
Although always:false, the skill will create/read files and a local SQLite DB: YamlUtil.load will create config.yaml if missing (skills/smyx_common/scripts/config.yaml), and Dao.get_db_path builds a workspace data path and creates a sqlite DB (smyx-common-claw.db) under workspace/data. SKILL.md also says uploaded attachments will be saved to an attachments directory under the skill. These behaviors persist data on disk and modify config/DB files in the workspace, which is more privilege than the description implies.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install smyx-child-dangerous-behavior-recognition-analysis - 安装完成后,直接呼叫该 Skill 的名称或使用
/smyx-child-dangerous-behavior-recognition-analysis触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: AI-powered tool for real-time child dangerous behavior recognition and alerting.
- Detects climbing, playing with fire, touching power sources, and dangerous actions near windows from video streams.
- Provides instant alerts and generates structured safety reports for homes, kindergartens, and nurseries.
- Strict open-id acquisition and data access controls enforced for security and privacy.
- All report queries fetch data from the cloud API; local memory access is strictly prohibited.
- Outputs historical safety reports in clear Markdown tables with direct report links.
元数据
常见问题
Child Hazardous Behavior Recognition Tool | 儿童危险行为识别分析工具 是什么?
Detects climbing, playing with fire, touching power sources, and dangerous actions near windows, providing real-time alerts. It is suitable for child safety... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 73 次。
如何安装 Child Hazardous Behavior Recognition Tool | 儿童危险行为识别分析工具?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install smyx-child-dangerous-behavior-recognition-analysis」即可一键安装,无需额外配置。
Child Hazardous Behavior Recognition Tool | 儿童危险行为识别分析工具 是免费的吗?
是的,Child Hazardous Behavior Recognition Tool | 儿童危险行为识别分析工具 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Child Hazardous Behavior Recognition Tool | 儿童危险行为识别分析工具 支持哪些平台?
Child Hazardous Behavior Recognition Tool | 儿童危险行为识别分析工具 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Child Hazardous Behavior Recognition Tool | 儿童危险行为识别分析工具?
由 smyx-skills(@18072937735)开发并维护,当前版本 v1.0.0。
推荐 Skills