← 返回 Skills 市场
Regional Humanoid Detection Skill | 区域人形检测技能
作者
smyx-sunjinhui
· GitHub ↗
· v1.0.0
· MIT-0
76
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install smyx-human-detection-analysis
功能描述
Automatically detects personnel in target areas based on computer vision. Supports real-time video stream detection and is suitable for monitoring personnel...
安全使用建议
Key things to consider before installing:
- Contradictory behavior: SKILL.md forbids reading local memory, but the code reads/writes local config and a SQLite DB and may save uploaded attachments. Ask the author to explain why local persistence is needed and whether the 'no local memory' rule is enforced by runtime checks.
- Data exfiltration is expected but important: local video files are uploaded (multipart/form-data) to external APIs, or remote URLs are fetched by the API service. Check and approve the exact API endpoints in skills/smyx_common/scripts/config.yaml (the repo includes base URLs pointing to lifeemergence domains and dev/test hosts). If you need privacy, do not upload sensitive footage until you verify the service and agreements.
- Hidden env/config dependencies: the skill does not declare required env vars, yet it reads OPENCLAW_SENDER_OPEN_ID, OPENCLAW_WORKSPACE, and may rely on API keys in config YAML. Ensure no sensitive credentials are present on your environment or in workspace config.yaml before use.
- Broad codebase: the repo contains many unrelated components (pet/health/face-analysis artifacts and a large common library). This increases the attack surface and makes auditing harder. If you only need basic local human-detection, ask for a minimal implementation or sanitize the code.
- Practical steps: review skills/smyx_common/scripts/config.yaml and config-dev/test files to confirm endpoints; inspect skills/smyx_common/scripts/util.py (RequestUtil and CommonUtil) to see exactly how HTTP requests are made and what headers/credentials are sent; test in an isolated environment with no sensitive credentials and with dummy videos; and request source/homepage/maintainer info since the skill's source is 'unknown'.
If you cannot verify endpoints and the code paths that persist data, treat this skill as untrusted for sensitive video or credentials.
功能分析
Type: OpenClaw Skill
Name: smyx-human-detection-analysis
Version: 1.0.0
The skill bundle exhibits high-risk behaviors including the use of `subprocess.run` to execute the `openclaw` agent CLI (in `skills/smyx_common/scripts/skill.py`) and automated remote registration/login logic that sends environment variables (like `OPENCLAW_SENDER_OPEN_ID`) to external endpoints (`lifeemergence.com`). Additionally, `SKILL.md` contains aggressive 'Mandatory Memory Rules' designed to override the AI agent's default behavior, forcing it to ignore local memory files and LanceDB in favor of the developer's cloud API. The bundle also includes unrelated sensitive modules for 'TCM Face/Health Analysis', suggesting over-privilege or poor scoping.
能力标签
能力评估
Purpose & Capability
The skill claims to perform regional human-detection by calling a cloud API — the code implements API calls and video upload paths, which is consistent. However, the repository also contains large, generic modules for face/health/pet analysis and a heavy common library (smyx_common) reused across multiple domains. Those extra artifacts suggest code reuse rather than a minimal human-detection implementation and add surface area that is not explained in the description.
Instruction Scope
SKILL.md explicitly forbids reading local ‘memory’ and LanceDB and requires all historical queries come from the cloud, yet the codebase reads config files under skills/smyx_common/scripts/, reads/writes a local SQLite DB (skills/smyx_common/scripts/dao.py creates/uses a DB under the workspace/data path), and may save attachments locally. This is an internal contradiction: the runtime instructions prohibit local state access while the code clearly performs local file and DB I/O and reads config YAML files. The skill also transmits video files or URLs to external APIs (multipart upload or letting the API download the URL), which is expected for a cloud-based analysis but should be explicit to users.
Install Mechanism
There is no install spec (instruction-only installation), which lowers supply-chain risk from arbitrary downloads. However, the repository includes requirements.txt files and a large dependency list in smyx_common that suggest runtime expectations; the package may fail or behave unexpectedly without those dependencies. No external archives/URLs are downloaded by an installer, but runtime network calls to configured endpoints are present.
Credentials
Declared requirements list no environment variables or credentials, but the code reads environment variables and local config files: ConstantEnum.init checks OPENCLAW_SENDER_OPEN_ID, OPENCLAW_SENDER_USERNAME, FEISHU_OPEN_ID and the DAO uses OPENCLAW_WORKSPACE to locate data. The SKILL.md also enforces an 'open-id' retrieval flow from local config files under the skill or workspace. This mismatch (no declared required env, yet code depends on env/config and may use API keys in config.yaml) is incoherent and risks hidden dependence on sensitive values stored in environment or local config files.
Persistence & Privilege
The code creates/uses a local SQLite DB and writes data under the workspace/data directory (dao.py), and SKILL.md instructs auto-saving uploaded attachments to the skill directory (attachments). Although always:false (not force-installed), the skill nonetheless persists data locally and may modify workspace files. This contradicts the SKILL.md prohibition on using local memories and demonstrates the skill gains persistent local state and filesystem write privileges.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install smyx-human-detection-analysis - 安装完成后,直接呼叫该 Skill 的名称或使用
/smyx-human-detection-analysis触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of human-detection-analysis skill.
- Provides automated real-time personnel detection in designated areas via computer vision.
- Supports video stream input, entry/exit monitoring, loitering/intrusion alerts, and personnel counting.
- Enforces strict security and data sourcing rules: all historical report queries must come from cloud APIs; local memory is forbidden.
- Requires user open-id retrieval through prioritized config files or explicit user input before running any detection.
- Outputs structured analysis reports and supports Markdown table format for historical report listings with direct links to results.
元数据
常见问题
Regional Humanoid Detection Skill | 区域人形检测技能 是什么?
Automatically detects personnel in target areas based on computer vision. Supports real-time video stream detection and is suitable for monitoring personnel... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 76 次。
如何安装 Regional Humanoid Detection Skill | 区域人形检测技能?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install smyx-human-detection-analysis」即可一键安装,无需额外配置。
Regional Humanoid Detection Skill | 区域人形检测技能 是免费的吗?
是的,Regional Humanoid Detection Skill | 区域人形检测技能 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Regional Humanoid Detection Skill | 区域人形检测技能 支持哪些平台?
Regional Humanoid Detection Skill | 区域人形检测技能 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Regional Humanoid Detection Skill | 区域人形检测技能?
由 smyx-sunjinhui(@smyx-sunjinhui)开发并维护,当前版本 v1.0.0。
推荐 Skills