← 返回 Skills 市场
Pet Behavior Recognition Skill | 宠物行为识别技能
作者
smyx-skills
· GitHub ↗
· v1.0.0
· MIT-0
68
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install smyx-pet-behavior-detection-analysis
功能描述
Identifies common abnormal pet behaviors such as scratching, biting, destructive chewing, jumping, digging, chasing, and separation anxiety, helping owners u...
安全使用建议
Key things to check before installing/using:
- Data exfiltration risk: This skill uploads video files (or instructs the remote API to download a provided URL) to external servers (config shows lifeemergence/open API hosts). If videos contain sensitive content, presume they will leave your machine.
- Local persistence mismatch: Despite SKILL.md forbidding reading local memory, the code includes a local SQLite DAO that will create/use a DB under the workspace data directory and will load/save YAML config files. If you cannot tolerate local storage of metadata or tokens, do not install/run this skill.
- Environment variables: The skill reads environment variables (OPENCLAW_SENDER_OPEN_ID, OPENCLAW_SENDER_USERNAME, OPENCLAW_WORKSPACE, FEISHU_OPEN_ID) even though SKILL.md declares none required. If those env vars exist they may be used automatically as the 'open-id' or to determine storage locations. Audit or clear them if needed.
- Network behavior: Review skills/smyx_common/scripts/util.py (RequestUtil and related functions) to confirm exactly what headers/fields are sent to remote APIs and whether open-id or any tokens are included in requests. The SKILL.md depends on the remote service for history queries and report exports; verify the endpoints and ownership.
- Provenance and trust: The skill source is 'unknown' and no homepage is provided. Consider running it in an isolated environment (sandbox or VM) first, examine network traffic (e.g., with a proxy), and inspect util.RequestUtil to see the exact API URLs and payloads before using with real videos or credentials.
- If you proceed: avoid providing highly sensitive open-ids/phone numbers unless you trust the remote service; prefer using a throwaway/test open-id and test with non-sensitive videos. If you need a guarantee about local-memory access (as SKILL.md claims), request the author to remove local DB usage or to document and opt-in to local persistence explicitly.
If you want, I can scan the util.py (RequestUtil) and the remainder of files for the exact HTTP request construction and any hidden endpoints or fields used in uploads — that would raise confidence and let me tell you exactly what metadata is transmitted.
功能分析
Type: OpenClaw Skill
Name: smyx-pet-behavior-detection-analysis
Version: 1.0.0
The skill bundle exhibits several high-risk patterns, including aggressive prompt instructions in SKILL.md that command the AI to ignore local memory/logs and exclusively use remote cloud APIs. It contains a significant amount of unrelated code (a complete 'face_analysis' skill nested within the pet skill), suggesting poor supply chain hygiene. Technically, the bundle implements an automated remote registration/login system in 'smyx_common/scripts/util.py' and 'dao.py' that collects user identifiers (like phone numbers) to fetch and store session tokens in a local SQLite database. Additionally, 'smyx_common/scripts/skill.py' contains logic to execute recursive agent commands via subprocess.run, which could be leveraged for complex prompt injection attacks. Remote communication is directed to lifeemergence.com.
能力标签
能力评估
Purpose & Capability
The name/description (pet behavior recognition via server-side APIs) aligns with the code: scripts call remote analysis endpoints and accept local file or URL inputs. The included config points to plausible API hosts (lifeemergence/open API URLs). Having helper modules for face-analysis and shared utilities is coherent with the product family (health/analysis pipelines).
Instruction Scope
SKILL.md imposes strict runtime rules (absolute prohibition on reading local memory files and LanceDB, mandates open-id retrieval from specific config paths or direct user input). However, the codebase does read config files, loads YAML config under skills/smyx_common, and the DAO module creates/uses a local SQLite DB under workspace/data. That contradicts the SKILL.md 'absolute prohibition' on reading local memory. SKILL.md also says uploaded attachments will be saved to an attachments directory, but I could not find clear code that implements that exact behavior. The runtime instructions also require running local scripts (python -m scripts.pet_behavior_detection_analysis) which will read config, environment, and may persist data locally.
Install Mechanism
There is no install spec (instruction-only install), which reduces installer-level risk. However, multiple requirements.txt files (especially skills/smyx_common/requirements.txt) list a very large dependency set; although these are not auto-installed by a declared installer, they indicate the code expects a heavy runtime environment. No remote archive downloads were declared.
Credentials
The skill declares no required env vars, yet code reads environment variables (OPENCLAW_SENDER_OPEN_ID, OPENCLAW_SENDER_USERNAME, FEISHU_OPEN_ID, OPENCLAW_WORKSPACE) and may use them to set CURRENT__OPEN_ID or determine paths. SKILL.md's open-id acquisition flow does not mention environment variables as an allowed source, so there is a mismatch between declared requirements and actual env usage. The skill also expects (or can accept) an api-key/api-url for the remote service; sending video (potentially sensitive) and metadata to external endpoints is inherent to the feature and must be considered by users.
Persistence & Privilege
The code includes a local DAO that creates/uses an SQLite DB under a workspace data directory and will create config YAML files if missing. This means the skill writes persistent files on disk (workspace/data/*.db, generated config.yaml). That behavior conflicts with the SKILL.md 'absolute prohibition' on reading local memory files (it forbids reading memory, but the package persists local DB/config). 'always: false' and normal autonomous invocation are fine, but the local persistence and potential storage of user/open_id/token fields increase its blast radius if misused.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install smyx-pet-behavior-detection-analysis - 安装完成后,直接呼叫该 Skill 的名称或使用
/smyx-pet-behavior-detection-analysis触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of the "pet-behavior-detection-analysis" skill for analyzing and detecting common pet behaviors through uploaded or online video files.
- Supports identification of both normal and problematic pet behaviors such as scratching, biting, destructive chewing, jumping, digging, chasing, and separation anxiety.
- Analysis covers multiple pet species, utilizing deep learning and veterinary databases to generate detailed health and behavior reports.
- Strict data sourcing rules: all history data must be retrieved from the cloud API; local memory files and long-term memory are strictly prohibited.
- Enforces stepwise open-id retrieval and does not permit analysis execution without a valid open-id.
- Outputs results as structured analysis reports, with historical report listings provided in Markdown table format including direct links to report images.
元数据
常见问题
Pet Behavior Recognition Skill | 宠物行为识别技能 是什么?
Identifies common abnormal pet behaviors such as scratching, biting, destructive chewing, jumping, digging, chasing, and separation anxiety, helping owners u... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 68 次。
如何安装 Pet Behavior Recognition Skill | 宠物行为识别技能?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install smyx-pet-behavior-detection-analysis」即可一键安装,无需额外配置。
Pet Behavior Recognition Skill | 宠物行为识别技能 是免费的吗?
是的,Pet Behavior Recognition Skill | 宠物行为识别技能 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Pet Behavior Recognition Skill | 宠物行为识别技能 支持哪些平台?
Pet Behavior Recognition Skill | 宠物行为识别技能 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Pet Behavior Recognition Skill | 宠物行为识别技能?
由 smyx-skills(@18072937735)开发并维护,当前版本 v1.0.0。
推荐 Skills