← 返回 Skills 市场
Outdoor Sports Event Risk Analysis Tool | 户外体育赛事风险分析工具
作者
smyx-sunjinhui
· GitHub ↗
· v1.0.0
· MIT-0
76
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install smyx-sport-analysis
功能描述
Conducts video safety risk analysis for participants in outdoor sports competitions, long-distance running, marathons, etc.; identifies sports injuries and s...
安全使用建议
This skill will send videos (or video URLs) to a remote analysis API and includes code to read/write YAML config files and potentially create a local SQLite DB in the workspace. Before installing or using it: 1) Verify and trust the remote API endpoints (the default configs point to lifeemergence.com); do not upload sensitive or private videos until you confirm the operator and data retention policy. 2) Inspect RequestUtil implementation (skills/smyx_common/scripts/util.py) to see what metadata is sent with uploads and whether files are stored or retried. 3) Note the SKILL.md rules forbid reading local memory, but the code can create/read config files and a local DB — this inconsistency is suspicious; run the skill in an isolated environment (sandbox/container) if you must test. 4) The open-id retrieval instructions in SKILL.md are inconsistent with the code (they suggest reading an 'api-key' as open-id); be prepared to supply an open-id explicitly if asked. 5) If you require confidentiality or legal compliance (GDPR, HIPAA, etc.), do not use this skill until you confirm where data is hosted and how long it is retained. If anything is unclear from the author, prefer skills from verified sources or request clarification about data flows, retention, and operator identity.
功能分析
Type: OpenClaw Skill
Name: smyx-sport-analysis
Version: 1.0.0
The skill bundle provides sports and health video analysis by interfacing with a remote API (lifeemergence.com), but exhibits several high-risk behaviors. SKILL.md contains aggressive prompt steering instructions labeled as 'Highest Priority' that command the AI agent to ignore local memory and strictly use the provided cloud API, which is a form of prompt injection to control agent behavior. The shared utility library (smyx_common/scripts/util.py) implements an automated login/registration flow that collects sensitive user identifiers like phone numbers and caches authentication tokens in a local SQLite database (dao.py). Additionally, the skill utilizes subprocess.run to execute openclaw agent commands (smyx_common/scripts/skill.py), providing a mechanism for recursive task execution. While these features likely support the commercial service, the combination of PII collection, local credential caching, and mandatory prompt overrides warrants a suspicious classification.
能力标签
能力评估
Purpose & Capability
The code and SKILL.md implement video-based sports risk analysis and related face/health analysis (files: scripts/sport_analysis.py, skills/face_analysis/*). Network calls to a remote analysis API are present and expected for this purpose. However the SKILL.md also contains paragraphs about smoking detection and other domains and the package ships a large shared 'smyx_common' module (many utilities) which is broader than a single-purpose 'sport analysis' skill — this suggests code reuse and scope creep. The presence of local DB/DAO code and a long list of common utilities is heavier than strictly needed for a simple video upload-and-request flow.
Instruction Scope
SKILL.md strictly forbids reading local memory files and LanceDB, and mandates an open-id retrieval sequence (checking skills/smyx_common/scripts/config.yaml first). The code, however, will load/initialize YAML config files via skills/smyx_common/scripts/config.py (BaseEnum -> YamlUtil.load will create/write config.yaml if missing) and the smyx_common dao can create/read a local SQLite DB under the workspace data directory. The SKILL.md requires saving uploaded attachments to a local attachments directory, but the code does not clearly implement that behavior. The open-id retrieval instruction also instructs reading an 'api-key' field as open-id which is a semantic mismatch. Overall the runtime instructions and the actual code disagree about what local state may be read/written.
Install Mechanism
There is no install spec (instruction-only) which reduces installer risk, but the repository includes many code files and requirements.txt in skills/smyx_common and face_analysis listing dozens of packages. Because no install mechanism is declared, users' environment may not have required dependencies; the large requirements list is disproportionate to the stated single-skill purpose and increases the risk if someone manually installs them. No external download URLs or installers were found.
Credentials
Registry metadata lists no required env vars, but the code reads environment variables in ConstantEnum.init (OPENCLAW_SENDER_OPEN_ID, OPENCLAW_SENDER_USERNAME, FEISHU_OPEN_ID) to set CURRENT__OPEN_ID. The SKILL.md enforces open-id retrieval in a specific order (config files -> workspace config -> user prompt) and forbids auto-generating open-id, but the code will accept an open-id from environment or command-line. The skill will (by design) transmit uploaded videos or video URLs to remote API endpoints (ApiEnum BASE_URL_* configured in skills/smyx_common/scripts/config.yaml). There is no declared primary credential but config.yaml contains base URLs and placeholders for api-key; videos and potentially PII could be sent to an external domain (lifeemergence.com in shipped configs) without clear, explicit authentication — this is a proportionality and privacy concern.
Persistence & Privilege
always:false (good). However the package contains code that will create and write config YAML files (YamlUtil.load creates files if absent) and smyx_common.dao will create a local SQLite DB under the workspace data directory. SKILL.md explicitly forbids reading local memory files, but the code may create/read workspace-local files and a DB. The skill does not request elevated agent privileges in metadata, but its ability to write to the workspace and persist data is non-trivial and contradicts the stated prohibition on local-memory access.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install smyx-sport-analysis - 安装完成后,直接呼叫该 Skill 的名称或使用
/smyx-sport-analysis触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of the outdoor sports event risk analysis skill.
- Provides real-time video-based safety risk analysis for outdoor sports events, including marathons.
- Automatically identifies sports injuries and sudden health risks, outputs structured analysis reports, and triggers timely alerts.
- Integrates with wearables for comprehensive evaluation (e.g., adds heart rate data when available).
- Enforces strict memory and reporting rules: all historical report queries must use the cloud API; local or long-term memory use is strictly prohibited.
- Includes detailed multi-dimensional risk assessment (injury, discomfort, posture, environment) and emergency response suggestions.
- Requires open-id authentication via a priority-controlled process before any analysis is performed.
元数据
常见问题
Outdoor Sports Event Risk Analysis Tool | 户外体育赛事风险分析工具 是什么?
Conducts video safety risk analysis for participants in outdoor sports competitions, long-distance running, marathons, etc.; identifies sports injuries and s... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 76 次。
如何安装 Outdoor Sports Event Risk Analysis Tool | 户外体育赛事风险分析工具?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install smyx-sport-analysis」即可一键安装,无需额外配置。
Outdoor Sports Event Risk Analysis Tool | 户外体育赛事风险分析工具 是免费的吗?
是的,Outdoor Sports Event Risk Analysis Tool | 户外体育赛事风险分析工具 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Outdoor Sports Event Risk Analysis Tool | 户外体育赛事风险分析工具 支持哪些平台?
Outdoor Sports Event Risk Analysis Tool | 户外体育赛事风险分析工具 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Outdoor Sports Event Risk Analysis Tool | 户外体育赛事风险分析工具?
由 smyx-sunjinhui(@smyx-sunjinhui)开发并维护,当前版本 v1.0.0。
推荐 Skills