← 返回 Skills 市场
Fraud Call Identification Analysis Tool | 诈骗电话识别分析工具
作者
smyx-sunjinhui
· GitHub ↗
· v1.0.0
· MIT-0
73
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install smyx-fraud-call-identification-analysis
功能描述
Analyzes incoming call content for multi-dimensional risk, intelligently identifies scam scripts, determines if a call is fraudulent, assesses risk levels, a...
安全使用建议
Before installing or running this skill:
- Expect the skill to send audio/text you provide to external API endpoints defined in skills/smyx_common config (e.g., open.lifeemergence.com). Only upload recordings you are allowed to send to third parties.
- The SKILL.md forbids reading local memory, but the code can and will create/read YAML config files and may create a local SQLite DB under a workspace/data directory (Dao.get_db_path uses OPENCLAW_WORKSPACE or cwd). If you need guarantees that nothing is persisted, do not run this without auditing/altering the code.
- The repository includes a large dependency list in skills/smyx_common/requirements.txt that is not declared in SKILL.md; if you attempt to run the scripts, ensure you install required packages in an isolated environment.
- Inspect the RequestUtil and util.py code (skills/smyx_common/scripts/util.py and any RequestUtil.http_post implementation) to confirm which hosts and headers are used and whether any secrets are automatically read/sent. The risk is mainly that recordings and identifiers could be exfiltrated to external services.
- If you want to proceed: run the skill in a sandboxed environment, set OPENCLAW_WORKSPACE to an isolated path you control, and review/clean the config YAML files to ensure only trusted API endpoints and API keys are present.
- If you can share the contents of skills/smyx_common/scripts/util.py (RequestUtil) and the top of skills/smyx_common/scripts/config.yaml (runtime values), I can give a higher-confidence assessment and point out any suspicious network targets or headers to watch for.
功能分析
Type: OpenClaw Skill
Name: smyx-fraud-call-identification-analysis
Version: 1.0.0
The skill bundle contains high-risk capabilities and complex infrastructure that exceed the stated purpose of fraud analysis. Key indicators include the collection of PII (phone numbers/usernames) and authentication tokens, which are managed via a local SQLite database (`dao.py`) and transmitted to remote endpoints (e.g., lifeemergence.com). The `SKILL.md` utilizes aggressive 'Mandatory Memory Rules' to override the agent's default behavior, specifically prohibiting access to local logs/memory. Furthermore, the `smyx_common` utility includes an `AgentSkill` class capable of programmatically executing the `openclaw` CLI, which could be leveraged for unauthorized task chaining or lateral movement within the agent's environment.
能力标签
能力评估
Purpose & Capability
The code implements a remote-analysis flow (HTTP API calls, uploading audio/text) consistent with the skill description. However the repository also includes large, generic 'smyx_common' utilities and a separate face-analysis skill, plus a big requirements list — broader than the single 'requests' dependency called out in SKILL.md. Having these extra modules is explainable (shared libraries) but disproportionate to the minimal description and the SKILL.md dependency list.
Instruction Scope
SKILL.md imposes a strict rule: 'absolutely forbid reading any local memory files / not use LanceDB / always fetch history from cloud API.' The code, however, reads/writes local YAML config files (skills/smyx_common/scripts/config.yaml via BaseEnum.YamlUtil.load which will create files if missing) and there is a local SQLite DAO that will create a DB under a workspace data directory (Dao.get_db_path uses OPENCLAW_WORKSPACE or derivation of cwd). Also SKILL.md claims uploaded attachments will be 'automatically saved to the skill directory attachments' but the shown fraud_call_identification.py CLI implementation does not implement an automatic attachments-save flow. These contradictions mean the instructions do not fully match actual file I/O behavior.
Install Mechanism
No install spec is provided (instruction-only), which limits automatic installation risk. However the included skills/smyx_common/requirements.txt and other requirements (SQLAlchemy, many networking libs, etc.) are extensive and not reflected in SKILL.md. That mismatch is operationally important (the code may fail or behave unexpectedly if dependencies are missing) but not an immediate install-time code-execution risk since nothing auto-downloads or executes on install.
Credentials
SKILL.md declares no required env vars, but the code reads environment variables (e.g., OPENCLAW_SENDER_OPEN_ID, OPENCLAW_WORKSPACE) and will look for api-key fields in local YAML config files (skills/smyx_common/scripts/config.yaml or workspace-level config). The skill demands an 'open-id' value (CLI flag) before operations, which is reasonable, but there is no clear, declared credential requirement for the remote API (api-key is optional in CLI), while the common config contains production API base URLs. The code will send uploaded audio/text and (if configured) identifiers to external APIs — this is proportionate to the purpose but the lack of explicit declared required credentials and the presence of writable local DB/config is a concern.
Persistence & Privilege
The skill is not 'always:true', but it does create/read configuration files and (via smyx_common dao) can create a local SQLite DB under a workspace 'data' directory. BaseEnum.YamlUtil.load will create config files if missing. The SKILL.md forbids using local memory, yet code can and will persist config/DB data on disk. This mismatch increases persistence and data-at-rest concerns (sensitive inputs could be stored locally).
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install smyx-fraud-call-identification-analysis - 安装完成后,直接呼叫该 Skill 的名称或使用
/smyx-fraud-call-identification-analysis触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Fraud Call Identification Analysis Tool — Initial Release
- Provides real-time, multi-dimensional risk analysis of incoming call content to identify fraud and assess risk level.
- Supports analysis of audio files, audio URLs, or call transcripts, with automatic report generation.
- Enforces strict rules for open-id acquisition and mandates cloud-based report queries (local memory strictly forbidden).
- Includes clear instructions for use, open-id handling, and output formatting for both report and report list views (with Markdown table examples).
- Multi-language description and detailed process control for secure and compliant fraud call analysis workflows.
元数据
常见问题
Fraud Call Identification Analysis Tool | 诈骗电话识别分析工具 是什么?
Analyzes incoming call content for multi-dimensional risk, intelligently identifies scam scripts, determines if a call is fraudulent, assesses risk levels, a... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 73 次。
如何安装 Fraud Call Identification Analysis Tool | 诈骗电话识别分析工具?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install smyx-fraud-call-identification-analysis」即可一键安装,无需额外配置。
Fraud Call Identification Analysis Tool | 诈骗电话识别分析工具 是免费的吗?
是的,Fraud Call Identification Analysis Tool | 诈骗电话识别分析工具 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Fraud Call Identification Analysis Tool | 诈骗电话识别分析工具 支持哪些平台?
Fraud Call Identification Analysis Tool | 诈骗电话识别分析工具 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Fraud Call Identification Analysis Tool | 诈骗电话识别分析工具?
由 smyx-sunjinhui(@smyx-sunjinhui)开发并维护,当前版本 v1.0.0。
推荐 Skills